Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Movavi Slideshow Maker 4.exe

Overview

General Information

Sample name:Movavi Slideshow Maker 4.exe
Analysis ID:1541910
MD5:0cd8f9edc5183f8729598f19cf2da06b
SHA1:300049e800fe66c3ea872abf9ac9599b351ba9a6
SHA256:9a6d2d6ca21a6b83a31aa5a5f855d653d66096ffe0b25dcdf04f4943e3d3892d
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Hides threads from debuggers
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Movavi Slideshow Maker 4.exe (PID: 6820 cmdline: "C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe" MD5: 0CD8F9EDC5183F8729598F19CF2DA06B)
    • SlideshowMaker.exe (PID: 404 cmdline: "C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8 MD5: 46938D51A127BCF45160C5D857F5DB37)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: SlideshowMaker.exe, 00000001.00000003.1804727013.0000000000F38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_fcd977cc-d
Source: Movavi Slideshow Maker 4.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 172.67.75.65:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreApp.pdb**! source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ParserFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ComputingResourceManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditingScene.pdb)) source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Policies.pdb""! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\BeatDetection.pdb source: SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CodecPolicyController.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807296039.0000000003B09000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PatentActivator.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OverlayEngine.pdb'' source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTime.pdb source: SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831966818.0000000003D7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810582792.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844730403.0000000003D91000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806284873.0000000003D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtDownloadManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviAudIO.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Settings.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1804916505.00000000012F3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AccelerationTracker.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DesktopNotification.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreApp.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorSerialization.pdb source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\SDK\glog\0.3.4\lib\Win\msvc-14.0\x86\libglog-msvc-14.pdb source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerControl.pdb## source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Settings.pdb source: SlideshowMaker.exe, 00000001.00000003.1804916505.00000000012F3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdbGCTL source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsSvg.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorTransitions.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUtil.pdb source: SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Presets.pdb source: SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AudioRendererSDL.pdb$$! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\SDK\glog\0.3.4\lib\Win\msvc-14.0\x86\libglog-msvc-14.pdb"" source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OpenglSwitcherAPI.pdb## source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp140.i386.pdb source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorTransitions.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ASSWrapper.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviIO.pdb66 source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtDownloadManager.pdb$$ source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EffectsSpecial.pdb source: SlideshowMaker.exe, 00000001.00000003.1847452500.000000000155E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848838300.0000000001598000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851518505.00000000015A7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\VmX.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1705294826.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2954049887.000000001003C000.00000002.10000000.00040000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.00000000006BB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1742216462.0000000001558000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1742834920.000000000155C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\StubExe.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2948401633.0000000000401000.00000020.00000001.01000000.00000003.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x64\StubExe.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorEffects.pdb source: SlideshowMaker.exe, 00000001.00000003.1849072895.000000000604D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DataHelpers.pdb source: SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004687000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ResourceUtil.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsSvg.pdb## source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUi.pdb source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EffectFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviAudIO.pdb33" source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUi.pdb source: SlideshowMaker.exe, 00000001.00000003.1846910089.0000000005DAA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CodecFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\BeatDetection.pdb&&" source: SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTime.pdb source: SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831966818.0000000003D7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810582792.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844730403.0000000003D91000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806284873.0000000003D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerControl.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OpenglSwitcherAPI.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ComputingResourceManager.pdb"" source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsFramework.pdb source: SlideshowMaker.exe, 00000001.00000003.1847452500.000000000155E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848838300.0000000001598000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp140.i386.pdbGCTL source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CrashHandler.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\NagScreen.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\UpdateChecker.pdb source: SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AccelerationTracker.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PatentActivator.pdb$$ source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorSerialization.pdb&& source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstaller.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerEngine.pdb)) source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUtil.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: concrt140.i386.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OglManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreLocalization.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\Vm.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DesktopNotification.pdb%% source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorImports.pdb source: SlideshowMaker.exe, 00000001.00000003.1858645130.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MediaTypes.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsDecoration.pdb++ source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MuxerFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830767493.0000000003CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsFramework.pdb%% source: SlideshowMaker.exe, 00000001.00000003.1847452500.000000000155E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848838300.0000000001598000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OverlayEngine.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ProcInt.pdb@@! source: SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: concrt140.i386.pdbGCTL source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorEffects.pdb((" source: SlideshowMaker.exe, 00000001.00000003.1849072895.000000000604D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUi.pdb"" source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OglManager.pdb88! source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Converters.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerEngine.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AppUtil.pdb00 source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FFWrapper.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831122946.0000000003D18000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830767493.0000000003CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorOverlays.pdb source: SlideshowMaker.exe, 00000001.00000003.1858645130.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FilterFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstaller.pdb,, source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CrashSenderWrapper.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831022848.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Tracker.pdb source: SlideshowMaker.exe, 00000001.00000003.1801066920.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditingScene.pdb source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Policies.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SDLManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845946358.0000000003DA8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831966818.0000000003D7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810582792.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844730403.0000000003D91000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806284873.0000000003D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Demuxers.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MagnetizeTools.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreLocalization.pdb source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Threading.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsDecoration.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTracker.pdb source: SlideshowMaker.exe, 00000001.00000003.1801066920.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\VideoRendererOGLQt.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\WebBrowser.pdb33' source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUtil.pdbKK! source: SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ProcInt.pdb source: SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\StreamReader.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\NagScreen.pdb,, source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\TrackerFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1800889302.0000000000995000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GeneralMovaviTrackerWrapper.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Threading.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AudioRendererSDL.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUi.pdbHH source: SlideshowMaker.exe, 00000001.00000003.1846910089.0000000005DAA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Converters.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstallerModule.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\WebBrowser.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PubSub.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ASSWrapper.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\VideoRendererOGLQt.pdb## source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdb source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviIO.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MediaTypes.pdb&& source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GeneralMovaviTrackerWrapper.pdb## source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PubSub.pdb source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Presets.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FFWrapper.pdb,,! source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831122946.0000000003D18000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830767493.0000000003CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MagnetizeTools.pdb%% source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AppUtil.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\UpdateChecker.pdb&& source: SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\CACHE\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\Jump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: a795593605a13211941d44505b4d1e39
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_start&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32711&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/v1/codec/all/?akey=&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771 HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0Host: codec-activate.movavi.com
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=major_update&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=capture_screencast&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/style.css HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/btn_close_it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/btn_buy_it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_start&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32711&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/v1/codec/all/?akey=&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771 HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzip, deflateAccept-Language: en-CH,*User-Agent: Mozilla/5.0Host: codec-activate.movavi.com
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=major_update&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=capture_screencast&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key= HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mip2.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/style.css HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/btn_close_it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /webnagscreens/crossale_suite/btn_buy_it.png HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: img.movavi.comConnection: Keep-Alive
Source: SlideshowMaker.exe, 00000001.00000003.1804727013.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: d04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/youtube.upload https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/userinfo.profile equals www.youtube.com (Youtube)
Source: SlideshowMaker.exe, 00000001.00000003.1864513012.000000000098D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/upload/youtube/v3/videos?uploadType=resumable&part=%1L3TXzVp equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: start.turbo.net
Source: global trafficDNS traffic detected: DNS query: mip2.movavi.com
Source: global trafficDNS traffic detected: DNS query: codec-activate.movavi.com
Source: global trafficDNS traffic detected: DNS query: img.movavi.com
Source: unknownHTTP traffic detected: POST /services/1.0/activity/vm-18.4.1281.0/run HTTP/1.1Spoon-ConfigId: 9D0F48FB-5A85-4D60-82CD-6B9F784D932BSpoon-ConfigDigest: dd217e68ba4377edc484768b4f73528bSpoon-BuildId: CFFB171A-E983-4234-BD47-C5170F552F60Spoon-MacDigest: C3F43D71F2ADABCC8BFCAAC51BBDEC9C71A3BF08Spoon-DeviceIp: 192.168.2.4Spoon-TrialProduct: TrueSpoon-StartupFile: @APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exeUser-Agent: SpoonVm/1.0Host: start.turbo.netContent-Length: 0Cache-Control: no-cache
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:04:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privateX-Error-Ex: Not found nagscreens from DBX-XSS-Protection: 0X-Frame-Options: SAMEORIGINReferrer-Policy: strict-origin-when-cross-origin
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:04:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privateX-Error-Ex: Not found nagscreens from DBX-XSS-Protection: 0X-Frame-Options: SAMEORIGINReferrer-Policy: strict-origin-when-cross-origin
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 25 Oct 2024 08:04:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cache, privateX-Error-Ex: Not found nagscreens from DBX-XSS-Protection: 0X-Frame-Options: SAMEORIGINReferrer-Policy: strict-origin-when-cross-origin
Source: SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://activate.movavi.com/activate3.php?pname=-APP_NAME-&hwid=-HARDWAREID-&akey=-APP_KEY-&version=-
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://activate.movavi.com/activateapple.php?pname=-APP_NAME-&hwid=-HARDWAREID-&akey=-APP_KEY-&versi
Source: SlideshowMaker.exe, 00000001.00000003.1804727013.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: SlideshowMaker.exe, 00000001.00000003.1804727013.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugreports.qt.io/finishedServerMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogic
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codec-activate.movavi.com/api/v1/codec/activate/?akey=-LICENSE_KEY-&huid=-HASH_USER_ID-&codec
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://codec-activate.movavi.com/api/v1/codec/all/?akey=-LICENSE_KEY-&huid=-HASH_USER_ID-
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1705001688.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000BB2000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1705001688.00000000006DA000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1742216462.0000000001558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1705001688.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000BB2000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1705001688.00000000006DA000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1742216462.0000000001558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.movavi.com/dl/support/DevicesList
Source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.movavi.com/dl/support/DevicesListOglManager::GetOglVersion()
Source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.movavi.com/dl/support/opengl32software.zip
Source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://files.movavi.com/dl/support/opengl32software.zipOpenglSwitcher.exedll.dllDownloading
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.movavi.com/changelog/slideshowcreator/-LANG-/changelog
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.movavi.com/changelog/slideshowcreator/-LANG-/changelogrl0
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.movavi.com/changelog/slideshowcreator/-LANG-/pkginfo
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.mo
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.mova
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.moval
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.co
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/?asrc=menu&-TAIL_WITH_ARGS-TH_ARGS-0
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/?asrc=menu&-TAIL_WITH_ARGS-avi.com/support/activating_packages/?asrc=package
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/?asrc=menuabout&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/?asrc=menuabout&-TAIL_WITH_ARGS-RGS--P
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/?asrc=socialtab&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/?asrc=socialtab&-TAIL_WITH_ARGS-RGS-;
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/audioblocks/?asrc=other_i
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/audioblocks/?asrc=other_import&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/audioblocks/?asrc=other_import&-TAIL_WITH_ARGS-PSM
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buy-suitefromslideshow/?asrc=crossnag_sc_vs&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?as
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=activationwizard&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=activationwizard&-TAIL_WITH_ARGS-antec.comr
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=firststart&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=firststart&-TAIL_WITH_ARGS-ROFILE=
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=menu&-TAIL_WITH_ARGS-=
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=nagexport&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=nagtrial&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=nagtrialend&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=nagtrialend&-TAIL_WITH_ARGS-0
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=nagtrialstart&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=nagtrialstartconversion&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=newprojectdialog&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=newprojectdialog&-TAIL_WITH_ARGS-es=1
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=se&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=se&-TAIL_WITH_ARGS-_ARGS-s
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=webnagtrial&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=webnagtrial&-TAIL_WITH_ARGS-Root=C:
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/buynow/?asrc=webnagtrial&-TAIL_WITH_ARGS-ones
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/dlc/?asrc=&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/download/?asrc=checkupdatest&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/download/?asrc=checkupdatest&-TAIL_WITH_ARGS-E_URL=http&X7
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/drivers-update/?asrc=other&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/drivers-update/?asrc=other&-TAIL_WITH_ARGS-gs&-TAIL_WIT
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/facebook/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/facebook/?asrc=socialtab&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/faq/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/faq/?asrc=menu&-TAIL_WITH_ARGS-x4
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/forum/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/forum/?asrc=menu&-TAIL_WITH_ARGS-RGS-5T
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/forum/?asrc=socialtab&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/forum/?asrc=socialtab&-TAIL_WITH_ARGS-6O
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/googleplus/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/googleplus/?asrc=socialtab&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/googleplus/?asrc=socialtab&-TAIL_WITH_ARGS-ocialtab&-T
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/gr
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/grD_
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/graphicstock/?asrc=other_import&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/graphicstock/?asrc=other_import&-TAIL_WITH_ARGS-owe
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/help/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/help/?asrc=menu&-TAIL_WITH_ARGS-RGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/help/?asrc=newprojectdialog&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/help/?asrc=newprojectdialog&-TAIL_WITH_ARGS-_ARGS-Po
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/help_wizard/?asrc=newprojectdialog&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/help_wizard/?asrc=newprojectdialog&-TAIL_WITH_ARGS-=C
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/instagram/
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/instagram/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/instagram/?asrc=menu&-TAIL_WITH_ARGS-o
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/instagram/?asrc=socialtab&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/instagram/?asrc=socialtab&-TAIL_WITH_ARGS-cSESS
Source: SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/intel/?asrc=settings&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/l
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?as
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=menu&-TAIL_WITH_ARGS-8a8Y
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagexport&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagexport&-TAIL_WITH_ARGS-ITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagexport&-TAIL_WITH_ARGS-_ARGS-86)
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagtrial&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagtrial&-TAIL_WITH_ARGS-TAIL_WITH_ARGSuZ
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagtrialend&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagtrialend&-TAIL_WITH_ARGS-tab&-TAIL_W
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagtrialstart&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagtrialstart&-TAIL_WITH_ARGS--LANG--AMP
Source: SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagtrialstart&-TAIL_WITH_ARGS-on&-TAIL_WITH_ARGS-nh
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=nagtrialstartconversion&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=other&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=other&-TAIL_WITH_ARGS--K
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=other&-TAIL_WITH_ARGS-entzres.dll.mui
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=webnagtri
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=webnagtri4
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=webnagtrial&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=webnagtrial&-TAIL_WITH_ARGS-RGS-gwz
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/livechat/?asrc=webnagtrial&-TAIL_WITH_ARGS-d=%2&activatk
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/nvidia/?asrc=settings&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/nvidia/?asrc=settings&-TAIL_WITH_ARGS-0
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/odnok
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/odnoklassniki/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/odnoklassniki/?asrc=menu&-TAIL_WITH_ARGS-RGS-
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/odnoklassniki/?asrc=socialtab&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/odnoklassniki/?asrc=socialtab&-TAIL_WITH_ARGS-W
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/offer-get-more/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/offer-get-more/?asrc=menu&-TAIL_WITH_ARGS-empUS
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/activating_packages/?asrc=packageinstallationwizard&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/activation_offline/?asrc=activationwizard&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/activation_online/?asrc=activationwizard&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/activation_online/?asrc=activationwizard&-TAIL_WITH_ARGS-GS-A
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/contact/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/support/contact/?asrc=menu&-TAIL_WITH_ARGS-S-
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/thank_you_for_install/?app=-APP_NAM
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/thank_you_for_install/?app=-APP_NAME--AMP-module=-MODULE_NAME--AMP-versi
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/thank_you_for_install/?app=-APP_NAME--AMP-module=-MODULE_NAME--AMP-version=-
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/thank_you_for_install/?app=-APP_NAME--AMP-version=-APP_VERSION--AMP-isTrial=
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/upgrade--LICENSE_KEY-/?asrc=checkupdatest&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/upgrade--LICENSE_KEY-/?asrc=checkupdatest&-TAIL_WITH_ARGS-ARGS-GS-er
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoblocks/?asrc=other_import&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoblocks/?asrc=other_import&-TAIL_WITH_ARGS--0j
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoblocks/?asrc=other_import&-TAIL_WITH_ARGS-er
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=callouts_store&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=callouts_store&-TAIL_WITH_ARGS-sym
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=filters_store&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=filters_store&-TAIL_WITH_ARGS-ER
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=stickers_store&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=stickers_store&-TAIL_WITH_ARGS-s
Source: SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=titles_store&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=titles_store&-TAIL_WITH_ARGS-ITH_ARGS-ITH
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/videoeditordlc/?asrc=transitions_store&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/vkontakte/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/vkontakte/?asrc=socialtab&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/youtube/?asrc=menu&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/youtube/?asrc=menu&-TAIL_WITH_ARGS-?2N2j
Source: SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/youtube/?asrc=socialtab&-TAIL_WITH_ARGS-
Source: SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/youtube/?asrc=socialtab&-TAIL_WITH_ARGS--WITH_ARGS--
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/youtube/?asrc=socialtab&-TAIL_WITH_ARGS--WITH_ARGS-z
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com/youtube/?asrc=socialtab&-TAIL_WITH_ARGS--ialtab&-TAILU
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://links.movavi.com4
Source: SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831966818.0000000003D7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810582792.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806284873.0000000003D70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mingw-w64.sourceforge.net/X
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1705001688.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000BB2000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1705001688.00000000006DA000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1742216462.0000000001558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
Source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
Source: SlideshowMaker.exe, 00000001.00000003.1852726832.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858754735.0000000003D9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rh.symcb.c
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2948220868.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852726832.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845946358.0000000003DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rh.symcb.com/rh.crl0
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2948220868.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845946358.0000000003DA8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rh.symcb.com/rh.crt0
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2948220868.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852726832.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845946358.0000000003DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rh.symcd.com0&
Source: SlideshowMaker.exe, 00000001.00000003.1851518505.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.s
Source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-O$m
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2948220868.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864513012.000000000098D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com0
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2948220868.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864513012.000000000098D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
Source: SlideshowMaker.exe, 00000001.00000003.1864283453.0000000000584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: SlideshowMaker.exe, 00000001.00000003.1864283453.0000000000584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright
Source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.co3
Source: SlideshowMaker.exe, 00000001.00000003.1801066920.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com
Source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864513012.000000000098D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864405341.0000000003A14000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: SlideshowMaker.exe, 00000001.00000003.1801066920.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.comwfJ
Source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864513012.000000000098D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864405341.0000000003A14000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.comG
Source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864513012.000000000098D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864405341.0000000003A14000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.comr
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2949854026.00000000007C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://turbo.net/studio.
Source: SlideshowMaker.exe, 00000001.00000003.1804727013.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: SlideshowMaker.exe, 00000001.00000003.1804727013.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phreedom.org/md5)08:27
Source: SlideshowMaker.exe, 00000001.00000003.1864283453.0000000000584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tipo.net.arhttp://www.tipo.net.arThis
Source: SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll-/qiodevice_seek_file_func()
Source: SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll1.2.8
Source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltech
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.vimeo.com/%1_glewI
Source: SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.haxx.se/V
Source: SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.haxx.se/docs/copyright.htmlD
Source: SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SlideshowMaker.exe, 00000001.00000003.1847452500.000000000155E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848838300.0000000001598000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851518505.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.s
Source: SlideshowMaker.exe, 00000001.00000003.1847452500.000000000155E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848838300.0000000001598000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851518505.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.sy
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.sym
Source: SlideshowMaker.exe, 00000001.00000003.1852726832.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858754735.0000000003D9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2948220868.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864513012.000000000098D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864405341.0000000003A14000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: SlideshowMaker.exe, 00000001.00000003.1851997073.0000000003D8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2948220868.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1864513012.000000000098D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
Source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa06
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?authuser=%1
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2948220868.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852726832.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845946358.0000000003DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://movavi.com0/
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://start.turbo.net/
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2951475363.0000000002CDD000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2951898539.0000000002DC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/run
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2951898539.0000000002DC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/runio
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://start.turbo.net/x4
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.appdata
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.file
Source: SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/userinfo.profile
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/youtube
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/youtube.upload
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/drive/v3/%1
Source: SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo?alt=jsont
Source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/upload/drive/v3/files?uploadType=resumable8
Source: SlideshowMaker.exe, 00000001.00000003.1864513012.000000000098D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/upload/youtube/v3/videos?uploadType=resumable&part=%1L3TXzVp
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.movavi.com/photo-to-dvd-slideshow/?c=ssm4
Source: SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.movavi.ru/photo-to-dvd-slideshow/?c=ssm4
Source: SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.movavi.ru/photo-to-dvd-slideshow/?c=ssm49
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownHTTPS traffic detected: 172.67.75.65:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 84.16.252.107:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2952700959.0000000003570000.00000002.00000001.00040000.0000009B.sdmpBinary or memory string: System.OriginalFileName vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2953083712.00000000036F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSlideshowMaker.exeR vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStubExe.exeL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1706212885.0000000002CFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .System.OriginalFileName vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000000.1702639611.00000000004FA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSlideshowMaker.exe, vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1708062818.00000000034D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <propertyDescription name="System.OriginalFileName" formatID="{0CEF7D53-FA64-11D1-A203-0000F81FEDEE}" propID="6"> vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1705294826.00000000006E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameX.VirtualizationRuntime.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1711211617.0000000003745000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: System.OriginalFileName vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000EE9000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVm.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.00000000006BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameX.VirtualizationRuntime.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStubExe.exeL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVm.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2954165727.000000001005C000.00000002.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameX.VirtualizationRuntime.dllL vs Movavi Slideshow Maker 4.exe
Source: Movavi Slideshow Maker 4.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal72.evad.winEXE@3/485@4/3
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile created: C:\Users\user\Desktop\DataJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeMutant created: \Sessions\1\BaseNamedObjects\Global\__VMX_0x0042CC09
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeMutant created: \Sessions\1\BaseNamedObjects\Local\__VMX_0x0042CC09
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMutant created: \Sessions\1\BaseNamedObjects\Global\__VMX_0x0042DB0D
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMutant created: \Sessions\1\BaseNamedObjects\Local\__VMX_0x0042DB0D
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile created: C:\Users\user\AppData\Local\Temp\SPOON\Jump to behavior
Source: Movavi Slideshow Maker 4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe "C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe"
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess created: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe "C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess created: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe "C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8 Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: httpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: httpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: corelocalization.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coreint.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libglog-msvc-14.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_system-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_chrono-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_filesystem-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: confint.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_locale-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: trackerfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: tracker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coretracker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: openglswitcherapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5widgets.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5core.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5network.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: oglmanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: procint.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: settings.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_thread-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_date_time-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: glew32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5multimedia.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: movaviio.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtdownloadmanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libcurl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: quazip.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: patentactivator.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: codecpolicycontroller.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: application.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: desktopnotification.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coreapp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5quick.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5qml.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nagscreen.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: webbrowser.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: resourceutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: apputil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: crashhandler.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: crashsenderwrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: packageinstallermodule.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorlogic.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5xml.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5xmlpatterns.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: clientapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coremanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: codecfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: muxerfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: datahelpers.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ffwrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libgcc_s_dw2-1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libwinpthread-1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: swresample.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avcodec.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avformat.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avfilter.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: avresample.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libass.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: swscale.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: parserfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: policies.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filterfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectfactory.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: computingresourcemanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: threading.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: asswrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mediatypes.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: demuxers.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: presets.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: streamreader.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: converters.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coretime.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtmediautil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: playercontrol.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: playerengine.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_timer-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: audiorenderersdl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: sdlmanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: sdl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: videorendereroglqt.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: movaviaudio.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: exivmetadata.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: videoanalyzer.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: concrt140.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: generalmovavitrackerwrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: accelerationtracker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: cudamanager.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: beatdetection.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: pubsub.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorserialization.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editormodel.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtui.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5winextras.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mqtmediaui.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: graphicsframework.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editingscene.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: graphicsdecoration.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: magnetizetools.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editoreffects.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editortransitions.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: overlayengine.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: graphicssvg.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: qt5svg.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: packageinstaller.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editormodule.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsspecial.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: updatechecker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: socialprotocol.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorview.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editoroverlays.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: editorimports.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filmmaker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wintab32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: generalplugin.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libeay32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: movavitracker.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: boost_regex-vc140-mt-1_60.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsipp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effects.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: resize.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsogl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: effectsstock.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decodersff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encodersff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: databridge.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d9core.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d11core.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encoderlossless.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: bitstreamfilterff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decodercuda.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encodercuda.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nvapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nvcuda.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: nvencodeapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encodernvenc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decoderim.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encoderim.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: imcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libmfxhw32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libmfxhw32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libmfxhw32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: libmfxhw32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decodermf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfwrapper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: ksuser.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: comppkgsup.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windows.media.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msauddecmft.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmadmod.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmspdmod.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msamrnbdecoder.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfdvdec.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msmpeg2vdec.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfmjpegdec.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mp4sdecd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mpg4decd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mp43decd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmvsdecd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmvdecod.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfaacenc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmadmoe.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msac3enc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mfh264enc.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: wmvxencd.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: encodermf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: decoderraw.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: vcomp140.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filtersff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filters.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filtersogl.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: filtersspeex.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: muxers.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: parsersff.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: charsetrecode.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: parserraw.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: parsersmf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Movavi Slideshow Maker 4.exeStatic file information: File size 80474129 > 1048576
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreApp.pdb**! source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ParserFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ComputingResourceManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditingScene.pdb)) source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Policies.pdb""! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\BeatDetection.pdb source: SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CodecPolicyController.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807296039.0000000003B09000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PatentActivator.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OverlayEngine.pdb'' source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTime.pdb source: SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831966818.0000000003D7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810582792.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844730403.0000000003D91000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806284873.0000000003D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtDownloadManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviAudIO.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Settings.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1804916505.00000000012F3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AccelerationTracker.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DesktopNotification.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreApp.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorSerialization.pdb source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\SDK\glog\0.3.4\lib\Win\msvc-14.0\x86\libglog-msvc-14.pdb source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerControl.pdb## source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Settings.pdb source: SlideshowMaker.exe, 00000001.00000003.1804916505.00000000012F3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdbGCTL source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsSvg.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorTransitions.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUtil.pdb source: SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Presets.pdb source: SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AudioRendererSDL.pdb$$! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\SDK\glog\0.3.4\lib\Win\msvc-14.0\x86\libglog-msvc-14.pdb"" source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OpenglSwitcherAPI.pdb## source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp140.i386.pdb source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorTransitions.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ASSWrapper.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviIO.pdb66 source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtDownloadManager.pdb$$ source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EffectsSpecial.pdb source: SlideshowMaker.exe, 00000001.00000003.1847452500.000000000155E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848838300.0000000001598000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851518505.00000000015A7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\VmX.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1705294826.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2954049887.000000001003C000.00000002.10000000.00040000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.00000000006BB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1742216462.0000000001558000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1742834920.000000000155C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\StubExe.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2948401633.0000000000401000.00000020.00000001.01000000.00000003.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x64\StubExe.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorEffects.pdb source: SlideshowMaker.exe, 00000001.00000003.1849072895.000000000604D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DataHelpers.pdb source: SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004687000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ResourceUtil.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsSvg.pdb## source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUi.pdb source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EffectFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviAudIO.pdb33" source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUi.pdb source: SlideshowMaker.exe, 00000001.00000003.1846910089.0000000005DAA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CodecFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\BeatDetection.pdb&&" source: SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTime.pdb source: SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831966818.0000000003D7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810582792.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844730403.0000000003D91000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806284873.0000000003D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerControl.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OpenglSwitcherAPI.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ComputingResourceManager.pdb"" source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsFramework.pdb source: SlideshowMaker.exe, 00000001.00000003.1847452500.000000000155E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848838300.0000000001598000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp140.i386.pdbGCTL source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CrashHandler.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\NagScreen.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\UpdateChecker.pdb source: SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AccelerationTracker.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PatentActivator.pdb$$ source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorSerialization.pdb&& source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstaller.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerEngine.pdb)) source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUtil.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: concrt140.i386.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OglManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreLocalization.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x86\Vm.pdb source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2950690600.0000000000BC0000.00000040.00001000.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2950155746.0000000000870000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\DesktopNotification.pdb%% source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorImports.pdb source: SlideshowMaker.exe, 00000001.00000003.1858645130.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MediaTypes.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsDecoration.pdb++ source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MuxerFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830767493.0000000003CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsFramework.pdb%% source: SlideshowMaker.exe, 00000001.00000003.1847452500.000000000155E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848838300.0000000001598000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OverlayEngine.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ProcInt.pdb@@! source: SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: concrt140.i386.pdbGCTL source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorEffects.pdb((" source: SlideshowMaker.exe, 00000001.00000003.1849072895.000000000604D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtMediaUi.pdb"" source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\OglManager.pdb88! source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Converters.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PlayerEngine.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AppUtil.pdb00 source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FFWrapper.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831122946.0000000003D18000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830767493.0000000003CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditorOverlays.pdb source: SlideshowMaker.exe, 00000001.00000003.1858645130.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FilterFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstaller.pdb,, source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CrashSenderWrapper.pdb source: SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806643474.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831022848.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Tracker.pdb source: SlideshowMaker.exe, 00000001.00000003.1801066920.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\EditingScene.pdb source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Policies.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\SDLManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845946358.0000000003DA8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831966818.0000000003D7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810582792.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844730403.0000000003D91000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806284873.0000000003D70000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Demuxers.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MagnetizeTools.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreLocalization.pdb source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Threading.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GraphicsDecoration.pdb source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreTracker.pdb source: SlideshowMaker.exe, 00000001.00000003.1801066920.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\VideoRendererOGLQt.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\WebBrowser.pdb33' source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUtil.pdbKK! source: SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ProcInt.pdb source: SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\StreamReader.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\CoreManager.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\NagScreen.pdb,, source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\TrackerFactory.pdb source: SlideshowMaker.exe, 00000001.00000003.1800889302.0000000000995000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GeneralMovaviTrackerWrapper.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Threading.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AudioRendererSDL.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MQtUi.pdbHH source: SlideshowMaker.exe, 00000001.00000003.1846910089.0000000005DAA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Converters.pdb source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PackageInstallerModule.pdb source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\WebBrowser.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PubSub.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\ASSWrapper.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\VideoRendererOGLQt.pdb## source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdb source: SlideshowMaker.exe, 00000001.00000003.1799152520.000000000050F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MovaviIO.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MediaTypes.pdb&& source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\GeneralMovaviTrackerWrapper.pdb## source: SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\PubSub.pdb source: SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\Presets.pdb!! source: SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\FFWrapper.pdb,,! source: SlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831122946.0000000003D18000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830767493.0000000003CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\MagnetizeTools.pdb%% source: SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\AppUtil.pdb source: SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\J\WS\VE124\build-x86_32\bin\UpdateChecker.pdb&& source: SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp
Source: SlideshowMaker.exe.0.drStatic PE information: real checksum: 0xdc081 should be: 0xde681
Source: Movavi Slideshow Maker 4.exeStatic PE information: section name: .xcpad
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05690000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_00c20000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05640000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05c70000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ConfInt.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Filters.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_00610000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_00650000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05610000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05c20000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6eb40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\GeneralPlugin.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04150000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04560000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_65200000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avcodec.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04050000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05ea0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_00bb0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_01020000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05760000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorView.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6c0a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05360000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04090000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_64000000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_040c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05580000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_00b30000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_058c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_06330000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_06110000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_688d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04010000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_00730000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05ab0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_044d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_042c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6b5b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04210000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_056d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_058e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_06390000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05ae0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_013c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_65bc0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6b080000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_054d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_050a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05490000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_66980000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_045b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exeJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6a8b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05860000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6d280000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\DecoderRAW.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avfilter.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_06210000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_03940000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6b300000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_690a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05820000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_06240000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_01260000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_00400000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_03f50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6ca20000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_03db0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_041b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04340000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModel.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05ca0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_03ef0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\CudaManager.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04270000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_64b40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5XmlPatterns.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\VideoAnalyzer.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6a200000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Quick.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6bc10000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorLogic.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6a670000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05540000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05450000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_69f70000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_63180000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_68b50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\FilmMaker.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_69bb0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05d10000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05f30000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_69fc0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05f90000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_008e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Application.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05720000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_01390000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libass.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05be0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04760000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile created: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_06280000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avformat.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_04510000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_055c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_004e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_6c590000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModule.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_010a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_05f00000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_057f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_62c80000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ExivMetadata.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\temp\404_69df0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile created: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libeay32.dllJump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: FilemonClass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: RegmonClass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: FilemonClass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeWindow searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 67833AE second address: 67833B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 67833B3 second address: 6782BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a or dword ptr [ebp+165E1EC4h], esi 0x00000010 push dword ptr [ebp+165E0921h] 0x00000016 stc 0x00000017 call dword ptr [ebp+165E366Dh] 0x0000001d pushad 0x0000001e cld 0x0000001f xor eax, eax 0x00000021 mov dword ptr [ebp+165E2E33h], eax 0x00000027 pushad 0x00000028 sub si, EF37h 0x0000002d popad 0x0000002e mov edx, dword ptr [esp+28h] 0x00000032 xor dword ptr [ebp+165E2E33h], esi 0x00000038 ja 00007FCC4559B0F2h 0x0000003e mov dword ptr [ebp+165E2B26h], eax 0x00000044 jmp 00007FCC4559B0F2h 0x00000049 mov esi, 0000003Ch 0x0000004e jmp 00007FCC4559B0F9h 0x00000053 add esi, dword ptr [esp+24h] 0x00000057 jns 00007FCC4559B0FDh 0x0000005d lodsw 0x0000005f pushad 0x00000060 sub dword ptr [ebp+165E2E33h], edi 0x00000066 or dword ptr [ebp+165E1B84h], eax 0x0000006c popad 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 xor dword ptr [ebp+165E2E33h], edx 0x00000077 jmp 00007FCC4559B0EFh 0x0000007c mov ebx, dword ptr [esp+24h] 0x00000080 jl 00007FCC4559B0F2h 0x00000086 pushad 0x00000087 mov ax, 44D7h 0x0000008b jo 00007FCC4559B0E6h 0x00000091 popad 0x00000092 cmc 0x00000093 nop 0x00000094 push eax 0x00000095 push edx 0x00000096 push eax 0x00000097 push edx 0x00000098 js 00007FCC4559B0E6h 0x0000009e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6782BF9 second address: 6782BFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6782BFD second address: 6782C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6782C03 second address: 6782C1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jg 00007FCC44D34C06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68F8195 second address: 68F81AC instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCC4559B0E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007FCC4559B0E8h 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68F81AC second address: 68F8237 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov si, 0065h 0x0000000d push 00000000h 0x0000000f jno 00007FCC44D34C0Ch 0x00000015 push CD659EA7h 0x0000001a push eax 0x0000001b jns 00007FCC44D34C0Ch 0x00000021 pop eax 0x00000022 add dword ptr [esp], 329A61D9h 0x00000029 mov dx, 0B32h 0x0000002d push 00000003h 0x0000002f mov dword ptr [ebp+165E1B30h], edi 0x00000035 push 00000000h 0x00000037 mov dword ptr [ebp+165E3991h], esi 0x0000003d push 00000003h 0x0000003f push 00000000h 0x00000041 push esi 0x00000042 call 00007FCC44D34C08h 0x00000047 pop esi 0x00000048 mov dword ptr [esp+04h], esi 0x0000004c add dword ptr [esp+04h], 0000001Dh 0x00000054 inc esi 0x00000055 push esi 0x00000056 ret 0x00000057 pop esi 0x00000058 ret 0x00000059 jc 00007FCC44D34C08h 0x0000005f mov esi, ebx 0x00000061 push 7B69AF08h 0x00000066 jo 00007FCC44D34C24h 0x0000006c push eax 0x0000006d push edx 0x0000006e jo 00007FCC44D34C06h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68F8325 second address: 68F8397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [eax] 0x00000008 push edx 0x00000009 jg 00007FCC4559B0E8h 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jmp 00007FCC4559B0F7h 0x0000001b pop eax 0x0000001c cld 0x0000001d cmc 0x0000001e push 00000003h 0x00000020 or edi, dword ptr [ebp+165E2B1Eh] 0x00000026 push 00000000h 0x00000028 jmp 00007FCC4559B0EEh 0x0000002d push 00000003h 0x0000002f mov dword ptr [ebp+165E195Dh], edx 0x00000035 push D443FDDFh 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d ja 00007FCC4559B0E6h 0x00000043 jmp 00007FCC4559B0F3h 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68F8549 second address: 68F8553 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCC44D34C06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68F8553 second address: 68F856D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC4559B0F6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68E943E second address: 68E9444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68E9444 second address: 68E9448 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6917B43 second address: 6917B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6918089 second address: 691808D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6918306 second address: 691830A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 691830A second address: 6918310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6918442 second address: 6918446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6918446 second address: 6918469 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCC4559B0E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FCC4559B0F3h 0x00000012 jmp 00007FCC4559B0EDh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6918469 second address: 691846D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69188B0 second address: 69188C5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jo 00007FCC4559B0E6h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 690CD71 second address: 690CD75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6918D09 second address: 6918D0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6918D0D second address: 6918D11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6918D11 second address: 6918D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FCC4559B0EDh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6918D29 second address: 6918D2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6919961 second address: 6919966 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6919966 second address: 6919986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007FCC44D34C18h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6919986 second address: 69199AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0F3h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007FCC4559B11Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68E5F4D second address: 68E5F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68E5F52 second address: 68E5F6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCC4559B0EFh 0x00000008 jg 00007FCC4559B0E6h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692187A second address: 6921893 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCC44D34C0Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6921893 second address: 69218A2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCC4559B0E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69218A2 second address: 69218AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007FCC44D34C06h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69219E6 second address: 6921A0B instructions: 0x00000000 rdtsc 0x00000002 js 00007FCC4559B0EAh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007FCC4559B117h 0x00000010 pushad 0x00000011 jmp 00007FCC4559B0EEh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6921B72 second address: 6921B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FCC44D34C11h 0x0000000d jne 00007FCC44D34C06h 0x00000013 js 00007FCC44D34C06h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6922154 second address: 692215A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692215A second address: 6922160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6922160 second address: 6922166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6922166 second address: 6922193 instructions: 0x00000000 rdtsc 0x00000002 js 00007FCC44D34C06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FCC44D34C11h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d push edi 0x0000001e pushad 0x0000001f popad 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6922193 second address: 69221B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F6h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6922881 second address: 69228AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FCC44D34C1Dh 0x0000000c jmp 00007FCC44D34C15h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007FCC44D34C20h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69228AE second address: 69228D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0F4h 0x00000009 jp 00007FCC4559B0F2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6922A85 second address: 6922A92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnc 00007FCC44D34C06h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6922A92 second address: 6922AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCC4559B0F9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69230B7 second address: 69230D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jc 00007FCC44D34C06h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 jmp 00007FCC44D34C0Fh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692367D second address: 692368D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0EBh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692368D second address: 6923692 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6923D21 second address: 6923D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6923D27 second address: 6923D2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6923D2B second address: 6923D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6923D34 second address: 6923D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FCC44D34C18h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FCC44D34C18h 0x00000013 jng 00007FCC44D34C06h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6923F1B second address: 6923F1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6924389 second address: 692438F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6929643 second address: 6929655 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FCC4559B0E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6929655 second address: 692966D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692966D second address: 69296B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 jnc 00007FCC4559B0E6h 0x00000017 popad 0x00000018 jmp 00007FCC4559B0F4h 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jns 00007FCC4559B0E6h 0x00000029 push edx 0x0000002a pop edx 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69284EF second address: 69284F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69284F4 second address: 69284F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69284F9 second address: 69284FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68EAEEB second address: 68EAEEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68EAEEF second address: 68EAEFC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68EAEFC second address: 68EAF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692D8D2 second address: 692D8D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692DA56 second address: 692DA72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC4559B0F2h 0x00000009 jnl 00007FCC4559B0E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692DBEA second address: 692DBF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692E05A second address: 692E06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FCC4559B0EEh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692E06F second address: 692E086 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FCC44D34C06h 0x0000000a jmp 00007FCC44D34C0Dh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692E086 second address: 692E08A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692E08A second address: 692E09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007FCC44D34C06h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692E09F second address: 692E0C8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC4559B0EAh 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 jg 00007FCC4559B0E6h 0x0000001a jno 00007FCC4559B0E6h 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692E220 second address: 692E224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692E224 second address: 692E23C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 692E23C second address: 692E256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC44D34C16h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6931602 second address: 693161F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jbe 00007FCC4559B0ECh 0x0000000b jo 00007FCC4559B0E6h 0x00000011 popad 0x00000012 push eax 0x00000013 jnp 00007FCC4559B0F0h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693161F second address: 693169D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jng 00007FCC44D34C14h 0x00000010 pushad 0x00000011 jbe 00007FCC44D34C06h 0x00000017 je 00007FCC44D34C06h 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 jmp 00007FCC44D34C0Fh 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 jmp 00007FCC44D34C10h 0x0000002e pop eax 0x0000002f push 00000000h 0x00000031 push edx 0x00000032 call 00007FCC44D34C08h 0x00000037 pop edx 0x00000038 mov dword ptr [esp+04h], edx 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc edx 0x00000045 push edx 0x00000046 ret 0x00000047 pop edx 0x00000048 ret 0x00000049 push 4E2C84C8h 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007FCC44D34C0Eh 0x00000055 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69317AA second address: 69317AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69317AE second address: 69317B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69317B4 second address: 69317BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FCC4559B0E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69317BE second address: 69317E2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCC44D34C19h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6932443 second address: 6932460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC4559B0F9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69325E0 second address: 69325EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FCC44D34C06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6932744 second address: 6932749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6933620 second address: 6933624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6933624 second address: 693369D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FCC4559B0E8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 xor si, 0ED5h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007FCC4559B0E8h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 add dword ptr [ebp+165E1F7Fh], ecx 0x0000004b push 00000000h 0x0000004d mov edi, 299F096Dh 0x00000052 mov edi, dword ptr [ebp+165E1BFCh] 0x00000058 xchg eax, ebx 0x00000059 jno 00007FCC4559B0ECh 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693369D second address: 69336B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6934638 second address: 6934641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69351D9 second address: 69351F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC44D34C13h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6935296 second address: 693529B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6938CA0 second address: 6938CAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6938CAA second address: 6938CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6939677 second address: 693968B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC44D34C10h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693B8D9 second address: 693B8DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693B8DD second address: 693B8E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693BE2E second address: 693BE3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693BE3E second address: 693BE77 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCC44D34C1Ah 0x00000008 jmp 00007FCC44D34C14h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnc 00007FCC44D34C18h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693CFD8 second address: 693CFEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 jng 00007FCC4559B0EEh 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693DEF9 second address: 693DEFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693DEFD second address: 693DF44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+165E1952h], ecx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007FCC4559B0E8h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 0000001Dh 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c push 00000000h 0x0000002e sbb bh, FFFFFFA7h 0x00000031 and bx, 304Dh 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693DF44 second address: 693DF48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6940E19 second address: 6940E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6940E1D second address: 6940E22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6941ECA second address: 6941ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6941ECE second address: 6941F2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b nop 0x0000000c jno 00007FCC44D34C0Ch 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007FCC44D34C08h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000017h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e push 00000000h 0x00000030 add dword ptr [ebp+165E200Eh], esi 0x00000036 mov edi, dword ptr [ebp+165E192Eh] 0x0000003c xchg eax, esi 0x0000003d jmp 00007FCC44D34C12h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push ebx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6941F2E second address: 6941F33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6943D09 second address: 6943D58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007FCC44D34C08h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 sub ebx, 05168331h 0x0000002c push 00000000h 0x0000002e mov edi, dword ptr [ebp+165E2BB2h] 0x00000034 and edi, dword ptr [ebp+165E2FE5h] 0x0000003a push 00000000h 0x0000003c adc bx, DF4Fh 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 push ebx 0x00000047 pop ebx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6943D58 second address: 6943D66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6945CEA second address: 6945CF4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCC44D34C06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6945CF4 second address: 6945CFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6945CFB second address: 6945D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6948AD9 second address: 6948B45 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCC4559B0E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FCC4559B0EFh 0x0000000f popad 0x00000010 nop 0x00000011 jp 00007FCC4559B0E7h 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007FCC4559B0E8h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 mov di, 8CFBh 0x00000037 mov dword ptr [ebp+165E19ABh], ebx 0x0000003d push 00000000h 0x0000003f jmp 00007FCC4559B0EAh 0x00000044 mov edi, dword ptr [ebp+165E2B0Eh] 0x0000004a xchg eax, esi 0x0000004b push eax 0x0000004c push edx 0x0000004d push esi 0x0000004e pushad 0x0000004f popad 0x00000050 pop esi 0x00000051 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6948B45 second address: 6948B4A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6948B4A second address: 6948B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FCC4559B0F7h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 694A9E3 second address: 694A9E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 694A9E7 second address: 694A9FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC4559B0F0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 694A9FB second address: 694A9FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 694A9FF second address: 694AA94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FCC4559B0E8h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 adc edi, 2D948A29h 0x00000029 xor bh, 00000012h 0x0000002c push esi 0x0000002d and di, 0006h 0x00000032 pop ebx 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007FCC4559B0E8h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f mov edi, dword ptr [ebp+165E2C06h] 0x00000055 push 00000000h 0x00000057 push eax 0x00000058 jo 00007FCC4559B0ECh 0x0000005e mov dword ptr [ebp+165E1D20h], esi 0x00000064 pop ebx 0x00000065 xchg eax, esi 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007FCC4559B0F8h 0x0000006d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6952CEE second address: 6952CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695432A second address: 695432F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69589BE second address: 69589C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69589C3 second address: 69589CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FCC4559B0E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6958A9A second address: 6958A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6958A9F second address: 6958AA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 68DF1F7 second address: 68DF20A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC44D34C0Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E3EA second address: 695E3F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E557 second address: 695E574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC44D34C12h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E574 second address: 695E578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E578 second address: 695E57C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E997 second address: 695E99B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E99B second address: 695E9A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E9A5 second address: 695E9A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E9A9 second address: 695E9B3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC44D34C06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E9B3 second address: 695E9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695E9BF second address: 695E9C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 695ECD3 second address: 695ECD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69628BC second address: 69628C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69628C0 second address: 69628D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC4559B0EFh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69628D5 second address: 69628DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69628DB second address: 69628E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69628E1 second address: 69628E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693000A second address: 693000F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6930101 second address: 6930126 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCC44D34C0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FCC44D34C12h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6930434 second address: 693043E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FCC4559B0E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693043E second address: 6782BF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dx, 2DB2h 0x0000000f push dword ptr [ebp+165E0921h] 0x00000015 mov dx, bx 0x00000018 call dword ptr [ebp+165E366Dh] 0x0000001e pushad 0x0000001f cld 0x00000020 xor eax, eax 0x00000022 mov dword ptr [ebp+165E2E33h], eax 0x00000028 pushad 0x00000029 sub si, EF37h 0x0000002e popad 0x0000002f mov edx, dword ptr [esp+28h] 0x00000033 xor dword ptr [ebp+165E2E33h], esi 0x00000039 ja 00007FCC44D34C12h 0x0000003f mov dword ptr [ebp+165E2B26h], eax 0x00000045 jmp 00007FCC44D34C12h 0x0000004a mov esi, 0000003Ch 0x0000004f jmp 00007FCC44D34C19h 0x00000054 add esi, dword ptr [esp+24h] 0x00000058 jns 00007FCC44D34C1Dh 0x0000005e lodsw 0x00000060 pushad 0x00000061 sub dword ptr [ebp+165E2E33h], edi 0x00000067 or dword ptr [ebp+165E1B84h], eax 0x0000006d popad 0x0000006e add eax, dword ptr [esp+24h] 0x00000072 xor dword ptr [ebp+165E2E33h], edx 0x00000078 jmp 00007FCC44D34C0Fh 0x0000007d mov ebx, dword ptr [esp+24h] 0x00000081 jl 00007FCC44D34C12h 0x00000087 cmc 0x00000088 nop 0x00000089 push eax 0x0000008a push edx 0x0000008b push eax 0x0000008c push edx 0x0000008d js 00007FCC44D34C06h 0x00000093 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69304DE second address: 69304E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69304E2 second address: 6930518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FCC44D34C08h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007FCC44D34C17h 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jc 00007FCC44D34C08h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6930518 second address: 693051E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693051E second address: 69305B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FCC44D34C08h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 call 00007FCC44D34C09h 0x00000028 je 00007FCC44D34C10h 0x0000002e pushad 0x0000002f js 00007FCC44D34C06h 0x00000035 push edi 0x00000036 pop edi 0x00000037 popad 0x00000038 push eax 0x00000039 jmp 00007FCC44D34C11h 0x0000003e mov eax, dword ptr [esp+04h] 0x00000042 jl 00007FCC44D34C27h 0x00000048 pushad 0x00000049 jmp 00007FCC44D34C12h 0x0000004e jmp 00007FCC44D34C0Dh 0x00000053 popad 0x00000054 mov eax, dword ptr [eax] 0x00000056 push ebx 0x00000057 jo 00007FCC44D34C08h 0x0000005d pushad 0x0000005e popad 0x0000005f pop ebx 0x00000060 mov dword ptr [esp+04h], eax 0x00000064 push eax 0x00000065 push edx 0x00000066 push esi 0x00000067 push edi 0x00000068 pop edi 0x00000069 pop esi 0x0000006a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69305B1 second address: 69305B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69306CC second address: 69306D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69306D0 second address: 69306F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC4559B0F3h 0x0000000b popad 0x0000000c push eax 0x0000000d js 00007FCC4559B100h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69307E0 second address: 69307FB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edi 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push ecx 0x00000011 jp 00007FCC44D34C06h 0x00000017 pop ecx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6930954 second address: 693095E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCC4559B0ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693095E second address: 6930974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FCC44D34C0Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6930974 second address: 6930978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6930A9F second address: 6930AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6930AA6 second address: 6930B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FCC4559B0E8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 add dword ptr [ebp+165E19ABh], edi 0x00000029 push 00000004h 0x0000002b push 00000000h 0x0000002d push edi 0x0000002e call 00007FCC4559B0E8h 0x00000033 pop edi 0x00000034 mov dword ptr [esp+04h], edi 0x00000038 add dword ptr [esp+04h], 00000015h 0x00000040 inc edi 0x00000041 push edi 0x00000042 ret 0x00000043 pop edi 0x00000044 ret 0x00000045 jmp 00007FCC4559B0F5h 0x0000004a nop 0x0000004b jmp 00007FCC4559B0ECh 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 push ecx 0x00000054 jnp 00007FCC4559B0E6h 0x0000005a pop ecx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6931268 second address: 693126E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 693126E second address: 6931272 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6931272 second address: 693128F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCC44D34C12h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 690D963 second address: 690D97B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FCC4559B0ECh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6962E29 second address: 6962E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6962E2D second address: 6962E37 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCC4559B0E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6962E37 second address: 6962E72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FCC44D34C06h 0x00000009 pushad 0x0000000a popad 0x0000000b jl 00007FCC44D34C06h 0x00000011 popad 0x00000012 jne 00007FCC44D34C22h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6963010 second address: 696301B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FCC4559B0E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696301B second address: 6963037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FCC44D34C0Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6963037 second address: 696303B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696303B second address: 696305B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCC44D34C17h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696305B second address: 6963060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6963060 second address: 6963081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC44D34C0Ah 0x00000009 jmp 00007FCC44D34C13h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6963081 second address: 6963085 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69634BC second address: 69634C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69634C0 second address: 69634C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69634C6 second address: 69634E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCC44D34C0Ah 0x0000000e jng 00007FCC44D34C0Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69634E3 second address: 69634E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696900A second address: 6969016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6969016 second address: 6969039 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC4559B0F0h 0x00000009 jmp 00007FCC4559B0EFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6969039 second address: 696905B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC44D34C06h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FCC44D34C11h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6969325 second address: 6969341 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCC4559B0F2h 0x00000008 ja 00007FCC4559B0E6h 0x0000000e jbe 00007FCC4559B0E6h 0x00000014 jc 00007FCC4559B0F8h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6968D53 second address: 6968D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FCC44D34C06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6968D5F second address: 6968D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jnc 00007FCC4559B0E6h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6969A6F second address: 6969A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 jmp 00007FCC44D34C0Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6969A83 second address: 6969A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696A039 second address: 696A055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C12h 0x00000007 js 00007FCC44D34C0Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FF0C second address: 696FF10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FF10 second address: 696FF2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FCC44D34C06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007FCC44D34C10h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FF2E second address: 696FF34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FF34 second address: 696FF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FF38 second address: 696FF42 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCC4559B0E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FF42 second address: 696FF4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FF4B second address: 696FF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007FCC4559B0E6h 0x0000000c jmp 00007FCC4559B0EBh 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ecx 0x0000001a jno 00007FCC4559B0EEh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696EAD3 second address: 696EAD8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696EE64 second address: 696EE68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696F278 second address: 696F2A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d jmp 00007FCC44D34C0Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 je 00007FCC44D34C06h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696F549 second address: 696F573 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FCC4559B0E8h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696F573 second address: 696F579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696F579 second address: 696F581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FD7F second address: 696FD85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FD85 second address: 696FD89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FD89 second address: 696FD8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FD8D second address: 696FDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FCC4559B0F5h 0x00000010 jbe 00007FCC4559B0E6h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 696FDB8 second address: 696FDC2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCC44D34C06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6979CDC second address: 6979CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6979CE2 second address: 6979CE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6979CE6 second address: 6979CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6979CEC second address: 6979D04 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FCC44D34C0Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6979D04 second address: 6979D0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6979D0D second address: 6979D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6979701 second address: 6979706 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6986984 second address: 6986988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6986988 second address: 69869A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FCC4559B0F6h 0x0000000c jmp 00007FCC4559B0F0h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 698529A second address: 69852A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 698558D second address: 6985597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FCC4559B0E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6985597 second address: 69855A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69855A3 second address: 69855B1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCC4559B0E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69855B1 second address: 69855BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FCC44D34C06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69855BB second address: 69855DD instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCC4559B0E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FCC4559B0F1h 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6985734 second address: 698574D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FCC44D34C08h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 698574D second address: 6985752 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69859E1 second address: 69859E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69859E5 second address: 69859F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6930D1C second address: 6930D70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a add edx, 735726AFh 0x00000010 mov ebx, dword ptr [ebp+16790D0Fh] 0x00000016 and edx, 217AE1CAh 0x0000001c add eax, ebx 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007FCC44D34C08h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 sub dword ptr [ebp+165E19DBh], edi 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69866FC second address: 6986710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0EEh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6988129 second address: 698812D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 698CC3F second address: 698CC5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCC4559B0EFh 0x0000000e jg 00007FCC4559B0E6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 698CC5D second address: 698CC7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FCC44D34C0Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 698CC7B second address: 698CC9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FCC4559B0F9h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 698CF1A second address: 698CF25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 698CF25 second address: 698CF3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCC4559B0F1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 698CF3C second address: 698CF5A instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCC44D34C19h 0x00000008 jmp 00007FCC44D34C11h 0x0000000d push esi 0x0000000e pop esi 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6992D18 second address: 6992D1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6992D1E second address: 6992D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007FCC44D34C10h 0x0000000e push esi 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6992E6C second address: 6992E72 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6992E72 second address: 6992E78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6992E78 second address: 6992E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6992FC2 second address: 6992FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6992FCD second address: 6993000 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jng 00007FCC4559B0E6h 0x00000010 jmp 00007FCC4559B0F1h 0x00000015 jmp 00007FCC4559B0EBh 0x0000001a jns 00007FCC4559B0E6h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699389D second address: 69938A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69938A3 second address: 69938A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6994156 second address: 699415E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699415E second address: 6994162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6994162 second address: 699416C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699416C second address: 6994170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69949DA second address: 69949DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69949DE second address: 69949F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699B9B7 second address: 699B9BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699FDEE second address: 699FDF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699EF38 second address: 699EF3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699F1FC second address: 699F202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699F202 second address: 699F20B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699F20B second address: 699F210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699F210 second address: 699F235 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FCC44D34C0Ah 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FCC44D34C13h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699F235 second address: 699F23C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699F37B second address: 699F392 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C13h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 699F534 second address: 699F53D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A7E08 second address: 69A7E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FCC44D34C06h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A7E19 second address: 69A7E48 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCC4559B0E6h 0x00000008 je 00007FCC4559B0E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 jmp 00007FCC4559B0F8h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A7E48 second address: 69A7E4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A7E4C second address: 69A7E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A7E55 second address: 69A7E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A7E5A second address: 69A7E60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A7E60 second address: 69A7E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A6516 second address: 69A651A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A651A second address: 69A6530 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FCC44D34C06h 0x00000008 jg 00007FCC44D34C06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A6694 second address: 69A669E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FCC4559B0E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A669E second address: 69A66A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A66A4 second address: 69A66DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FCC4559B0F8h 0x00000008 jmp 00007FCC4559B0F2h 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007FCC4559B0E6h 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A6A03 second address: 69A6A07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A6A07 second address: 69A6A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A6A0D second address: 69A6A12 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A5AF5 second address: 69A5B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FCC4559B0F8h 0x0000000a pushad 0x0000000b jc 00007FCC4559B0E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A5B1B second address: 69A5B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FCC44D34C06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A5B27 second address: 69A5B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FCC4559B0E6h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A5B38 second address: 69A5B5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C14h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FCC44D34C06h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A5B5A second address: 69A5B7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC4559B0F4h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jne 00007FCC4559B0E6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A5B7E second address: 69A5B82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69A5B82 second address: 69A5B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69BA370 second address: 69BA37C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69BA37C second address: 69BA38C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69BA38C second address: 69BA392 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69BA392 second address: 69BA396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69B934F second address: 69B935C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007FCC44D34C06h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69B967E second address: 69B9682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69B9682 second address: 69B9686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69B996B second address: 69B9971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69B9C2A second address: 69B9C58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FCC44D34C17h 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69B9C58 second address: 69B9C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69BB9FB second address: 69BBA01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69BFAFE second address: 69BFB03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69BFB03 second address: 69BFB0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FCC44D34C06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69BFB0D second address: 69BFB11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69BF59D second address: 69BF5AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC44D34C0Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C4793 second address: 69C47C2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCC4559B0E6h 0x00000008 js 00007FCC4559B0E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jl 00007FCC4559B0E6h 0x00000017 jmp 00007FCC4559B0F5h 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C3448 second address: 69C3451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C3451 second address: 69C349A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FCC4559B0F4h 0x00000010 pushad 0x00000011 jbe 00007FCC4559B0E6h 0x00000017 jmp 00007FCC4559B0F6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C3613 second address: 69C3617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C376A second address: 69C3770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C3770 second address: 69C3775 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C3775 second address: 69C378C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FCC4559B0ECh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C378C second address: 69C37AB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCC44D34C06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jne 00007FCC44D34C06h 0x00000017 jo 00007FCC44D34C06h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C37AB second address: 69C37B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C37B0 second address: 69C37BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FCC44D34C06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C37BA second address: 69C37D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0EBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c jnc 00007FCC4559B0E6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F8017 second address: 69F8021 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC44D34C06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F8021 second address: 69F802B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCC4559B0F2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F802B second address: 69F8039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FCC44D34C06h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F8039 second address: 69F803F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F803F second address: 69F8043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F92B2 second address: 69F92D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FCC4559B0E6h 0x0000000a pop edi 0x0000000b jmp 00007FCC4559B0F8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F92D5 second address: 69F92DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F92DA second address: 69F9314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FCC4559B0E6h 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push edi 0x00000016 pushad 0x00000017 jg 00007FCC4559B0E6h 0x0000001d jmp 00007FCC4559B0F6h 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F9314 second address: 69F9318 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C9121 second address: 69C9125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C9125 second address: 69C912F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCC44D34C06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69C912F second address: 69C9135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69F9BA5 second address: 69F9BA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69FEA50 second address: 69FEA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FCC4559B0EAh 0x0000000b popad 0x0000000c push ebx 0x0000000d jmp 00007FCC4559B0F9h 0x00000012 jns 00007FCC4559B0E6h 0x00000018 pop ebx 0x00000019 pop edi 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FCC4559B0F3h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A1AAD6 second address: 6A1AAF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jo 00007FCC44D34C0Ch 0x0000000b js 00007FCC44D34C06h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FCC44D34C0Bh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A1AAF6 second address: 6A1AAFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A253AA second address: 6A253CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC44D34C11h 0x00000009 popad 0x0000000a jg 00007FCC44D34C0Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2AE7D second address: 6A2AE93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e jp 00007FCC4559B0E6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2AE93 second address: 6A2AE9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2AE9B second address: 6A2AEAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FCC4559B0E6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2B006 second address: 6A2B00A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2B121 second address: 6A2B127 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2B127 second address: 6A2B12D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2B12D second address: 6A2B133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2B133 second address: 6A2B137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2BBA7 second address: 6A2BBBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2BBBF second address: 6A2BBC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2C34D second address: 6A2C359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FCC4559B0E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2C359 second address: 6A2C35D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A2C4C3 second address: 6A2C4EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0EEh 0x00000009 jmp 00007FCC4559B0F5h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A43148 second address: 6A43152 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC44D34C06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A43152 second address: 6A43158 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A43241 second address: 6A43257 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCC44D34C0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A43257 second address: 6A4325B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A65971 second address: 6A6597D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jbe 00007FCC44D34C06h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A6597D second address: 6A6599C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCC4559B0E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FCC4559B0EAh 0x00000012 jo 00007FCC4559B0ECh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A65211 second address: 6A65216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6782F8B second address: 6782F99 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FCC4559B0E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6782F99 second address: 6782F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E6F9 second address: 6A7E728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0F9h 0x00000009 jmp 00007FCC4559B0F1h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E728 second address: 6A7E76C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnl 00007FCC44D34C12h 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007FCC44D34C06h 0x00000018 jmp 00007FCC44D34C13h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E88C second address: 6A7E892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E892 second address: 6A7E89E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCC44D34C06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E89E second address: 6A7E8A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FCC4559B0E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E8A9 second address: 6A7E8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 je 00007FCC44D34C06h 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E8C0 second address: 6A7E8C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E8C4 second address: 6A7E8C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E8C8 second address: 6A7E8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7E8D0 second address: 6A7E8D5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7ECA4 second address: 6A7ECA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A7ECA8 second address: 6A7ECAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A824F3 second address: 6A824FD instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCC4559B0F2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A824FD second address: 6A8250E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FCC44D34C06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A8250E second address: 6A82512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82809 second address: 6A8282F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FCC44D34C15h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A8282F second address: 6A82835 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A829DB second address: 6A829E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82B3C second address: 6A82B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0F0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82B50 second address: 6A82B66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jno 00007FCC44D34C08h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82CF2 second address: 6A82D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0EBh 0x00000009 pop edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jng 00007FCC4559B0E6h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82D10 second address: 6A82D15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82D15 second address: 6A82D32 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCC4559B0F8h 0x00000008 jmp 00007FCC4559B0F2h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82D32 second address: 6A82D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC44D34C17h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82E67 second address: 6A82E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82E6B second address: 6A82E77 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCC44D34C06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82E77 second address: 6A82E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FCC4559B0EAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A82E86 second address: 6A82E93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jc 00007FCC44D34C23h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A87F10 second address: 6A87F14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A8BB47 second address: 6A8BB51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FCC44D34C06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A8F033 second address: 6A8F044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007FCC4559B0EBh 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6AF1AA5 second address: 6AF1AA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6AF1AA9 second address: 6AF1AAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6AF1AAF second address: 6AF1AB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FCC44D34C06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6AF53E4 second address: 6AF540B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FCC4559B0F2h 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jnc 00007FCC4559B0E6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B0269A second address: 6B026A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B026A5 second address: 6B026F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pushad 0x00000007 jmp 00007FCC4559B0F6h 0x0000000c jmp 00007FCC4559B0F9h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FCC4559B0F5h 0x00000018 jnc 00007FCC4559B0E6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B026F8 second address: 6B02704 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B06AA5 second address: 6B06ABD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F2h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B06ABD second address: 6B06AC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B2A457 second address: 6B2A45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B3152E second address: 6B31537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B31537 second address: 6B3153B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B31687 second address: 6B3169F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC44D34C14h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B31836 second address: 6B3184E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0F3h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B3184E second address: 6B31879 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C0Bh 0x00000007 push ebx 0x00000008 jmp 00007FCC44D34C13h 0x0000000d pop ebx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B31879 second address: 6B3187D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B32340 second address: 6B32350 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FCC44D34C0Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B32350 second address: 6B32367 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCC4559B0EFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B32367 second address: 6B3239C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FCC44D34C2Fh 0x00000010 push edi 0x00000011 jbe 00007FCC44D34C06h 0x00000017 jmp 00007FCC44D34C15h 0x0000001c pop edi 0x0000001d js 00007FCC44D34C0Ch 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B32EE0 second address: 6B32EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B32EE4 second address: 6B32EEE instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCC44D34C06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B32EEE second address: 6B32F11 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCC4559B0F5h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FCC4559B0EDh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007FCC4559B0F2h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B32F11 second address: 6B32F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FCC44D34C06h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B32F1F second address: 6B32F25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B33201 second address: 6B33205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B33205 second address: 6B33209 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B33209 second address: 6B3320F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4B41C second address: 6A4B420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4B420 second address: 6A4B434 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4B434 second address: 6A4B456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FCC4559B0E6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FCC4559B0F3h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4B456 second address: 6A4B45A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4A522 second address: 6A4A528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4A528 second address: 6A4A52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A6090A second address: 6A6090E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A6090E second address: 6A60914 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A60914 second address: 6A6092F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC4559B0F2h 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A6092F second address: 6A60935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A60935 second address: 6A60945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FCC4559B0E8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A5F90C second address: 6A5F93E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCC44D34C15h 0x0000000d jmp 00007FCC44D34C15h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A07300 second address: 6A07318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0F3h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A07318 second address: 6A0731E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A5FBB3 second address: 6A5FC02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F6h 0x00000007 jno 00007FCC4559B0ECh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jbe 00007FCC4559B0E6h 0x00000019 jmp 00007FCC4559B0EFh 0x0000001e popad 0x0000001f pushad 0x00000020 jno 00007FCC4559B0E6h 0x00000026 jl 00007FCC4559B0E6h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4A79C second address: 6A4A7A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4A7A1 second address: 6A4A7B7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCC4559B0EEh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jns 00007FCC4559B0E6h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4B28D second address: 6A4B291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4B291 second address: 6A4B2D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FCC4559B0F9h 0x00000010 jmp 00007FCC4559B0EAh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4B2D4 second address: 6A4B2D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A553F0 second address: 6A553F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A553F4 second address: 6A55401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A55401 second address: 6A55419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0EFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A55419 second address: 6A5541F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A546D3 second address: 6A546E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007FCC4559B0EAh 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A546E7 second address: 6A546EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A616FA second address: 6A61700 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A61700 second address: 6A61711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FCC44D34C06h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A61711 second address: 6A61715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A61715 second address: 6A6171E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A6171E second address: 6A61723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A54B40 second address: 6A54B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A54B44 second address: 6A54B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC4559B0F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0EE2F second address: 6A0EE35 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0EE35 second address: 6A0EE3E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0EB38 second address: 6A0EB4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCC44D34C10h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0EB4E second address: 6A0EB71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 jnl 00007FCC4559B0E6h 0x0000000b pop eax 0x0000000c jmp 00007FCC4559B0ECh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0EB71 second address: 6A0EB80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC44D34C0Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0EB80 second address: 6A0EB84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A54CD8 second address: 6A54CDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A54E2A second address: 6A54E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A54E2E second address: 6A54E3D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007FCC44D34C06h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A54E3D second address: 6A54E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A5526F second address: 6A552A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FCC44D34C19h 0x0000000b jmp 00007FCC44D34C13h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4A922 second address: 6A4A928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4A928 second address: 6A4A947 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007FCC44D34C0Fh 0x00000011 pop ebx 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4A947 second address: 6A4A94E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4A94E second address: 6A4A953 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4AF0B second address: 6A4AF0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4AF0F second address: 6A4AF3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC44D34C10h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FCC44D34C16h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A4AF3B second address: 6A4AF40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B43B39 second address: 6B43B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FCC44D34C11h 0x0000000b popad 0x0000000c jmp 00007FCC44D34C19h 0x00000011 push edx 0x00000012 jmp 00007FCC44D34C0Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B43CB1 second address: 6B43CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B43CB5 second address: 6B43CD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C17h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B43F52 second address: 6B43F92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FCC4559B0E6h 0x0000000a popad 0x0000000b js 00007FCC4559B0F9h 0x00000011 jmp 00007FCC4559B0F3h 0x00000016 pop ecx 0x00000017 push esi 0x00000018 jmp 00007FCC4559B0F6h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B43F92 second address: 6B43F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B444A8 second address: 6B444BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC4559B0F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B444BD second address: 6B444C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B444C1 second address: 6B444C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B4461F second address: 6B44638 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC44D34C15h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69AB537 second address: 69AB53B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69AB53B second address: 69AB53F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69AB53F second address: 69AB54B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A51765 second address: 6A517A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FCC44D34C0Ch 0x0000000f jmp 00007FCC44D34C15h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A517A1 second address: 6A517A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A517A7 second address: 6A517AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A517AD second address: 6A517B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A517B3 second address: 6A517C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A517C0 second address: 6A517C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A517C4 second address: 6A517E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC44D34C12h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jno 00007FCC44D34C06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A517E5 second address: 6A517ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A517ED second address: 6A517FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FCC44D34C0Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0B244 second address: 6A0B261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push esi 0x00000007 pushad 0x00000008 jnl 00007FCC4559B0E6h 0x0000000e jmp 00007FCC4559B0EBh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0AF50 second address: 6A0AF56 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0AF56 second address: 6A0AF5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0AF5E second address: 6A0AF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A0AF62 second address: 6A0AF66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A51A6A second address: 6A51A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A51A70 second address: 6A51A82 instructions: 0x00000000 rdtsc 0x00000002 js 00007FCC4559B0E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A51BDA second address: 6A51BDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6A51BDF second address: 6A51BEE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCC4559B0E8h 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48B30 second address: 6B48B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FCC44D34C06h 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48B42 second address: 6B48B46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48B46 second address: 6B48B4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48B4A second address: 6B48B66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCC4559B0F2h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48B66 second address: 6B48B7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCC44D34C11h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48B7D second address: 6B48B82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48B82 second address: 6B48BAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC44D34C0Bh 0x00000009 jmp 00007FCC44D34C0Ch 0x0000000e popad 0x0000000f jbe 00007FCC44D34C12h 0x00000015 jg 00007FCC44D34C06h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48F7E second address: 6B48F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48F82 second address: 6B48F88 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B48F88 second address: 6B48FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC4559B0F5h 0x0000000b jmp 00007FCC4559B0F5h 0x00000010 pushad 0x00000011 jnp 00007FCC4559B0E6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B4636D second address: 6B463A5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCC44D34C06h 0x00000008 jl 00007FCC44D34C06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 ja 00007FCC44D34C12h 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FCC44D34C10h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B463A5 second address: 6B463A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B46560 second address: 6B46566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B46807 second address: 6B4680B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 69B477E second address: 69B479E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCC44D34C13h 0x00000008 jl 00007FCC44D34C06h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B492C4 second address: 6B492EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007FCC4559B0EAh 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 jmp 00007FCC4559B0F4h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B5292F second address: 6B5295C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC44D34C19h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCC44D34C10h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B5295C second address: 6B52962 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B626AA second address: 6B62719 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC44D34C12h 0x0000000b push edi 0x0000000c jmp 00007FCC44D34C0Ch 0x00000011 jmp 00007FCC44D34C12h 0x00000016 pop edi 0x00000017 jmp 00007FCC44D34C0Ah 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jne 00007FCC44D34C0Eh 0x00000025 pushad 0x00000026 jp 00007FCC44D34C06h 0x0000002c jmp 00007FCC44D34C12h 0x00000031 push ecx 0x00000032 pop ecx 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRDTSC instruction interceptor: First address: 6B6151C second address: 6B61520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 6782C7A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 67806C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 694EC50 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 6A203EE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 6A42B0D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 6A42B6D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 6A42BC7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 6A42C12 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 6A42C6C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSpecial instruction interceptor: First address: 6A42CEF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 97E0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: E000000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: E1A0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: E1C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 12CB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 12D10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 12DB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 12DF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: 12E30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05690000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_00c20000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05640000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05c70000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_00610000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05610000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_00650000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05c20000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6eb40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04560000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04150000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_65200000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04050000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05ea0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_00bb0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_01020000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05760000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6c0a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05360000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04090000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_64000000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_040c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05580000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_00b30000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_058c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_06330000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_06110000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_688d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04010000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_00730000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05ab0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_044d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_042c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6b5b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04210000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_056d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_058e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_06390000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05ae0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_013c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_65bc0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_054d0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6b080000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_050a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05490000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_66980000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_045b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6a8b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exeJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6d280000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05860000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_06210000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6b300000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_03940000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_690a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_06240000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05820000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_01260000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_00400000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_03f50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_041b0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_03db0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6ca20000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04340000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05ca0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_03ef0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04270000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_64b40000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6a200000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6bc10000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05540000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6a670000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05450000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_69f70000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_63180000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_68b50000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_69bb0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05d10000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05f30000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05f90000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_69fc0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_008e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05720000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_01390000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05be0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04760000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_06280000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_055c0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_04510000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_004e0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_6c590000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_010a0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_05f00000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_057f0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_62c80000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeDropped PE file which has not been started: C:\Users\user\Desktop\Data\local\temp\404_69df0000_tls.dllJump to dropped file
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\CACHE\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeFile opened: C:\Users\user\Jump to behavior
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2953083712.00000000036F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2951475363.0000000002D1F000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000002.2951475363.0000000002CE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2951800952.0000000002D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ??SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}oy
Source: Movavi Slideshow Maker 4.exe, 00000000.00000002.2951800952.0000000002D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
Source: Movavi Slideshow Maker 4.exe, 00000000.00000003.1706212885.0000000002CFB000.00000004.00000020.00020000.00000000.sdmp, Movavi Slideshow Maker 4.exe, 00000000.00000003.1706363049.0000000002D14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: ModuleInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess information queried: ProcessInformation

Anti Debugging

barindex
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeSystem information queried: CodeIntegrityInformation
Hides threads from debuggers
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: NTICE
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: SICE
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeSystem information queried: KernelDebuggerInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Writes to foreign memory regions
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeMemory written: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe base: 35CFE0Jump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeProcess created: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe "C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8 Jump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\ProgramData VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Movavi Slideshow Maker 4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		111
Process Injection		1
Masquerading		OS Credential Dumping1
Query Registry		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		36
Virtualization/Sandbox Evasion		LSASS Memory751
Security Software Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager36
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
Process Injection		NTDS1
Process Discovery		Distributed Component Object ModelInput Capture15
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials223
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541910 Sample: Movavi Slideshow Maker 4.exe Startdate: 25/10/2024 Architecture: WINDOWS Score: 72 30 start.turbo.net 2->30 32 mip2.movavi.com 2->32 34 4 other IPs or domains 2->34 6 Movavi Slideshow Maker 4.exe 1 493 2->6         started        process3 dnsIp4 36 start.turbo.net 172.67.75.65, 443, 49730 CLOUDFLARENETUS United States 6->36 16 C:\Users\user\Desktop\...\SlideshowMaker.exe, PE32 6->16 dropped 18 C:\Users\user\...\SlideshowMaker.exe.manifest, ASCII 6->18 dropped 20 C:\Users\user\Desktop\...\SlideshowMaker.exe, PE32 6->20 dropped 42 Writes to foreign memory regions 6->42 44 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 6->44 11 SlideshowMaker.exe 35 239 6->11         started        file5 signatures6 process7 dnsIp8 38 db4t5hkfesjuw.cloudfront.net 18.66.112.49, 49742, 49744, 80 MIT-GATEWAYSUS United States 11->38 40 lsw-03-balancer.movavi.com 84.16.252.107, 443, 49735, 49736 LEASEWEB-DE-FRA-10DE Germany 11->40 22 C:\Users\user\...\404_6eb40000_tls.dll, PE32 11->22 dropped 24 C:\Users\user\...\404_6d280000_tls.dll, PE32 11->24 dropped 26 C:\Users\user\...\404_6ca20000_tls.dll, PE32 11->26 dropped 28 121 other files (none is malicious) 11->28 dropped 46 Tries to detect sandboxes and other dynamic analysis tools (window names) 11->46 48 Tries to evade debugger and weak emulator (self modifying code) 11->48 50 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 11->50 52 4 other signatures 11->52 file9 signatures10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Application.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ConfInt.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\CudaManager.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\DecoderRAW.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorLogic.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModel.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModule.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorUtil.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorView.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ExivMetadata.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\FilmMaker.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Filters.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\GeneralPlugin.dll5%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Core.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Gui.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Qml.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Quick.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Widgets.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5XmlPatterns.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exe3%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\VideoAnalyzer.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avcodec.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avfilter.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avformat.dll5%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libass.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libeay32.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe0%ReversingLabs
C:\Users\user\Desktop\Data\local\temp\404_01020000_tls.dll2%ReversingLabs
C:\Users\user\Desktop\Data\local\temp\404_010a0000_tls.dll5%ReversingLabs
C:\Users\user\Desktop\Data\local\temp\404_01390000_tls.dll3%ReversingLabs
C:\Users\user\Desktop\Data\local\temp\404_013c0000_tls.dll3%ReversingLabs
C:\Users\user\Desktop\Data\local\temp\404_03db0000_tls.dll3%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
start.turbo.net
172.67.75.65
truefalse
    		unknown
    lsw-03-balancer.movavi.com
    		84.16.252.107
    		truefalse
      		unknown
      db4t5hkfesjuw.cloudfront.net
      		18.66.112.49
      		truefalse
        		unknown
        mip2.movavi.com
        		unknown
        		unknownfalse
          		unknown
          img.movavi.com
          		unknown
          		unknownfalse
            		unknown
            codec-activate.movavi.com
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_start&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key=false
                		unknown
                https://codec-activate.movavi.com/api/v1/codec/all/?akey=&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771false
                  		unknown
                  http://img.movavi.com/webnagscreens/crossale_suite/btn_close_it.pngfalse
                    		unknown
                    http://img.movavi.com/webnagscreens/crossale_suite/btn_buy_it.pngfalse
                      		unknown
                      https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32711&os=win&act_key=false
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://links.movavi.com/videoblocks/?asrc=other_import&-TAIL_WITH_ARGS--0jSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://links.movavi.com/graphicstock/?asrc=other_import&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://links.movavi.com/youtube/?asrc=socialtab&-TAIL_WITH_ARGS--WITH_ARGS--SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://links.movalSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://links.movavi.com/livechat/?asrc=nagtrialstart&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://links.movavi.com/videoeditordlc/?asrc=transitions_store&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://links.movavi.com/forum/?asrc=menu&-TAIL_WITH_ARGS-RGS-5TSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://links.movavi.com/help/?asrc=menu&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://links.movavi.com/buynow/?asrc=menu&-TAIL_WITH_ARGS-=SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://links.movavi.com/googleplus/?asrc=menu&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://qt-project.org/xml/features/report-whitespace-only-CharDataSlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.tipo.net.arhttp://www.tipo.net.arThisSlideshowMaker.exe, 00000001.00000003.1864283453.0000000000584000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://links.movavi.com/offer-get-more/?asrc=menu&-TAIL_WITH_ARGS-empUSSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://links.movavi.com/support/activation_online/?asrc=activationwizard&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://links.movavi.com/buy-suitefromslideshow/?asrc=crossnag_sc_vs&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://links.movavi.com/livechat/?asrc=webnagtrial&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://links.movavi.com/facebook/?asrc=socialtab&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://xml.org/sax/features/namespace-prefixesSlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://links.movavi.com/nvidia/?asrc=settings&-TAIL_WITH_ARGS-0SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://links.movavi.com/livechat/?asrc=webnagtriSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://links.movavi.com/youtube/?asrc=socialtab&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://bugreports.qt.io/SlideshowMaker.exe, 00000001.00000003.1804727013.0000000000F38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://links.movavi.com/googleplus/?asrc=socialtab&-TAIL_WITH_ARGS-ocialtab&-TSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://links.movavi.com/livechat/?asrc=nagtrialstart&-TAIL_WITH_ARGS-on&-TAIL_WITH_ARGS-nhSlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://links.movavi.com/help/?asrc=newprojectdialog&-TAIL_WITH_ARGS-_ARGS-PoSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://links.movavi.com/intel/?asrc=settings&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://links.movavi.comSlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://links.movavi.com/faq/?asrc=menu&-TAIL_WITH_ARGS-x4SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://links.movavi.com/buynow/?asrc=se&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://links.movavi.com/forum/?asrc=socialtab&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://s.sSlideshowMaker.exe, 00000001.00000003.1851518505.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://files.movavi.com/dl/support/opengl32software.zipSlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1799739278.0000000000911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://links.movavi.com/odnokSlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://links.movavi.com/livechat/?asSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://curl.haxx.se/docs/copyright.htmlDSlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://start.turbo.net/services/1.0/activity/vm-18.4.1281.0/runioMovavi Slideshow Maker 4.exe, 00000000.00000002.2951898539.0000000002DC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://links.movavi.com/livechat/?asrc=nagtrialend&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://links.movavi.com/?asrc=menu&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://start.turbo.net/Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://links.movavi.com/instagram/?asrc=menu&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://api.vimeo.com/%1_glewISlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://d.sySlideshowMaker.exe, 00000001.00000003.1847452500.000000000155E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848838300.0000000001598000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851518505.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://links.movavi.com/buynow/?asrc=activationwizard&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://links.movavi.coSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLSlideshowMaker.exe, 00000001.00000003.1864283453.0000000000584000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://links.movavi.com/help_wizard/?asrc=newprojectdialog&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://movavi.com0/Movavi Slideshow Maker 4.exe, 00000000.00000002.2948220868.0000000000199000.00000004.00000010.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1851648195.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831044187.0000000004736000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1800492043.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1804822306.000000000117F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807328586.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843349509.0000000004AC8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1833317656.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1807067664.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858983421.000000000667F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003D70000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1806580685.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852726832.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845946358.0000000003DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://links.movavi.com/audioblocks/?asrc=other_import&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://links.movavi.com/forum/?asrc=socialtab&-TAIL_WITH_ARGS-6OSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://bugreports.qt.io/finishedServerMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogicSlideshowMaker.exe, 00000001.00000003.1804727013.0000000000F38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://links.movavi.com/buynow/?asrcSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://links.movavi.com/youtube/?asrc=menu&-TAIL_WITH_ARGS-?2N2jSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://img.movavi.com/changelog/slideshowcreator/-LANG-/changelogSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://links.movavi.com/help/?asrc=newprojectdialog&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://links.movavi.com/nvidia/?asrc=settings&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://links.movavi.com/youtube/?asrc=socialtab&-TAIL_WITH_ARGS--ialtab&-TAILUSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://links.movavi.com/thank_you_for_install/?app=-APP_NAMSlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://www.phreedom.org/md5)SlideshowMaker.exe, 00000001.00000003.1804727013.0000000000F38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://links.movavi.com/vkontakte/?asrc=menu&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://links.movavi.com/instagram/?asrc=menu&-TAIL_WITH_ARGS-oSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://links.movavi.com/videoblocks/?asrc=other_import&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://links.movavi.com/buynow/?asrc=webnagtrial&-TAIL_WITH_ARGS-Root=C:SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://links.movavi.com/livechat/?asrc=webnagtri4SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://links.movavi.com/support/contact/?asrc=menu&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://links.movavi.com/audioblocks/?asrc=other_iSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://links.movavi.com/offer-get-more/?asrc=menu&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://links.movavi.com/livechat/?asrc=other&-TAIL_WITH_ARGS-entzres.dll.muiSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://www.movavi.ru/photo-to-dvd-slideshow/?c=ssm4SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://links.movavi.com/videoeditordlc/?asrc=callouts_store&-TAIL_WITH_ARGS-symSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.winimage.com/zLibDll1.2.8SlideshowMaker.exe, 00000001.00000003.1806694060.0000000003A66000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://links.movavi.com/videoeditordlc/?asrc=stickers_store&-TAIL_WITH_ARGS-sSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://links.movavi.com/forum/?asrc=menu&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://rh.symcb.cSlideshowMaker.exe, 00000001.00000003.1852726832.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858754735.0000000003D9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://d.symcbSlideshowMaker.exe, 00000001.00000003.1852726832.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858754735.0000000003D9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://links.movavi.com/videoblocks/?asrc=other_import&-TAIL_WITH_ARGS-erSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://codec-activate.movavi.com/api/v1/codec/activate/?akey=-LICENSE_KEY-&huid=-HASH_USER_ID-&codecSlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://links.movavi.com/?asrc=menuabout&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://links.movavi.com/odnoklassniki/?asrc=menu&-TAIL_WITH_ARGS-RGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://links.movavi.com/buynow/?asrc=nagtrialend&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://links.movavi.com/livechat/?asrc=webnagtrial&-TAIL_WITH_ARGS-d=%2&activatkSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://links.movavi.com/videoeditordlc/?asrc=callouts_store&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1835870589.000000000494D000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1842263009.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1844762927.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1831421405.00000000048E1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004C11000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846012651.0000000004C6A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1846755210.0000000004CA7000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837223475.00000000049E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyrightSlideshowMaker.exe, 00000001.00000003.1864283453.0000000000584000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://links.movavi.com/?asrc=menu&-TAIL_WITH_ARGS-TH_ARGS-0SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://ts-aia.ws.symantec.co3SlideshowMaker.exe, 00000001.00000003.1848952863.0000000004DA3000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849592510.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1847071702.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1838380312.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849316625.0000000004E3C000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1843495827.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1845596760.0000000004CEB000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849461496.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1849128230.0000000004DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://links.movavi.com/livechat/?asrc=webnagtrial&-TAIL_WITH_ARGS-RGS-gwzSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://start.turbo.net/x4Movavi Slideshow Maker 4.exe, 00000000.00000002.2949192490.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://links.movavi.com/livechat/?asrc=menu&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://links.movavi.com/livechat/?asrc=nagtrialstart&-TAIL_WITH_ARGS--LANG--AMPSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://links.movavi.com/lSlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://links.movavi.com/instagram/SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://links.movavi.com/livechat/?asrc=nagtrial&-TAIL_WITH_ARGS-TAIL_WITH_ARGSuZSlideshowMaker.exe, 00000001.00000003.1851648195.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1858805983.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://links.movavi.com/audioblocks/?asrc=other_import&-TAIL_WITH_ARGS-PSMSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://links.movavi.com/googleplus/?asrc=socialtab&-TAIL_WITH_ARGS-SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://links.movavi.com/youtube/?asrc=socialtab&-TAIL_WITH_ARGS--WITH_ARGS-zSlideshowMaker.exe, 00000001.00000003.1837801545.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852178597.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1852626571.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1848392672.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1830864474.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://trolltech.com/xml/features/report-start-end-entitySlideshowMaker.exe, 00000001.00000003.1830647359.0000000003C3E000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805981700.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1811248442.0000000003C2F000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1805338785.00000000039B1000.00000004.00000020.00020000.00000000.sdmp, SlideshowMaker.exe, 00000001.00000003.1810317163.0000000003B79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown

                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                      18.66.112.49
                                                                                                                                                                                                                      		db4t5hkfesjuw.cloudfront.netUnited States
                                                                                                                                                                                                                      		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                      172.67.75.65
                                                                                                                                                                                                                      		start.turbo.netUnited States
                                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                      84.16.252.107
                                                                                                                                                                                                                      		lsw-03-balancer.movavi.comGermany
                                                                                                                                                                                                                      		28753LEASEWEB-DE-FRA-10DEfalse

                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                      Analysis ID:1541910
                                                                                                                                                                                                                      Start date and time:2024-10-25 10:03:39 +02:00
                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                      Overall analysis duration:0h 7m 58s
                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                      Number of analysed new started processes analysed:7
                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                      Sample name:Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                      Classification:mal72.evad.winEXE@3/485@4/3
                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.185.174
                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, www.google-analytics.com
                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                      • VT rate limit hit for: Movavi Slideshow Maker 4.exe

                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                      04:04:49API Interceptor3483x Sleep call for process: SlideshowMaker.exe modified

                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      18.66.112.49forumapp.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                        https://ffm.bio/baxter-duryGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          172.67.75.65Database4.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            start.turbo.netDatabase4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 104.26.15.179
                                                                                                                                                                                                                            Database4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 104.26.14.179
                                                                                                                                                                                                                            Database4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            PingPlotter.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.38.175.53
                                                                                                                                                                                                                            3MTDIEabcoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.38.175.53
                                                                                                                                                                                                                            AtlassianPrivateKeyegen.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.38.175.53
                                                                                                                                                                                                                            AtlassianPrivateKeyegen.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.38.175.53
                                                                                                                                                                                                                            AtlassianPrivateKeyegen.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.38.175.53
                                                                                                                                                                                                                            PmsDView.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.38.175.53

                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            MIT-GATEWAYSUSHUyUkUjJ4y.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 19.174.89.180
                                                                                                                                                                                                                            GSVzm51Pg5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.57.8.69
                                                                                                                                                                                                                            3HOhJoCrj5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.30.220.195
                                                                                                                                                                                                                            8DKuAcmAMT.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 19.110.56.154
                                                                                                                                                                                                                            la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 19.115.34.254
                                                                                                                                                                                                                            la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 19.92.230.95
                                                                                                                                                                                                                            la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 19.113.52.55
                                                                                                                                                                                                                            la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 19.196.187.128
                                                                                                                                                                                                                            la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 19.227.203.142
                                                                                                                                                                                                                            LEASEWEB-DE-FRA-10DEhttps://m-apkpure.playvoir.com/ru/maiorders-merchant/maiorders.merchantappGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 178.162.215.162
                                                                                                                                                                                                                            na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 84.16.239.119
                                                                                                                                                                                                                            transferencia.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 91.109.20.161
                                                                                                                                                                                                                            Justificante_01102024.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                            • 91.109.20.161
                                                                                                                                                                                                                            http://steam.csworkshoparts.com/filedetails/sharedfile/ak47-DeadRose/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            • 5.61.42.53
                                                                                                                                                                                                                            Https://25sep26ww.z13.web.core.windows.net/#Get hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                                                                                                                                                                                                            • 217.20.112.104
                                                                                                                                                                                                                            https://telegram-message-8n5.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 217.20.112.104
                                                                                                                                                                                                                            http://two.eagermint.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 217.20.112.104
                                                                                                                                                                                                                            SecuriteInfo.com.Trojan.Inject5.8445.10776.26852.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 37.1.196.35
                                                                                                                                                                                                                            CLOUDFLARENETUSNew_Order_568330_Material_Specifications.exeGet hashmaliciousAgentTesla, MassLogger RAT, Phoenix Stealer, RedLine, SugarDump, XWormBrowse
                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                            OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • 172.67.177.220
                                                                                                                                                                                                                            Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                            Scan_Rev 20220731_PO&OC#88SU7782743882874_PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                            https://t.ly/BavariaFilmGmbH2410Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                                            Quote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                                            runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 162.159.138.232
                                                                                                                                                                                                                            runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 162.159.128.233
                                                                                                                                                                                                                            lUAc7lqa56.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 104.26.0.5

                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            a795593605a13211941d44505b4d1e39Dlabel_PC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            T1SN5sRQjf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            Stremio+4.4.120.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            EXSP 5634 HISP9005 ST MSDS DOKUME74247liniereletOpsistype.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            SecuriteInfo.com.Adware.Downware.19992.19939.5790.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            EBalcao_ysx.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            T220UXIoKO.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            PO%20K22012FA[1].docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            Renommxterne.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            Produccion.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            • 84.16.252.107
                                                                                                                                                                                                                            226999705-124613-sanlccjavap0004-67.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                            • 172.67.75.65
                                                                                                                                                                                                                            • 84.16.252.107

                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\Caches\{29E56104-0FF4-4610-AFFF-60C8A9578E5E}.2.ver0x0000000000000005.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1240
                                                                                                                                                                                                                            Entropy (8bit):3.2437743631987996
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:KYnJYeO2tuj3bYJtCCqqC2hdnCCCqHqql:KgBCYulWCS
                                                                                                                                                                                                                            MD5:A62FBF8AEAC57731FDFA49A91612240D
                                                                                                                                                                                                                            SHA1:A57FF1BB1E05B479D8A72DC97DEF6C13CA076C37
                                                                                                                                                                                                                            SHA-256:BAC16905DBE2C9EED3984C08C432839C7171EAFA368A23872CA09AE80E3D2E46
                                                                                                                                                                                                                            SHA-512:87EC0E85B182EF53D9FBD82803C7FC80B18CBEEBA5C4ABC4D6C12B6D52813AFD62876998B130A9AF9AC98A22F9CCF783570DEE51F871C79B9397D68374291160
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Preview:.....d./....d./....a.)...F..`.W.^....2.e.3.b.e.5.8.e.5.c.b.b.c.0.d.a.0.9.3.9.5.6.b.4.6.a.3.9.0.5.f.1.1.c.f.0.f.5.b.b.f.1.1.9.8.7.a.8.6.1.9.e.2.5.f.7.2.6.1.e.e.8.b.e..... ...8...............................................................................c.u.s.t.o.m...p.r.o.p.d.e.s.c...M.i.c.r.o.s.o.f.t.......O.n.e.N.o.t.e...M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...P.a.g.e.E.d.i.t.H.i.s.t.o.r.y.......M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...T.a.g.g.e.d.N.o.t.e.s.......M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...L.i.n.k.e.d.N.o.t.e.U.r.i...H....................................d.d)..G.6_...a.........Z...................................................................................................................................p.r.o.p.:............................................d.d)..G.6_...a.............................................................................................................................................p.r.o.p.:...............................p...h........d.d)..G.6_...a.....

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\Caches\{46350403-22B3-49CD-8D95-DF6B4AB3D858}.2.ver0x0000000000000005.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1064
                                                                                                                                                                                                                            Entropy (8bit):3.379188988467815
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:185VQkZjnGpXZpO9fOonaMC4fs9posWKC4fsW:1KVQWrGpXZpEfad7cJ7W
                                                                                                                                                                                                                            MD5:35A0FD4ED2D47E865D6BBC8690ED5E30
                                                                                                                                                                                                                            SHA1:480A6A966017E996D18EFF9CC99F77661DAA919D
                                                                                                                                                                                                                            SHA-256:F3277334FCB03497672815B3D577A3B29CC81EBB4A92FC185B7561545ADC9C7D
                                                                                                                                                                                                                            SHA-512:6B38014E84C9B3BE2CCA2DA1C8E0EC837E84BCEB56C3B52BD88DE8B3F742BD30098E47B94B60A915C76F3717BFDE23531F79F9396B461F0570CBF8AE6C28F6BD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Preview:.....d./....d./.....5F.".I...kJ..X....8.e.2.b.3.7.6.8.6.c.d.d.b.e.e.6.f.7.0.8.e.8.8.9.8.0.1.9.8.5.a.c.1.9.3.a.3.d.6.9.8.c.a.4.6.3.5.3.4.d.9.f.3.c.0.1.7.8.4.0.6.1.f.b.....0...H............................................................... .......(.......v.i.s.i.o.c.u.s.t.o.m...p.r.o.p.d.e.s.c.........M.i.c.r.o.s.o.f.t.......V.i.s.i.o.......M.i.c.r.o.s.o.f.t...V.i.s.i.o...M.a.s.t.e.r.s.K.e.y.w.o.r.d.s...M.i.c.r.o.s.o.f.t...V.i.s.i.o...M.a.s.t.e.r.s.D.e.t.a.i.l.s.....X...................................r.y..qHC..)+..gp....................................................................................................................................M.a.s.t.e.r.s. .K.e.y.w.o.r.d.s. .(.d.e.b.u.g.).................p.r.o.p.:...........................................r.y..qHC..)+..gp....................................................................................................................................M.a.s.t.e.r.s. .K.e.y.w.o.r.d.s. .(.d.e.b.u.g.).................p.r.o.p.:.......

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):296856
                                                                                                                                                                                                                            Entropy (8bit):3.7215863854524294
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:Ex8K0D3uhiu6w2PKMF1T7TR42JwtmS9Skm:JTR42Jzk
                                                                                                                                                                                                                            MD5:96A6A3E595DDE135673C4CC491F4828B
                                                                                                                                                                                                                            SHA1:9A0A4F29A5C45D1FC75AD6FD40D06A7FE9255D19
                                                                                                                                                                                                                            SHA-256:17C5E41C154DC9D37B9A6B7B7E46D54C2241F74BF34985B5B73FA892CAE78A36
                                                                                                                                                                                                                            SHA-512:82874BD58F5CCC61FA73B9E1428DCC961364B74ECE6D43992AFFEBA3930C71548A3F57099586586BF66F19D11C9055299A45544A054B61CD5EC74AF8ECF873C3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.....d./....d./...............Z.......Z...X|..........w.i.n.d.o.w.s.p.r.o.p.e.r.t.y.d.e.s.c.r.i.p.t.i.o.n.s...M.i.c.r.o.s.o.f.t.......W.i.n.d.o.w.s...c.u.s.t.o.m...p.r.o.p.d.e.s.c...M.i.c.r.o.s.o.f.t.......O.n.e.N.o.t.e...c.u.s.t.o.m...p.r.o.p.d.e.s.c...M.i.c.r.o.s.o.f.t.......O.n.e.N.o.t.e...v.i.s.i.o.c.u.s.t.o.m...p.r.o.p.d.e.s.c.........M.i.c.r.o.s.o.f.t.......V.i.s.i.o.......v.i.s.i.o.c.u.s.t.o.m...p.r.o.p.d.e.s.c.........M.i.c.r.o.s.o.f.t.......V.i.s.i.o........q...mB....9...8...b.b.6.e.a.9.8.3.f.c.5.8.3.c.3.d.9.d.7.1.2.8.0.b.6.9.d.6.0.3.6.4.0.f.2.c.a.6.c.4.2.b.8.8.8.e.8.9.4.e.f.5.6.3.6.2.9.2.e.c.a.2.7.e...|tp............a.)...F..`.W.^....2.e.3.b.e.5.8.e.5.c.b.b.c.0.d.a.0.9.3.9.5.6.b.4.6.a.3.9.0.5.f.1.1.c.f.0.f.5.b.b.f.1.1.9.8.7.a.8.6.1.9.e.2.5.f.7.2.6.1.e.e.8.b.e.......................A.o..8.n.....2.e.3.b.e.5.8.e.5.c.b.b.c.0.d.a.0.9.3.9.5.6.b.4.6.a.3.9.0.5.f.1.1.c.f.0.f.5.b.b.f.1.1.9.8.7.a.8.6.1.9.e.2.5.f.7.2.6.1.e.e.8.b.e...................5F.".I...kJ..X(...8.e.2.b.3.7.6.8.

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\Caches\{D0A4FF55-37CF-46CD-9E40-1A82D5EEBDF6}.2.ver0x0000000000000005.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1064
                                                                                                                                                                                                                            Entropy (8bit):3.3836015916085955
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:W4z5VQkZjnGpXZpO9fOonaMC4fs9posWKC4fsW:fVQWrGpXZpEfad7cJ7W
                                                                                                                                                                                                                            MD5:CE52F4B0411CFEF4B287F85937661A4C
                                                                                                                                                                                                                            SHA1:D99AE7CA016806BEC309B2D3F1FB9D483D2E6E56
                                                                                                                                                                                                                            SHA-256:C8BF801B27DF246222B76B69BA164BD007C3671B9144ADCE7AD81CCD6E46E569
                                                                                                                                                                                                                            SHA-512:31A423DC1EBA5D1302CB679C00669D21D67D302C43949AF408AE37B82BF6C29821ACD47ED29DB27E0D143A71736D429310E704F9E81EF1EB15216097FF82EBAF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.....d./....d./...U....7.F.@.........8.e.2.b.3.7.6.8.6.c.d.d.b.e.e.6.f.7.0.8.e.8.8.9.8.0.1.9.8.5.a.c.1.9.3.a.3.d.6.9.8.c.a.4.6.3.5.3.4.d.9.f.3.c.0.1.7.8.4.0.6.1.f.b.....0...H............................................................... .......(.......v.i.s.i.o.c.u.s.t.o.m...p.r.o.p.d.e.s.c.........M.i.c.r.o.s.o.f.t.......V.i.s.i.o.......M.i.c.r.o.s.o.f.t...V.i.s.i.o...M.a.s.t.e.r.s.K.e.y.w.o.r.d.s...M.i.c.r.o.s.o.f.t...V.i.s.i.o...M.a.s.t.e.r.s.D.e.t.a.i.l.s.....X...................................r.y..qHC..)+..gp....................................................................................................................................M.a.s.t.e.r.s. .K.e.y.w.o.r.d.s. .(.d.e.b.u.g.).................p.r.o.p.:...........................................r.y..qHC..)+..gp....................................................................................................................................M.a.s.t.e.r.s. .K.e.y.w.o.r.d.s. .(.d.e.b.u.g.).................p.r.o.p.:.......

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\Caches\{D80AA597-BE91-4112-BB6F-159038E46ED1}.2.ver0x0000000000000005.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1240
                                                                                                                                                                                                                            Entropy (8bit):3.2507121604627143
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:VKYnJYeO2tuj3bYJtCCqqC2hdnCCCqHqql:sgBCYulWCS
                                                                                                                                                                                                                            MD5:0EA13495930D635C62541A3A1E7F6763
                                                                                                                                                                                                                            SHA1:45791527B151A1D3E76E6884CA5AC7CBBC38034F
                                                                                                                                                                                                                            SHA-256:405713008B0EF26B93BDD84B8799AE3C36CA4FCE6511ACD647B6869074D6448E
                                                                                                                                                                                                                            SHA-512:E0ED04B7035F8871BD1218283AFF3C0BEC9947F45865C606A7F3EBEDB13F9171D267C547290C47D0C670549EBE1B5471FDAF9910C5D0895DE114572846321EB2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.....d./....d./.........A.o..8.n.....2.e.3.b.e.5.8.e.5.c.b.b.c.0.d.a.0.9.3.9.5.6.b.4.6.a.3.9.0.5.f.1.1.c.f.0.f.5.b.b.f.1.1.9.8.7.a.8.6.1.9.e.2.5.f.7.2.6.1.e.e.8.b.e..... ...8...............................................................................c.u.s.t.o.m...p.r.o.p.d.e.s.c...M.i.c.r.o.s.o.f.t.......O.n.e.N.o.t.e...M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...P.a.g.e.E.d.i.t.H.i.s.t.o.r.y.......M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...T.a.g.g.e.d.N.o.t.e.s.......M.i.c.r.o.s.o.f.t...O.n.e.N.o.t.e...L.i.n.k.e.d.N.o.t.e.U.r.i...H....................................d.d)..G.6_...a.........Z...................................................................................................................................p.r.o.p.:............................................d.d)..G.6_...a.............................................................................................................................................p.r.o.p.:...............................p...h........d.d)..G.6_...a.....

                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):637856
                                                                                                                                                                                                                            Entropy (8bit):3.5915833029306348
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:CiccV79+qXMDXLxvSwDzaTDCJs/ReehN6XcIiycb78x/u6PJoyBHH7Z7Rz97Tx:CaTDCJeSP/u6PBzr
                                                                                                                                                                                                                            MD5:1A22277938B46E8F70B93AC2D8DC5A4A
                                                                                                                                                                                                                            SHA1:E0C2DE41994BBA33C70625B7A395C3B057E402B7
                                                                                                                                                                                                                            SHA-256:2FDB8AD6E9CEFF5BBBD28464D3B32B5D10ADD6C26AE89D5514E0D80DCDD8875F
                                                                                                                                                                                                                            SHA-512:82FE21D6E946C24449F3E20E6455441E2D2FBA1E9DA9D9FDCF0C25542547B5DDE40C1296EF41FE33B65A5D80DB2F49E2DA4295F7DF1CA002ACA039BA62C0606B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.....d./....d./....q...mB....9.......b.b.6.e.a.9.8.3.f.c.5.8.3.c.3.d.9.d.7.1.2.8.0.b.6.9.d.6.0.3.6.4.0.f.2.c.a.6.c.4.2.b.8.8.8.e.8.9.4.e.f.5.6.3.6.2.9.2.e.c.a.2.7.e.....8...P........`..Z....z..Z...p...Z.............A.............U...@.......P.......w.i.n.d.o.w.s.p.r.o.p.e.r.t.y.d.e.s.c.r.i.p.t.i.o.n.s...M.i.c.r.o.s.o.f.t.......W.i.n.d.o.w.s...S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.c.c.o.u.n.t.I.d.......S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.c.t.i.v.i.t.y.I.d.....S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.p.p.D.i.s.p.l.a.y.N.a.m.e.....S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.p.p.I.m.a.g.e.U.r.i...S.y.s.t.e.m...A.c.t.i.v.i.t.y...A.t.t.r.i.b.u.t.i.o.n.N.a.m.e...S.y.s.t.e.m...A.c.t.i.v.i.t.y...B.a.c.k.g.r.o.u.n.d.C.o.l.o.r...S.y.s.t.e.m...A.c.t.i.v.i.t.y...C.o.n.t.e.n.t.I.m.a.g.e.U.r.i...S.y.s.t.e.m...A.c.t.i.v.i.t.y...C.o.n.t.e.n.t.U.r.i.....S.y.s.t.e.m...A.c.t.i.v.i.t.y...C.o.n.t.e.n.t.V.i.s.u.a.l.P.r.o.p.e.r.t.i.e.s.H.a.s.h...S.y.s.t.e.m...A.c.t.i.v.i.t.y...D.e.s.c.r.i.p.t.i.o.n...S.y.s.t.e.m...A.c.t.i.v.

                                                                                                                                                                                                                            C:\ProgramData\mntemp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                            Entropy (8bit):4.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:9ofGBG:eT
                                                                                                                                                                                                                            MD5:F5FD87AAFDDA202709631E69E6DF58EB
                                                                                                                                                                                                                            SHA1:43370822AA39F8BCA6C121421DDED791B47B9866
                                                                                                                                                                                                                            SHA-256:A5B1C5A3DCBF8E3296364BF10E22D4D3210C1BC05F1BDB6A2FEF44D6D2477214
                                                                                                                                                                                                                            SHA-512:9D6419B28DAFCE9E0B5F3B29D5306AA21D6191D798D1054CD139B8EA8752489413595225132BD94AAD4E1AEF347FEB888A4352A30E18E7B1470535B2AB6E3C5E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:...z......b.d..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):49120
                                                                                                                                                                                                                            Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Ztt:T
                                                                                                                                                                                                                            MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                                            SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                                            SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                                            SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\it[1].png

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PNG image data, 800 x 450, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):38149
                                                                                                                                                                                                                            Entropy (8bit):7.963301442077117
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:bsauU9Aeejv7dq6bMtjjN1/6xZGK7pHb+grKS:b8U9aZDSjjTCxZXpHb+g7
                                                                                                                                                                                                                            MD5:697D3B9663340D6E6B986B6554860060
                                                                                                                                                                                                                            SHA1:359C6E76D8B8114D34ED92066176AA55E696A41D
                                                                                                                                                                                                                            SHA-256:7F996D93C412A60C4DF547EB3AACDD3BF4C750661571BF6AADDD9197DBAA397A
                                                                                                                                                                                                                            SHA-512:7AB839DA3CDCA95CF5AA3D04BC13E30CCB84F5AD271E56B9E7FD474FD6BC5AA680E3B6F1CB2ED349C39EC9CD4426E97C2F99352461C53886CBD4F8C485A0F694
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.PNG........IHDR... ......... .].....PLTE^y.......To.^y.`x....|..Yt.^y.Qn....c~.......x..n..f..[w.q..k.....u..Vr.`x.............`z....Wr.t..a|._z.i.._{.............r..z..]x.................Tk.......C_.]y..............dz......... !..._y....)++.......%((...Nj.......-//...689!$%...w..ACD...045...`y.Ie.;>?...KOP......DIJSn.&#$PSTZj.Kh.Vl...............lln.........]^`{.....dde...YXY...............m.......LJK...........530...s|....ttv.........|{}.2.......bgn....,.iq{A<9......Oo........y..8............UROKFA.<....Ol.J.......\.}............0=.?T."*.l..B..[....hT@P[a{hT.|i..~.(..8....;ct..u)..mPD..fw.V..b}..X2...m<+.........U......"..BH.....u.....o.n(h..`Xx7o....u...n(....r.........A.o..vk.<W(.P..q.}I...x.............fm.BY..H...r..(....8.........Z...[......{..S. H....N[......}<....IDATx.....@..`!w..a.1iU..Bj.H.:.....$.R..+oa..U ..Vy.<..W.Gp......[......3..xc.2?GGY...m..~...\..?.......C.d<.........t......uT@6.z....Lt8...d..d.e..T@|.......,....6 >.%...7.l.~..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\analytics[1].js

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2343)
                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                            Size (bytes):52916
                                                                                                                                                                                                                            Entropy (8bit):5.51283890397623
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
                                                                                                                                                                                                                            MD5:575B5480531DA4D14E7453E2016FE0BC
                                                                                                                                                                                                                            SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                                                                                                                                                                                                                            SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                                                                                                                                                                                                                            SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\btn_close_it[1].png

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PNG image data, 292 x 39, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10564
                                                                                                                                                                                                                            Entropy (8bit):7.960249674925786
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:najTRbB+D3ClKj9+AX0n0aJVvF9BQwvkbtngorJLryzY13SMo:naNB8bE0aJ1FIwvk2sOYxSJ
                                                                                                                                                                                                                            MD5:A486B43DD1E8543CF1EDBCF5111A8969
                                                                                                                                                                                                                            SHA1:DB1E5DA939653D5CDE8600D43BE4EFE9911CB364
                                                                                                                                                                                                                            SHA-256:EEB3783329F1D0CF7B26453791CF25601648F8650B8914121F2CA64998BF8460
                                                                                                                                                                                                                            SHA-512:984599910391573F043D955D350E32C10C3CDA7D3C135363F424FC47DBA9986E2425EB3E108ED59086D7B2B454FF0185C090D4AD4F0F0F1909C0001E73DB64DE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.PNG........IHDR...$...'.....)x......sRGB.........gAMA......a.....pHYs...........~.....tEXtSoftware.Paint.NET v3.5.100.r...(.IDATx^..{[7...'.s..$N...e.FuQ,j....D..^\.dK6.%.|.8/.3G.#jK...L.9.......%S..{//s............./......in.,.}..<Km.R.v...s.3.gu.........s.e.p..(.7|.Y..!......Y....8.yZ.0.}.d.d..{_H0..}../.n..<..W.._.......B~..N.n>7.m_d...2..|..S........".{Q.yU.{m........d...k|T?..7.F:.'.Mz.4..m..M..g.N.....>ez.8.rT........UZ.e.;..H.2.n[)]z....Z........S../.......3..S..d..../(..6...L.#.6N.5<U....{...V...G..S.,n..n..l.LoT.D.........Mm.f&5I...iv._=./.'*.#...'s...B....3J4..U.H.-=.[M]......n..v.,....k..r]...8..{..."V~.|.I...9 ....YG.()D.)...._oy.".s^.}I...+r.;.L._...+....../.!V~....O.rt...,.F..c.....lN.N../KO^..|G......N.U..9.$.O.+...,.K......<...gvfR[..&.0.......*.y}.5...]...f.Hn...M.Tzk:....L'+s..Hq/V~._z.....w./....]9.f}...=s...Z;K...$0y.R......s.s.pv}&.:..}.7....lrc>..+=..Y....OR..5s..n.f6O(.;/.....S...;...E..+'&..."..Hnd"...}....g....?..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\get_nag[1].htm

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (486), with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3822
                                                                                                                                                                                                                            Entropy (8bit):5.1565435257161605
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:jmMq1kpdJ+7iJwcjL1l9udL3xpmtI+9e04BC/S0OGauVPTdXUe1vLWuNwjX5:3ILXMLuLhp/+9erg/S0OqdXxKp
                                                                                                                                                                                                                            MD5:E3E4D14661CEA4DEDA62B6DC55941B0A
                                                                                                                                                                                                                            SHA1:9278B408BEA9A6A47059386174A6104544D88AAD
                                                                                                                                                                                                                            SHA-256:B4CAF792EEC5D67ED206F1439486635E42097F9B047819023A1929293477E254
                                                                                                                                                                                                                            SHA-512:8753D6D4DE2E5B7B9F37FD9AAFC136AACECF6BF2F56D8DB560A22B8FF82F8177DCBFDC5A4081AA88958424B137A824846731DD0B202B88C7BECE3032E28A9238
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".."http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.. <title>Do more with your video!</title>.... <link rel="stylesheet" type="text/css" href="http://img.movavi.com/webnagscreens/crossale_suite/style.css" />.... <script type="text/javascript">.. window.external.OnSetSize(800,450);.. </script>..<script>(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-92617-2', 'auto');ga('require', 'displayfeatures');</script></head>....<body scroll="no">.. <div id="nag_container" class="container it">.. <div id="nag_top" cl

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\style[1].css

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5877
                                                                                                                                                                                                                            Entropy (8bit):5.1096170404760715
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:ntAFRUfWuB9D92vHzOK5AJMwxKJTpKiAopiCVfTx3GZl8NQVSG:ntAFRUfWuB9D92vTOKePKvU
                                                                                                                                                                                                                            MD5:F1759A3A2E4A1322EDFAD7386BEB3A9E
                                                                                                                                                                                                                            SHA1:D7CAB8B1471DAA04B67F4021ECE1BD39A882907A
                                                                                                                                                                                                                            SHA-256:CEE6DF3B8FAB1DB37A06F37244546981F7F75415B8612415198B6FEA2C26F80E
                                                                                                                                                                                                                            SHA-512:1F281CE601998F8BF0886A18AC6D22E44E2A003E24B8A15C73492FF57C8B8AA66E8FB8FCD8643AA6306C1F7CF98EEC34361A1FA87C63743D5095833D0306B23B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:/*.That is a main css file for crossale suite */..* {..margin: 0px;..padding: 0px;.}.:focus {.outline: none;.}..body {..overflow: hidden;..font-family: Arial, sans-serif;.}...container {..width: 800px;..height: 450px;..background: #b9cbe1 url('en.png') no-repeat;.}..container.de {..background: #b9cbe1 url('de.png') no-repeat;.}..container.ru{..background: #b9cbe1 url('ru.png') no-repeat;.}..container.es{..background: #b9cbe1 url('es.png') no-repeat;.}..container.fr {..background: #b9cbe1 url('fr.png') no-repeat;.}..container.it {..background: #b9cbe1 url('it.png') no-repeat;.}..container.jp {..background: #b9cbe1 url('jp.png') no-repeat;.}..container.nl{..background: #b9cbe1 url('nl.png') no-repeat;.}..container.pl {..background: #b9cbe1 url('pl.png') no-repeat;.}..container.pt {..background: #b9cbe1 url('pt.png') no-repeat;.}..container.tr {..background: #b9cbe1 url('tr.png') no-repeat;.}..container.cn {..background: #b9cbe1 url('ch.png') no-repeat;.}..container.kr {..background: #b9c

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\btn_buy_it[1].png

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PNG image data, 292 x 39, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):18237
                                                                                                                                                                                                                            Entropy (8bit):7.983032160936168
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:XEG5BfrEAfId0741uLJfaKYUw+yyB3ZbhKarcFERhW9:Nb4Ddvu0U9/3ZsdN
                                                                                                                                                                                                                            MD5:FC2597C59C8C818796B58A044BA05BE1
                                                                                                                                                                                                                            SHA1:876E95B8AE4DDCF8422905495E02E7FBD2662503
                                                                                                                                                                                                                            SHA-256:AAC17A193A4E8D0E16200E9A510077B5DB14D76317815A8CAEE41F1064C708D5
                                                                                                                                                                                                                            SHA-512:8FC093D566C7B6A4C5D4E6D7F4E3E7070A426816EA599AFC1356EB866A76D5CB8EF3D34A060B7E3645D9CE930065E664F1835E6C5E0FA13564F592FE9F173F29
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.PNG........IHDR...$...'.....)x......sRGB.........gAMA......a.....pHYs...........~.....tEXtSoftware.Paint.NET v3.5.100.r...F.IDATx^.w../...{..$....").)..3@...H..T..(Jr..k..k........V^K".. .af.19.NU]].g..[.KA.d..s....wpzznwUW.......vw.}.........X.'.....$..'.zB..+...nw.[......p.+.1>.0\].....G..6W.......zc .....'.p.:....0..g...`.} ......m..6w..`..p..B.7...i.;.C.#1h...c| &..u...Otz.o........A..6w.......l.m0...^....-.....5..p%...G/....J..Mt....|..0.].I.. .....u..#.=.s...o....pk_............`....z......P..}..<Pz .5...4..../.'.....s.B..{..})X......{...9O...(...u......$xH..v.F..F`../.v5..o..[...]8...9s'.R@......~.yW.<.......w.......c.....L...t...=..Ca`.[.y.....YW...B..b......e;!....'.f....P...X}n.8...J../x....e..[.c...w.v..u0.Y..5...pgo..h.$:{a..0w\.o.....stK..._t..o]n_.P..7.2...o.Az.k..@>.-]t....y..1n...tko..'...{(..........\_./.....Nw..7.54q:>.]....Lp.+.s..W.s=q...........A.tE..[.p.........[.1^...o...3.Ia.u ..N.z2..v......F"|.o..[...7..u.'!

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Movavi\Logs\SlideshowCreator4\SlideshowMaker.user.ERROR.20241025-040455.404

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):307
                                                                                                                                                                                                                            Entropy (8bit):5.12009801954303
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:k2kxOMYDCE1f1JHIWCjR9OMRM2tW0oSczKCqVtpEznDt5UYDDzfnO:fkoZvIWU8MbpoSJEl5J3fO
                                                                                                                                                                                                                            MD5:FAD22E4B85069CC09690D57F1742C5BF
                                                                                                                                                                                                                            SHA1:00592C21B1D3547DD9332F2750C457AB3511F075
                                                                                                                                                                                                                            SHA-256:C359F703F018DFE3A90C481C2720189E399513C7A078C520367E9CD208CAAE8B
                                                                                                                                                                                                                            SHA-512:3E5830258474BA85DE338FA24FF8124246DF889F991C70FB5464231DA2922F9E4426DEE12F7D3678F2A525F150AC23FC5C8988403C7B516A64D71E96B2E5ED16
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Log file created at: 2024/10/25 04:04:55..Running on machine: 116938..Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg..E1025 04:04:55.648097 5332 OpenglInitializer.cpp:331] Failed to initialize OpenGL. Reason='OglManager::GetOglVersion() returned unsupported version'. Failure count=0..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Movavi\Logs\SlideshowCreator4\SlideshowMaker.user.INFO.20241025-040445.404

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (357), with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):16729
                                                                                                                                                                                                                            Entropy (8bit):5.312520608788563
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:ygF85EKVAMhQc+5jCBfNGI3aI3Z4qswDil9rvfcvgzcSbXz1o2j:vd+a+KqTD89zfssN
                                                                                                                                                                                                                            MD5:4F3856EA511BA9CBE9F6FC6C2F006CCC
                                                                                                                                                                                                                            SHA1:E59ADF94FE4B59EBF2D7CD4BC4C99816DCC0A8E1
                                                                                                                                                                                                                            SHA-256:2718579C18231A1DA0CFAEC86F98CF8103E501990D3E0000AB8623D6EC698B4D
                                                                                                                                                                                                                            SHA-512:8559037BFBDE6770458B8B30BFB480A34DE6FD41E3D1424863DA1F8625EF5727174CF4C8ECD25AC6947A1FCE0E07B12823D36C24687C7527A635D4BC53350949
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Log file created at: 2024/10/25 04:04:45..Running on machine: 116938..Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg..I1025 04:04:45.007478 5332 Application.cpp:613] Product Version: 4.1.0..I1025 04:04:45.007478 5332 Application.cpp:616] FFmpeg version: 3.3~6..I1025 04:04:45.007478 5332 Application.cpp:616] Build commit: d0bcf25..I1025 04:04:48.804345 5332 Application.cpp:649] Activation status: Activated..I1025 04:04:52.351218 5332 WebContent.cpp:65] Load started: mode = activated, action = app_close, url = https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32711&os=win&act_key=..I1025 04:04:52.366842 5332 WebContent.cpp:65] Load started: mode = activated, action = app_start, url = https://mip2.movavi.com/get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activa

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Movavi\Logs\SlideshowCreator4\SlideshowMaker.user.WARNING.20241025-040454.404

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):816
                                                                                                                                                                                                                            Entropy (8bit):5.228460202930295
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:92QWO8QOvg+Aho8fvg+AGk8zMvg+AGk8zMvg+AG+8MpoWkJ3fO:9MQOY+CfY+3BzMY+3BzMY+33MpoR3fO
                                                                                                                                                                                                                            MD5:BB2CA87255A49FF039FFC7CD17AC9708
                                                                                                                                                                                                                            SHA1:4C07FEE08CF9E729A81F41B4DB191A80AEFD0849
                                                                                                                                                                                                                            SHA-256:B18BD000E473C4A96DF5C2D86C53DA6B34E2FA06D25F2A4F97D2B9017F40431E
                                                                                                                                                                                                                            SHA-512:46FC97B78ED8B98B2E3C583A174DA93472C842D21286991CA8A574052D2FFCB29263A41FC77D0CD1B5DD1143F068890F37DFC9CEAC771E7E68B9EC8BBD8151E8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Log file created at: 2024/10/25 04:04:54..Running on machine: 116938..Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg..W1025 04:04:54.835603 5852 CodecHelper.cpp:204] No transform found (MF has returned zero transforms) for {00007362-0000-0010-8000-00aa00389b71}..W1025 04:04:54.898099 5852 CodecHelper.cpp:204] No transform found (MF has returned zero transforms) for CODEC_ID_H265..W1025 04:04:55.351220 5852 CodecHelper.cpp:204] No transform found (MF has returned zero transforms) for CODEC_ID_H265..W1025 04:04:55.351220 5852 CodecHelper.cpp:204] No transform found (MF has returned zero transforms) for CODEC_ID_H265..E1025 04:04:55.648097 5332 OpenglInitializer.cpp:331] Failed to initialize OpenGL. Reason='OglManager::GetOglVersion() returned unsupported version'. Failure count=0..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\SlideshowMaker\Movavi\slideshowcreator 4.1.0\SlideshowMaker.ini (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):37
                                                                                                                                                                                                                            Entropy (8bit):3.8036151918180443
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:1EnR3pVtn:1sRrt
                                                                                                                                                                                                                            MD5:60A4FAB9AC507D08B09DAC4F2C0AC213
                                                                                                                                                                                                                            SHA1:FECE7725A524720C85F26D312DCA8103571417D8
                                                                                                                                                                                                                            SHA-256:601FE48BA1FBE4AD2B1B8F773485D649BD279A640DA4896B2DE5D1254FDA9479
                                                                                                                                                                                                                            SHA-512:AAAE0C2058F814BF3B9CE216C9D7E67A99EE8F43AC7955027DC359862D1A1F594F678A598E8333BF6E407ACEC2FD11B876441ADAEDA3015A24DF0053F54D00EA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:[General]..404=241025-040444-103121..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\SlideshowMaker\Movavi\slideshowcreator 4.1.0\SlideshowMaker.ini.Hmp404

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):37
                                                                                                                                                                                                                            Entropy (8bit):3.8036151918180443
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:1EnR3pVtn:1sRrt
                                                                                                                                                                                                                            MD5:60A4FAB9AC507D08B09DAC4F2C0AC213
                                                                                                                                                                                                                            SHA1:FECE7725A524720C85F26D312DCA8103571417D8
                                                                                                                                                                                                                            SHA-256:601FE48BA1FBE4AD2B1B8F773485D649BD279A640DA4896B2DE5D1254FDA9479
                                                                                                                                                                                                                            SHA-512:AAAE0C2058F814BF3B9CE216C9D7E67A99EE8F43AC7955027DC359862D1A1F594F678A598E8333BF6E407ACEC2FD11B876441ADAEDA3015A24DF0053F54D00EA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:[General]..404=241025-040444-103121..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\SlideshowMaker\Movavi\slideshowcreator 4.1.0\SlideshowMaker.ini.lock

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):28
                                                                                                                                                                                                                            Entropy (8bit):4.423251796980336
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:p2yvyrg2n:p2yl2n
                                                                                                                                                                                                                            MD5:937DBA9091FE6B1CEB804CF6A247E432
                                                                                                                                                                                                                            SHA1:FFEC29D9F397DE18FF0C9E6E819602B02E3BDD12
                                                                                                                                                                                                                            SHA-256:265C1E2DA00F5CDEF830C50E29D4D684D685C55801F2337D7A8D11F76A27CB5C
                                                                                                                                                                                                                            SHA-512:CAE3D0D078CDF247532408E499B3D0466B32523FB4FA361C6F6C5ED4FC8E385D585E76497675CB894A0111E021A5363B618E5CB8B17264B53B31D3CD0C78DBCF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:404.SlideshowMaker.user-PC.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\shallow\icons.ttf_0x0602541849C19734D8FE4B0357EF96AD.ttf

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:TrueType Font data, 16 tables, 1st "FFTM", 18 names, Macintosh
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):17372
                                                                                                                                                                                                                            Entropy (8bit):6.495131950326858
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:GIt1+g9anyxdW0bfQOHib4pD7CpbiAK8Di7TZDIc5DXR:GItJjdW0bfQSpp2bvuygDXR
                                                                                                                                                                                                                            MD5:0602541849C19734D8FE4B0357EF96AD
                                                                                                                                                                                                                            SHA1:F8059C6F4D69F99BEDE1953DD8E092D09A2A58BC
                                                                                                                                                                                                                            SHA-256:BC9A94815F9FBDAAC280F0793BF10EE347262EAF99F869BC1027E61C7DCD5BB8
                                                                                                                                                                                                                            SHA-512:0A07486F4D34CC3A3F1AF71F4C99DD12DD230CC36690DBA5A4A3B1002D1F5F8D20007D0AF43878C680824F47950BE9E4BA2A89FDA2227A3E9EC9670126FB5295
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:............FFTMp.^...C.....GDEF.r....C.... OS/2|$IB.......Vcmap%..........Rcvt .......4....fpgm...Y...H...pgasp......C.....glyf..r9......,Phead...".......6hhea.......D...$hmtx.7.i........loca].h....@....maxp.......h... namexUb6..=....<post...2..@X...>prep.k.........{........q..._.<..........,.......,.....U./.h.................R.j.Z./...../.................D.....E...............s...4.#.......\.......z.......z.......1..............................PfEd.@%..@.R.j.Z.i.....................M.......Y...Y...Y......./...Y...........Y...Y...Y...Y...;...;...e.$.e...Y...Y...Y...Y...Y...Y...Y...Y.......;...................................Y...Y...Y.......Y.........../...Y...Y...Y...Y...Y.......Y.../...........................................Y.....................................L...........0............%..@......%.............................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ASSWrapper.dll\ASSWrapper.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\AccelerationTracker.dll\AccelerationTracker.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\AppUtil.dll\AppUtil.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Application.dll\Application.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\AudioRendererSDL.dll\AudioRendererSDL.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\BeatDetection.dll\BeatDetection.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\BitStreamFilterFF.dll\BitStreamFilterFF.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CaptureAVCHD.dll\CaptureAVCHD.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CaptureDShow.dll\CaptureDShow.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CaptureFactory.dll\CaptureFactory.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CaptureUtil.dll\CaptureUtil.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CaptureUtilInt.dll\CaptureUtilInt.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CharsetRecode.dll\CharsetRecode.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ClientAPI.dll\ClientAPI.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CodecFactory.dll\CodecFactory.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CodecPolicyController.dll\CodecPolicyController.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ComputingResourceManager.dll\ComputingResourceManager.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ConfInt.dll\ConfInt.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Converters.dll\Converters.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CoreApp.dll\CoreApp.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CoreInt.dll\CoreInt.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CoreLocalization.dll\CoreLocalization.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CoreManager.dll\CoreManager.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CoreTime.dll\CoreTime.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CoreTracker.dll\CoreTracker.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CrashHandler.dll\CrashHandler.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CrashSenderWrapper.dll\CrashSenderWrapper.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\CudaManager.dll\CudaManager.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\D3D11Core.dll\D3D11Core.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\D3D9Core.dll\D3D9Core.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\DataBridge.dll\DataBridge.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\DataHelpers.dll\DataHelpers.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\DecoderMF.dll\DecoderMF.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\DecoderRAW.dll\DecoderRAW.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\DecodersFF.dll\DecodersFF.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Demuxers.dll\Demuxers.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\DesktopNotification.dll\DesktopNotification.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditingScene.dll\EditingScene.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorEffects.dll\EditorEffects.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorImports.dll\EditorImports.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorLogic.dll\EditorLogic.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorModel.dll\EditorModel.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorModule.dll\EditorModule.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorOverlays.dll\EditorOverlays.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorSerialization.dll\EditorSerialization.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorTransitions.dll\EditorTransitions.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorUtil.dll\EditorUtil.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EditorView.dll\EditorView.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EffectFactory.dll\EffectFactory.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Effects.dll\Effects.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EffectsFF.dll\EffectsFF.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EffectsOgl.dll\EffectsOgl.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EffectsSpecial.dll\EffectsSpecial.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EncoderCUDA.dll\EncoderCUDA.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EncoderIM.dll\EncoderIM.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EncoderLossless.dll\EncoderLossless.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EncoderMF.dll\EncoderMF.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EncoderNVENC.dll\EncoderNVENC.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\EncodersFF.dll\EncodersFF.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ExivMetadata.dll\ExivMetadata.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\FFWrapper.dll\FFWrapper.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\FilmMaker.dll\FilmMaker.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\FilterFactory.dll\FilterFactory.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Filters.dll\Filters.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\FiltersFF.dll\FiltersFF.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\FiltersOgl.dll\FiltersOgl.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\FiltersSpeex.dll\FiltersSpeex.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\GeneralMovaviTrackerWrapper.dll\GeneralMovaviTrackerWrapper.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\GeneralPlugin.dll\GeneralPlugin.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\GraphicsDecoration.dll\GraphicsDecoration.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\GraphicsFramework.dll\GraphicsFramework.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\GraphicsSvg.dll\GraphicsSvg.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\IMCore.dll\IMCore.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MFWrapper.dll\MFWrapper.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MQtDownloadManager.dll\MQtDownloadManager.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MQtMediaUi.dll\MQtMediaUi.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MQtMediaUtil.dll\MQtMediaUtil.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MQtUi.dll\MQtUi.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MQtUtil.dll\MQtUtil.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MagnetizeTools.dll\MagnetizeTools.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ASSWrapper.dll_0x9c87be1b0da41f7e00177872e117bde6.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\AccelerationTracker.dll_0x17d8a573293bae812c917cec0a682d26.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\AppUtil.dll_0x6d254b98c3313f4b7dc9bd0007559c52.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Application.dll_0x1b46f1bffa7eb06502de924891f9b4bf.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\AudioRendererSDL.dll_0x6940628eda835e7d627861574d737d8c.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\BeatDetection.dll_0xa073caf27a23524f0881ae6bbe24eb48.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\BitStreamFilterFF.dll_0xe4d5704c43e20ab6c9d13167d3c9c96f.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CaptureAVCHD.dll_0x149310ec883df492772ff2f696b6e45d.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CaptureDShow.dll_0xb25714d637f4a07a8eafec18c1b7a975.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CaptureFactory.dll_0xe650c38d05f71e2f45f2bd4de0c5afbb.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CaptureUtil.dll_0xa9e65ac62165bc41cf047cc1a9ba11a6.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CaptureUtilInt.dll_0x86ac148c66a7f1038392b36a81fee2ae.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CharsetRecode.dll_0xfcfadef434f1ed77f9d4a3c6c35ca0c2.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ClientAPI.dll_0x5ffb30e2b0a0264b496fbb554e2d3136.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CodecFactory.dll_0x6f6dd1f7b2a8e059769293c275b669a8.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CodecPolicyController.dll_0xb790761ceacb68fee1d17b91a190527d.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ComputingResourceManager.dll_0x82dd3a083b1ea1f3e449ab11f18abd3e.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ConfInt.dll_0x4cde04ab03af7bfc1f65bc19470b62af.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Converters.dll_0x8f3321c68fec3057e8ffd8b4494a5bff.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CoreApp.dll_0x0f1b3b5c054c38ec7baf23636d7f0648.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CoreInt.dll_0x9a5f280d311f965ce371fa2940db53f3.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CoreLocalization.dll_0x4c44748c72802dde1847177c7c1778da.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CoreManager.dll_0x404e3a5f469483e4998f0f2fcb3fc9ee.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CoreTime.dll_0x51c396baec432d75dc5497f8c25066fc.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CoreTracker.dll_0x80ba7797c6ea677d9b4046a84ed79a19.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CrashHandler.dll_0xedac5ac6ab447d5f7a4405f8cca4cc20.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CrashSenderWrapper.dll_0x25b62397c9921503c1387b443c381a41.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\CudaManager.dll_0x96240e96bd3cc865e1a068b560181b52.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\D3D11Core.dll_0x41dc03e6b32d497bd997d41266f8ecc3.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\D3D9Core.dll_0x873ad5837497304387fbc9a1a3155dad.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\DataBridge.dll_0xda589016209d2acb4af2742e0d737655.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\DataHelpers.dll_0x9e98f088a9fb0d0c733afd15a84045f7.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\DecoderMF.dll_0xc0f1ff8dbea22a122b3cd32934bd9a59.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\DecoderRAW.dll_0x1711f4d9e59f76246817679eab5540b4.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\DecodersFF.dll_0x5687dad5e4a6088e3cb015e999a30e63.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Demuxers.dll_0x597823abb56bcf59c76e3a916e1e4a70.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\DesktopNotification.dll_0x087f237019eb62ecc1c20081b214c97b.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditingScene.dll_0x6e608a0922ba315d81ddea2acc690203.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorEffects.dll_0x228fc62cd7664b34ffd8d2f3d9afefc4.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorImports.dll_0xd0deeab938cd1954e642d6030bd316f2.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorLogic.dll_0xea5c98bfff00dbf7151b06832622763b.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorModel.dll_0x70fa45b7cd812fb35b79160d3f30f4bd.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorModule.dll_0x09c5345f81c9de57781be550a796c690.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorOverlays.dll_0xf64a221314ad4c6d0c97acfac17eedaa.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorSerialization.dll_0x61e45714ca43d3d42e365e872d022148.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorTransitions.dll_0xc2588cb8c466c02396ed528c865c50c7.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorUtil.dll_0xc0513ce4a6f41815a69a37cdbe613a86.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EditorView.dll_0xb1dcd9956f2901d068d0dd514ea30a49.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EffectFactory.dll_0xf967899fb77e8d858e4725ab1fa80049.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Effects.dll_0xde5e9009d96031c7c0ea4bad1c03dca6.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EffectsFF.dll_0x1d514cb80f6f9015fd634c4ab1da2ec5.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EffectsOgl.dll_0x9d58fa42a98cf1a1b7cda9f881559f9e.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EffectsSpecial.dll_0xa7345aa342bfbaccec2927524e2a92d0.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EncoderCUDA.dll_0x303c88f6601e0a40bd62127b1ab23c99.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EncoderIM.dll_0xc481cfd216d553b6bbb9c3d34b8e3569.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EncoderLossless.dll_0x07da3e4902e8a49199209026995e0927.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EncoderMF.dll_0x551405d4b2f096ce5e0447ffd06edb09.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EncoderNVENC.dll_0x6bc650e1dbafbad063b376761ed9eb74.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\EncodersFF.dll_0xe19d480fa9b6888f64a173d9ab7880dd.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ExivMetadata.dll_0x4743883d312d982e18e8ca7ca956767e.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\FFWrapper.dll_0x83905165245b5266f4e389c178dbc699.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\FilmMaker.dll_0x5518bcd4f6dc8af3f6ec1d9d86d551d8.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\FilterFactory.dll_0xd9bddde15bfed8554ab9a1e4a021d471.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Filters.dll_0xf095cc70d7a27cfc5cbd940c579ecdf3.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\FiltersFF.dll_0x868bbda9764c1a6bcc05e383cb1eff5f.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\FiltersOgl.dll_0x874c0a31a3089b6c65a452b692331e87.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\FiltersSpeex.dll_0xdbb6c86a6622a8d6058c808be7170237.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\GeneralMovaviTrackerWrapper.dll_0x6cfae67be639d103dcb4b645c4c5d14f.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\GeneralPlugin.dll_0xe8bcf641e5bf465d16a319277775f78f.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\GraphicsDecoration.dll_0x6056af762c01c4c5a4a98fc206314715.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\GraphicsFramework.dll_0x051468e93a840593072f6d61a013b967.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\GraphicsSvg.dll_0x3cf10222bd52a0caeea314e890716ec3.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\IMCore.dll_0xd6b939135608b17285c0dbd916a7ca13.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MFWrapper.dll_0x2b34b6e98886a6d38d70703f9ae3fc10.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MQtDownloadManager.dll_0x5283d2e2a55eef1344d08d0551848fc3.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MQtMediaUi.dll_0xe5c0262105cad25487aa465aa24524aa.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MQtMediaUtil.dll_0xccb4a3f4b5a259ba750c2b02ab4cb134.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MQtUi.dll_0x7fe2abbd7e30b09e42efd004663ae119.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MQtUtil.dll_0x76f6b7287cca35c6cc48604eec6081bb.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MagnetizeTools.dll_0x3bcdfa43693054f64096de17f9ef08ff.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MediaTypes.dll_0xd0c83fa44744ec3c5328d7084d62ad8d.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MovaviAudIO.dll_0x17928647bf00089629a9c359b9d1c0a9.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MovaviIO.dll_0x4b0a9a065674c5bdfed86282ef03949e.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MovaviStatistics.exe_0xab9c2576f8b7ab93e98c5b6c0808fce4.1.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MovaviTracker.dll_0x46c1f10ba0c4a551e82db44177338980.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\MuxerFactory.dll_0x69ed820e0a1ae58c192d72569c101f36.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Muxers.dll_0x97235855b43aaed9bd553b58968c24ea.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\NagScreen.dll_0x6b4aebecf4fd48d7126c547631cde7fd.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\OglManager.dll_0x3d572a1329176d927951751fd54ae211.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\OpenglSwitcher.exe_0x8a69250266c8b045b92f3fbac1600f13.1.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\OpenglSwitcherAPI.dll_0x1776ed6e0c3bef9eaadd89f8c461f29b.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\OverlayEngine.dll_0xd1a69c63645ba87b07dce690ffea5657.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\PackageInstaller.dll_0x3229e93861fc197a095fb764fd0909c0.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\PackageInstallerModule.dll_0xdb8f675c9bc1d4e684b4f5d4190bad23.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ParserFactory.dll_0xa994acca6925d32867a4457fd779c0aa.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ParserRAW.dll_0xaefdfe07fca33abe4bc214579d0691f8.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ParsersFF.dll_0x7c12ddd03c82245485fce67fd04cf332.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\PatentActivator.dll_0x81ccc99cb06ed65aadd78aafd6feaef3.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\PlayerControl.dll_0x517ed09b79f680fd2580d2c3967bfa31.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\PlayerEngine.dll_0x2832f0d718d93627703691aad38cb930.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Policies.dll_0x969d0eb9536ca34d65369eab44a4658b.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Presets.dll_0xaaa981ef6a6f4159b42dde697449964f.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ProcInt.dll_0xab1e458226ff71c80b2cb658a2c459ae.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\PubSub.dll_0x17103b207cc08eff5e6a393098c0ce56.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5Core.dll_0xd4fc5e41be328a98c005a666272ce6e2.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5Gui.dll_0x725e29e775b2b2dc947478fe01c8bf6e.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5Multimedia.dll_0x260d25e98429cab896621a0e512f0f77.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5Network.dll_0xadf29da8367e3ec830a51c38754a41f4.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5Qml.dll_0xbd87b4cfeb393eb75ba3820492cd38b0.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5Quick.dll_0xdd1911edf6e525414043017cc95bbd66.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5Svg.dll_0x7f130e7034a9a56b5fed9f9c643cc52c.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5Widgets.dll_0x9cd7925d5f4117e033370c21cb9587af.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5WinExtras.dll_0xccbe4f933e831e0133e1237c8d9b522e.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5Xml.dll_0x742c869308f7859e62d724080cb22113.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Qt5XmlPatterns.dll_0xcc6d3fe1f5a7b24eba2a2f088fc8d9cb.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\RTAudioRendererSDL.dll_0xf1cf7051e53cc69d242f6d34e86c7684.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\RTPlayerEngine.dll_0xda0127d377626dcb1f3951f3abb3dade.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\RTVideoRendererOGLQt.dll_0x5eb2a94a0080f3f9e5712fbd57243a24.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Resize.dll_0x9ab4ec08f957921a358e42b0ee91b598.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\ResourceUtil.dll_0x62c262dfd3daa2e290e71ab5006bc6f1.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\SDL.dll_0x16237942b0f25003a9e47baeada5fe23.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\SDLManager.dll_0x0d2def8ea416fe5c011611892ddd93f0.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Settings.dll_0x947beef11bf04034c0bbd247552d6bd1.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\SlideshowMaker.exe_0xb9563bc9a137423d873f79df83e26812.1.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\SocialProtocol.dll_0xfc6e7296227f9551cb57ecf176c64a2f.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\SocialWidget.dll_0xe5fb68eec778e594de263c8e39b2fbd9.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\StreamReader.dll_0x7e262b03147a4d7f2cf3c572b5921c31.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Threading.dll_0xdd04245832b67456ba60783b407e8daf.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\Tracker.dll_0xa43c099c04a821e923b90614bbcbca3d.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\TrackerFactory.dll_0x2e463267638655c2309f84cb0e5a59d0.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\UpdateChecker.dll_0x3b77a4223294d9706d88f69cedc63b85.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\VideoAnalyzer.dll_0xd06e5d5a829f23240712a8583209b50f.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\VideoCapture.exe_0x6d37f39f8ee8abc5989340c4c328422f.1.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\VideoRendererOGLQt.dll_0x3c5065085a242d67f6d7ff6f6222c7ae.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\WebBrowser.dll_0xf91042350df1acb63f78ba11400c0ee4.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\boost_chrono-vc140-mt-1_60.dll_0x69d68484c7d408aa788805b177cafaca.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\boost_date_time-vc140-mt-1_60.dll_0x85384344741bff72fafe68ca36100b01.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\boost_filesystem-vc140-mt-1_60.dll_0x81e6c1405fa663b0f81b965d594746bd.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\boost_locale-vc140-mt-1_60.dll_0xba76c699df7f7f74a757c7ba6f9a972b.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\boost_program_options-vc140-mt-1_60.dll_0xa431718bd609982c827d990e1fa19442.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\boost_regex-vc140-mt-1_60.dll_0xb29b61d72c7be00fee6f2b023d6847eb.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\boost_system-vc140-mt-1_60.dll_0x4c197ddea8325777df34986238b8dfcb.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\boost_thread-vc140-mt-1_60.dll_0xeac67583b698d0df2d4317e11915428b.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\boost_timer-vc140-mt-1_60.dll_0x9a728eb4667068acf4f0bf0db01fa1f2.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\glew32.dll_0x653f20d904fccc1276666ca8a62eeb6e.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\libcurl.dll_0x529392a35db394fad0f3e4cca0de922b.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\libglog-msvc-14.dll_0xc6ec001c6c55be0f26d7a187c556c3f4.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\quazip.dll_0x1b2bfe1c19bbf66d8bca1bdaa53bdb92.2.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Manifests\uninst.exe_0x1c667fda1733b2369820fe4d5ce3041c.1.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1081
                                                                                                                                                                                                                            Entropy (8bit):5.193567682639196
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:2dN4+BgQANe0iNK+bIgYyHYMPgisMW3icw:cyUgpiK+bIgYyHYSPa+
                                                                                                                                                                                                                            MD5:5F3031E657AC45870E6DE7CF9F49B435
                                                                                                                                                                                                                            SHA1:BF547E454E248BF8A3DCDCC747D704B58EB8029A
                                                                                                                                                                                                                            SHA-256:A15486AF70C3669ECBCCDA0E9B7519BFB8B28CF9BBF94B9205EC0C34EA6D2F12
                                                                                                                                                                                                                            SHA-512:85B6104C3A08F96582361E1652C1864C0C8BB524CA7F7FDEE0288A8685E3E5A0B3B59D98A087F9AA7710F4EFF9A3D2676AC64D3919E44002DE721B93F4AF5925
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32" />.. <description>Nullsoft Install System v2.46-Unicode</description>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" />.. </dependentAssembly>.. </dependency>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />.. <supportedOS Id="{e2011457-1546

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MediaTypes.dll\MediaTypes.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MovaviAudIO.dll\MovaviAudIO.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MovaviIO.dll\MovaviIO.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MovaviStatistics.exe\MovaviStatistics.exe.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MovaviTracker.dll\MovaviTracker.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\MuxerFactory.dll\MuxerFactory.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Muxers.dll\Muxers.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\NagScreen.dll\NagScreen.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\OglManager.dll\OglManager.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\OpenglSwitcher.exe\OpenglSwitcher.exe.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\OpenglSwitcherAPI.dll\OpenglSwitcherAPI.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\OverlayEngine.dll\OverlayEngine.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\PackageInstaller.dll\PackageInstaller.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\PackageInstallerModule.dll\PackageInstallerModule.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ParserFactory.dll\ParserFactory.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ParserRAW.dll\ParserRAW.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ParsersFF.dll\ParsersFF.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\PatentActivator.dll\PatentActivator.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\PlayerControl.dll\PlayerControl.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\PlayerEngine.dll\PlayerEngine.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Policies.dll\Policies.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Presets.dll\Presets.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ProcInt.dll\ProcInt.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\PubSub.dll\PubSub.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5Core.dll\Qt5Core.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5Gui.dll\Qt5Gui.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5Multimedia.dll\Qt5Multimedia.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5Network.dll\Qt5Network.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5Qml.dll\Qt5Qml.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5Quick.dll\Qt5Quick.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5Svg.dll\Qt5Svg.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5Widgets.dll\Qt5Widgets.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5WinExtras.dll\Qt5WinExtras.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5Xml.dll\Qt5Xml.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Qt5XmlPatterns.dll\Qt5XmlPatterns.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\RTAudioRendererSDL.dll\RTAudioRendererSDL.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\RTPlayerEngine.dll\RTPlayerEngine.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\RTVideoRendererOGLQt.dll\RTVideoRendererOGLQt.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Resize.dll\Resize.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\ResourceUtil.dll\ResourceUtil.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\SDL.dll\SDL.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\SDLManager.dll\SDLManager.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Settings.dll\Settings.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\SlideshowMaker.exe\SlideshowMaker.exe.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\SocialProtocol.dll\SocialProtocol.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\SocialWidget.dll\SocialWidget.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\StreamReader.dll\StreamReader.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Threading.dll\Threading.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\Tracker.dll\Tracker.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\TrackerFactory.dll\TrackerFactory.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\UpdateChecker.dll\UpdateChecker.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\VideoAnalyzer.dll\VideoAnalyzer.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\VideoCapture.exe\VideoCapture.exe.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\VideoRendererOGLQt.dll\VideoRendererOGLQt.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\WebBrowser.dll\WebBrowser.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\X86_Nullsoft.NSIS.exehead@1.0.0.0\Nullsoft.NSIS.exehead.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1093
                                                                                                                                                                                                                            Entropy (8bit):5.218294530304438
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:2dN4+BgplNe0iNK+bIgYyHYMPgisMW3icw:cyUgliK+bIgYyHYSPa+
                                                                                                                                                                                                                            MD5:6A3FE4FFC2414776E6AE300B22C4E767
                                                                                                                                                                                                                            SHA1:FB3E39302FFF1D3C7908BCB9CC1E91B2C0FE99BF
                                                                                                                                                                                                                            SHA-256:5A4C655D951720F63EF470EC16CCA6C690DC528FD11707398A3541C632AED06A
                                                                                                                                                                                                                            SHA-512:69258E6C5976EB51096E94B77184C103123DCB960DE19F507A9DFF1D61EEBFDD8B2FB9FFDA489B67ADAA09FD09BE5A47CA5F8ABC9E4CDED0FE71B8700BC56D0E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="X86_Nullsoft.NSIS.exehead@1.0.0.0" type="win32" />.. <description>Nullsoft Install System v2.46-Unicode</description>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" />.. </dependentAssembly>.. </dependency>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />.. <supportedOS Id="{e

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\X86_Nullsoft.NSIS.exehead@1.0.0.0\X86_Nullsoft.NSIS.exehead@1.0.0.0.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1093
                                                                                                                                                                                                                            Entropy (8bit):5.218294530304438
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:2dN4+BgplNe0iNK+bIgYyHYMPgisMW3icw:cyUgliK+bIgYyHYSPa+
                                                                                                                                                                                                                            MD5:6A3FE4FFC2414776E6AE300B22C4E767
                                                                                                                                                                                                                            SHA1:FB3E39302FFF1D3C7908BCB9CC1E91B2C0FE99BF
                                                                                                                                                                                                                            SHA-256:5A4C655D951720F63EF470EC16CCA6C690DC528FD11707398A3541C632AED06A
                                                                                                                                                                                                                            SHA-512:69258E6C5976EB51096E94B77184C103123DCB960DE19F507A9DFF1D61EEBFDD8B2FB9FFDA489B67ADAA09FD09BE5A47CA5F8ABC9E4CDED0FE71B8700BC56D0E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="X86_Nullsoft.NSIS.exehead@1.0.0.0" type="win32" />.. <description>Nullsoft Install System v2.46-Unicode</description>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" />.. </dependentAssembly>.. </dependency>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />.. <supportedOS Id="{e

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\boost_chrono-vc140-mt-1_60.dll\boost_chrono-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\boost_date_time-vc140-mt-1_60.dll\boost_date_time-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\boost_filesystem-vc140-mt-1_60.dll\boost_filesystem-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\boost_locale-vc140-mt-1_60.dll\boost_locale-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\boost_program_options-vc140-mt-1_60.dll\boost_program_options-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\boost_regex-vc140-mt-1_60.dll\boost_regex-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\boost_system-vc140-mt-1_60.dll\boost_system-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\boost_thread-vc140-mt-1_60.dll\boost_thread-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\boost_timer-vc140-mt-1_60.dll\boost_timer-vc140-mt-1_60.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\glew32.dll\glew32.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\libcurl.dll\libcurl.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\libglog-msvc-14.dll\libglog-msvc-14.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                            Entropy (8bit):4.848482880286314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfiOjzsbRu9Td8HvWBRu9TNNSTfUTdNciWks2x8RTdN9TIHz:TMHdN43vaMN2U5Nciq2xA5NEz
                                                                                                                                                                                                                            MD5:73102579F0CC3777BDD0BA96BAB8D6F4
                                                                                                                                                                                                                            SHA1:08512E731AED9CDFEEBF2E8FDC24A35EA23E3477
                                                                                                                                                                                                                            SHA-256:03C937A5ABA7FD7EAB8AE959606EA4598E474DA06B7EC63701255E7325A9E435
                                                                                                                                                                                                                            SHA-512:E3928E509D852AE8F62B6378F984013345DDFF9F5073E77323703ACF20CA44BEBFF1753F09E7343CD948559BCAFE766EDCE38E767EFC5E7E7A5FD42C37BE2E13
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SPOON\CACHE\0x34D1186B27098351\sxs\quazip.dll\quazip.dll.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):396
                                                                                                                                                                                                                            Entropy (8bit):4.834566783842765
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:TMVBdfbRu9Td8HvWBRu9TNNSTfUTdNciWk5/+x8R32x8RTdN9TIHz:TMHdF3vaMN2U5Ncir+xA32xA5NEz
                                                                                                                                                                                                                            MD5:F93E0FB6283B5ABBBB7335A0559B37E4
                                                                                                                                                                                                                            SHA1:EAD4C3EEA9397488519C11743CB80FC252324D20
                                                                                                                                                                                                                            SHA-256:0D3C45D19E5E23832B3A633CCF8628DFFE8A5DD9A7CD80BC9FBF4D8993F45374
                                                                                                                                                                                                                            SHA-512:FA235DCFDFE3968B7C1A15E3FAB6D164AD10F232E6E628881A02BA4F580C7F94E0465EE271E72EC00212B13CCABFE7888AE10B4CC1E061F33AA8FA5FCCB372C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false">.. </requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TFX53903.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4909
                                                                                                                                                                                                                            Entropy (8bit):7.955212411072691
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:m2SyB3RjlMhLP4xszcuDSUxNXFe9C0/xe1cR7DHY80vnx0YRLf:mzynuR0szcuDSWXMYyxKcpHY3BRLf
                                                                                                                                                                                                                            MD5:6E1700E61C6A091F5B2E481A9F97DC62
                                                                                                                                                                                                                            SHA1:1946AE7A5D23F923134220C9342D2E46EDCA21EC
                                                                                                                                                                                                                            SHA-256:F522AB9B4B3E4D0CFD60B9F09EA40E5AC34BE38D43BAA721D4DD2F414DAE2B55
                                                                                                                                                                                                                            SHA-512:240DCAC2A48654316589F1A623538462763813D37E69CB6558C14350B5FBCCB13632C9F93E0AD62ED8CE254C59052E4AF36C4EFA54473D9CDD4246E2B3DC313E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:..7.o.....3....'..?5...;..;....O..'....c\.#.9..w../.{....+.......W....T!P.!..GvaL...[.[H..'.a.'.ak\.X..'.ax....<%.x.+h.81.y.?..4.s.S.0.u.g..,....{..(..A.B.$..:.|. ..3.......5.D....]?.T:......dt......t.........'.......).....$.#.)..64Ne.8+.2....HmE>...X.O:..h.Q&....x.K".@...L..b..7L*....yLV....BRD.....8^TZ...?9Zd....a9Ft6....9B.P...%9N.r....>J$...(..v4.%.8K.q.(..H..m.j6.X..i.<.h..e.F2.x..a.`*.5.]..".W.Y.<....U.~....QD.....MT...._.Id4.....EtV...#.A.pg...=..i...9$Lc.().54.[.8k.1..P.H..-.V.X.).D\.h..%.f\.x3.!..\..U..."\..w....]...........x.DX...=y.T.....y.d...s.t....Cu....6.eu..2.2%.u.+l.>1.j.?..:.`.S.&.M..g*z"....{dr..1...j*.S.. bV.u...[RE.....]^QY...>.Zm.z..x.Fy.s...B..u...N.A....J.cG.C0.v..O.WR.r.'W.k..~.i_...z......Ff...JLb./....LnAQ...&Lj]s....M.i.....W.......Y......^S.-;..3.K.9}....@.U.....a.....}........'z.....G)f.,....)b.n..M..n..Y.4j....uO*..$...q"........#..)...7....d.K....Z._....[P.s8....P..z....Q....}!.K./.y=.M...uIEW....qeg_..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~4066032673.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4909
                                                                                                                                                                                                                            Entropy (8bit):7.9557720147859055
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:m2Kl3RjlMhLP4xszcuDSUxNXFe9C0/xe1cR7DHY80vnx0YRLf:mFuR0szcuDSWXMYyxKcpHY3BRLf
                                                                                                                                                                                                                            MD5:84C453FFB52332EA429C19F0207D3DAA
                                                                                                                                                                                                                            SHA1:AC3B4FF6135ACEBAF191CFDF80391D9FDEB7EAE9
                                                                                                                                                                                                                            SHA-256:C7010DB84820E06BC6B61820DC50E568D3260BE4DEBC318262822F6913A319E4
                                                                                                                                                                                                                            SHA-512:A356DA9053B7415FF912A530D7D2B18FCB55EB2BDF2B88CCA50035C7618F235EA3F180D31501CCFDD068BD285C3DF5EE7AB3284D7B4FA9AF0EA18D0D28F887DD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:..7.o.....3....'..?5...;..;....O..'....c\.#.9..w../.^..a^..am\.X.^..a..T!P.!..GvaL...[.[H...o.]D......@.Ix....<%.x.+h.81.y.?..4.s.S.0.u.g..,....{..(..A.B.$..:.|. ..3.......5.D....]?.T:......dt......t.........'.......).....$.#.)..64Ne.8+.2....HmE>...X.O:..h.Q&....x.K".@...L..b..7L*....yLV....BRD.....8^TZ...?9Zd....a9Ft6....9B.P...%9N.r....>J$...(..v4.%.8K.q.(..H..m.j6.X..i.<.h..e.F2.x..a.`*.5.]..".W.Y.<....U.~....QD.....MT...._.Id4.....EtV...#.A.pg...=..i...9$Lc.().54.[.8k.1..P.H..-.V.X.).D\.h..%.f\.x3.!..\..U..."\..w....]...........x.DX...=y.T.....y.d...s.t....Cu....6.eu..2.2%.u.+l.>1.j.?..:.`.S.&.M..g*z"....{dr..1...j*.S.. bV.u...[RE.....]^QY...>.Zm.z..x.Fy.s...B..u...N.A....J.cG.C0.v..O.WR.r.'W.k..~.i_...z......Ff...JLb./....LnAQ...&Lj]s....M.i.....W.......Y......^S.-;..3.K.9}....@.U.....a.....}........'z.....G)f.,....)b.n..M..n..Y.4j....uO*..$...q"........#..)...7....d.K....Z._....[P.s8....P..z....Q....}!.K./.y=.M...uIEW....qeg_..

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):1.498778124459133
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H01l:s
                                                                                                                                                                                                                            MD5:7EDED22D09271BE56EDF368AF94E55AB
                                                                                                                                                                                                                            SHA1:9B574EE3C866E0B325246611FC5C412B8B959806
                                                                                                                                                                                                                            SHA-256:E6E210FA821463797D690682617069C89BF858451534AE49DACB2176207DA32F
                                                                                                                                                                                                                            SHA-512:33A65406DF4F1318D8B2BA0C53A4C9F0464C5F5C6CD187A6513BEB2BC64CD9FBA4C8B0D0344DC0F9025FD5A0BB68FE7C7FE4425EC84A3175AE8CA731AB95FB95
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Application.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00l2oHnzt0f:lMoTA
                                                                                                                                                                                                                            MD5:8B16697E1404D2A85FC21FB6CFBEBA38
                                                                                                                                                                                                                            SHA1:28F197C51CD1B046F017B4ADD08FC0EE293B7C15
                                                                                                                                                                                                                            SHA-256:ACABC6D7C0593E701501BE6322C313D4D6451C8955276E8F0AFD2913A07E56DF
                                                                                                                                                                                                                            SHA-512:C479DAE65D4E4B3FE867B29F0A50FEF32EB6850D52F1DCE6569B280764E4BD64E63CCD0C054C0A4BE21B2BF50387AEEE27A87D5BC299FAB31ED2DF9673A16E22
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........F..~.e..H....

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\ConfInt.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lhlOmFSHK:lA8SHK
                                                                                                                                                                                                                            MD5:9A12BCE2E47285DE6346B9C41EE4504C
                                                                                                                                                                                                                            SHA1:EC2D527CA08DD261CF4F8BA966E8B57C89B22584
                                                                                                                                                                                                                            SHA-256:4F14F96A01F183E409B5BE0B557E3684518962B6CA9E4474780A08796E177726
                                                                                                                                                                                                                            SHA-512:47A279D92DA12FC8EA73CFAE474D3A8749281B6574BE027C42193064C3B9EB59D360A4F45058CD91502FD1871A60FC8D3A61798803B5A6663E56C6AD521B3F4F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........L.....{..e..G.b.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\CudaManager.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00l7BnYV:l3YV
                                                                                                                                                                                                                            MD5:F154FB5A9585756CFBE8D57FD172FCC8
                                                                                                                                                                                                                            SHA1:5904450F0E7BEBDDBE0628EB47CB8ABE58A375B3
                                                                                                                                                                                                                            SHA-256:A0A9515EF3252C04163054C5815B31561A0F4D9DB7E56815607A71349A984663
                                                                                                                                                                                                                            SHA-512:470818F68E5567B5ABB21D6DADE7E3F74708F3276CAFF710BF1A5F828BAA52F2F89B2C8AC6AD94C2B50651C5D18F0DD30256956E2A4EFE421B649963AA89C3C1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........$...<.e.h.`..R

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\DecoderRAW.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00l60f4OQR:lA0AD
                                                                                                                                                                                                                            MD5:70EA50240C652032752338E127E6FAE5
                                                                                                                                                                                                                            SHA1:0A964123B20FD9777820F366B87F73EDD5D7AE7A
                                                                                                                                                                                                                            SHA-256:06237D0EC95092B823ED94BE55A91FAB2B8D6860D08896840DA734AF76C4EC67
                                                                                                                                                                                                                            SHA-512:04CE2265A6681AC381631A1342BE140D62840B45AD4B3FBBAEFE20C8925A286A691BA7C408916ECBFF68EAD1EE5167FA76F44F22573A66D79FC47732F700CC70
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..............v$h.g..U@.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorLogic.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.0625
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lHp:lv
                                                                                                                                                                                                                            MD5:4F7EE9DEFB63D010EE8AF7156D27A10E
                                                                                                                                                                                                                            SHA1:271835F22938657B78AA88069C1CC45A2D52D814
                                                                                                                                                                                                                            SHA-256:98CA3587B1AE967D55D49362E7D968A8127A8EB3D34583B438482ECAFFA3B2DE
                                                                                                                                                                                                                            SHA-512:2DFB397CC9266A814D58EA6E83602FA4D121E632EED71C0F7FDA2FAEB6EF4825F80135417FEBFCEE8B9DAD20CE3CBCAAA76A0DC4AFBC24DAB4ED9E9FD596AA7A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........\..........&"v;

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorModel.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00ldfgSGC8:lfgY8
                                                                                                                                                                                                                            MD5:65B40E5A962B578B88E1C4D5316C4765
                                                                                                                                                                                                                            SHA1:1E77D8F67913DDF14A0421485B99FCCDC5DB44BD
                                                                                                                                                                                                                            SHA-256:B7FD48B93F59BD8A94A9BA94C083BC23EED12B1A2BD29CEA3E873AF2E4CAEEA5
                                                                                                                                                                                                                            SHA-512:2F446D69E4B171DF170DF446DE81549F617CC8B1F7915C8489C47277CEAF6EC8533564E93A90BD07687B0B215AF456C64F0F941644C1DC152DD10AC1252E5129
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........p.E../.[y..?0..

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorModule.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lkgRRRIzJn:legRUN
                                                                                                                                                                                                                            MD5:FE68674649161788D340522C975A594E
                                                                                                                                                                                                                            SHA1:EC51F06828373F759C0A9BBB357DC8C5B78ABF5D
                                                                                                                                                                                                                            SHA-256:694B021E49F9C8B21EC4277A496370A1600E9BF8123040F4779E1C1802C000B3
                                                                                                                                                                                                                            SHA-512:B2115084F90A7FD6B80B1CCD012AC5511407CCD8DCA4B6B9585E14707C75FDB89A18AF599BFCB7C4EF95FBEDE089AB2A07AEADFC0212F198DD27F8AAB6D8CF03
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta...........4_...Wx..P...

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorUtil.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lt0Z1ajajn:lQ1aEn
                                                                                                                                                                                                                            MD5:3700889576D0089BCA927230758B7A37
                                                                                                                                                                                                                            SHA1:51A837C2834F9239FFCC25D07DD072F230BE1DD4
                                                                                                                                                                                                                            SHA-256:3B172FA91D7D720B28098CC743AE69121F477C0E0EFE646A1A5FB4950AF6A4DF
                                                                                                                                                                                                                            SHA-512:A2A2A38E12A10D2799BA287F5008F07CCCBDAF0F5A46AAD0C2F0F06AF9CC9D8BB3B8D4911A3BB65B8DCCE8071227784A370B8E9CAC0772DA29B7A33F4290257F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........Q<......7.a:.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\EditorView.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.112300876357291
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lc58wXkV1h:lmiw0Lh
                                                                                                                                                                                                                            MD5:EC12BAFA97B1C899B8E1D02990011D3B
                                                                                                                                                                                                                            SHA1:53FBD03052BB242F2922B404F9298DBACDF817E7
                                                                                                                                                                                                                            SHA-256:96A6499BC4330FF5FB994EB2019FDB2C2585D704F9E814E8A5B979D69FB40EE3
                                                                                                                                                                                                                            SHA-512:E146084C2145AD5FE0330B0D738CD3EC65F7A6C94363497369F773A3F617A5A496DE547B65EFD48614390C89D653DA21409FF3CF51FA1730D55EED73F90BBD56
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta............o)..h..QN..I

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\ExivMetadata.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lqnzZ+:lQnzc
                                                                                                                                                                                                                            MD5:655AAD3B62AB60D8156514521E2D91F3
                                                                                                                                                                                                                            SHA1:2A2D04CB321E946755C44A2BE30ABE2BC43DE4A5
                                                                                                                                                                                                                            SHA-256:ECBC0E4926C4EA278A62D3612773C39946E2D21A57A302FB49CFD46E99637045
                                                                                                                                                                                                                            SHA-512:11658472087386FB833236971ADAE56A62404A814068DBF2E628E68D33E83A715115639A1166DDD28950481A7693AFF8575EDB8FED9C8C47A40AE861EA143B1A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........GC.=1-.....|.Vv~

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\FilmMaker.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00l49dUd9:lCcd9
                                                                                                                                                                                                                            MD5:F2E8935F1E985F229854B15E3D53E3EC
                                                                                                                                                                                                                            SHA1:4741DE921B01C1348F1DEEBE057AEBD93180D033
                                                                                                                                                                                                                            SHA-256:A68FC0E4CEA075D42BDCB63DED4A34F4A6BF0B5E4065295727D97A249CA08CAF
                                                                                                                                                                                                                            SHA-512:3EA8898B93E6DFBDE6357F4445230E6854D7448B0303D8B322E76AF0D7CA551C392D1E04512283436D0417FB47DA2B2D6C39222CD3059B98ADB365EC40359D01
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........U............Q.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Filters.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00ldwpiHkW:lci/
                                                                                                                                                                                                                            MD5:365D75C410A59C13B7B1ACE2EC3E420B
                                                                                                                                                                                                                            SHA1:33411B9CC64C7C4E287765900F5F8F91DC493BCB
                                                                                                                                                                                                                            SHA-256:356A88D8EAFD35B36B2CA8EF2E3A92D8AEA7A9A43195C6F464D2706761E3CD5F
                                                                                                                                                                                                                            SHA-512:4E172E7DB72096CBDBC15C1FD03386556E87D85F2E6694DD34B00147E348DD33F8510EF2F0907FCDA11376114BC12268A3305FFE54422855ACF46C52F382687A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta...........p.|.\...W...

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\GeneralPlugin.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lFZo/j+r1q:lRoS0
                                                                                                                                                                                                                            MD5:867BB13E4FC26ED90A09A8002B343987
                                                                                                                                                                                                                            SHA1:A3DF12BA272B2E292C170463F5344017F2BA58EF
                                                                                                                                                                                                                            SHA-256:7B24F126A620ABBE7EC2D33803A3E045644C0070572F6E438CA6A97DCCE3945D
                                                                                                                                                                                                                            SHA-512:0D9B5B3DDAE768982150416946F3B27ABA44334F382FE13A5B4666BC632DBCB46B9AD2A90AE50ABC2DB11E4EA84F474ECE54ED9DE33FE6F9EFBA5C75A25ECF59
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta...........A.F]...'wu..

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Core.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00l5ehoDCV:lSCu
                                                                                                                                                                                                                            MD5:E415257AD7102981109120AC84CFDDEB
                                                                                                                                                                                                                            SHA1:84117081D4615F288D10DE116B0D06DF2D94800B
                                                                                                                                                                                                                            SHA-256:1C14376809D264F0502F53442226F849413169F6D3E5E76319A669318B7AF279
                                                                                                                                                                                                                            SHA-512:43EE73FCCDC0B4222C4646EE95982022AA6BCB54377B72A0576B3A373D1B7C0FB54A0A9D3E69EE4395DA231834C477B344D19A942E520BF1B5C970F34097D531
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta...........^A.2.....f',..

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Gui.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):3.987300876357291
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lfIbDLn:lab
                                                                                                                                                                                                                            MD5:7081534A844C3E4BCDE7244E1EE432F1
                                                                                                                                                                                                                            SHA1:42F71584ADAC9DB64325C9F4C595D5E9EA2451D7
                                                                                                                                                                                                                            SHA-256:EDD5D7CDEB602F9FD7B6A0403331EE8197F6F097F269F47760FBA0D21E01BAA4
                                                                                                                                                                                                                            SHA-512:F148963F1FC911A0B47560E49BC1864D62152FFBA9390F7001C70B9086652F443E0C9106A3310C670D3F8553662B155A1F320522AB8546FF06260793081BD53E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........r^).u...tx...n

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Qml.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lQy1cbegn:lqy1cbeg
                                                                                                                                                                                                                            MD5:6881E699A7227089935DE7E31796070D
                                                                                                                                                                                                                            SHA1:DCCBF81F163199725C8A58B565AFA8BC91129826
                                                                                                                                                                                                                            SHA-256:C182A1837EE8D6CB135DCD123289EFAFFAF535F0744E40D02DDF59330A4913FB
                                                                                                                                                                                                                            SHA-512:58235827A0FE9443992C0648EAB3D368558D25AA1AA98F85429BEAF6F60F1C9199FD55F5953F6C1A20CCC5B608247073D67143E8822FE097A29AF1DD857F8307
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..............9>.[.....8.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Quick.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.174800876357291
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lw80IMxs+u:lK8xMq+u
                                                                                                                                                                                                                            MD5:EF02F3EE664F831FC1EAC885D7AF7E3C
                                                                                                                                                                                                                            SHA1:8E40B0375A4AA712DBDAF6CF78F0A1D66F5B6D41
                                                                                                                                                                                                                            SHA-256:62F2CB8E56CCC2C3FCC0E0C9AD164781B3A51A75AB545B9BE5E71C423D240043
                                                                                                                                                                                                                            SHA-512:4EF05BBCC7849B1A79E085CBF3E5093E52C9FD6D62EAA96CE07777E4650A5BE44A574237EAA6E4FFCB7768BD43F99F4342A14B0D5B9901B20E6780FED2698843
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta...............%A@C.|.[.f

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5Widgets.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lxLpn:lvpn
                                                                                                                                                                                                                            MD5:6F5BA66370BE4B85DE5080A031587268
                                                                                                                                                                                                                            SHA1:497C5E7725429417BB3AD06F8243D494070E39E1
                                                                                                                                                                                                                            SHA-256:FF6DD15032476399FD9A3A4886A181444D4143CB0CC7AD533D6F121909BCC461
                                                                                                                                                                                                                            SHA-512:12D6E9E8DB957A989C3633358424EC65FB959F06543F1095BF11E7CC854B3DE735994D13DF85D0ECB1B5062285900BAD53190FAE799C26DEE2C1701591027D2F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta...........]_A..37.!...

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\Qt5XmlPatterns.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.174800876357291
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lhIa1W/n:lhq
                                                                                                                                                                                                                            MD5:C57874B12E725681ACDC3AF496EAA633
                                                                                                                                                                                                                            SHA1:390E1A681D31F85237BE3A2E68542E8DAD8CBCD3
                                                                                                                                                                                                                            SHA-256:C6876E0CC3FED68F645229A128A9E4E6EF21F072EAA16BC6E2BE95052389F1FA
                                                                                                                                                                                                                            SHA-512:E02145E6B7D46C6CEDB3A8AE5FC833DCB28D9D2F47EFF55F5B7922F0005342225F81BC177D0C6B6EDFEC26D4929BF33E6487D1B753E27F93D110EDDC8E6973C4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........m?....N.*/.....

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exe.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lUzesj:luysj
                                                                                                                                                                                                                            MD5:02AF394A4CB4C675C9D0172F2F3F81EB
                                                                                                                                                                                                                            SHA1:A562CE0E61137D26D4556675C5A7FA2E46DBDA43
                                                                                                                                                                                                                            SHA-256:95D0928A6B1EA73FAA555D543C4CD590E02FA18DD55E42878E94AF1ED60E51DB
                                                                                                                                                                                                                            SHA-512:E835C64823ADF32967EC073A0D5B43908708403B0A2E98C7D365A9EC181991413C2D74C162C44EACF152602678D650DFAA641EADD0A17B9D499C9A5EEBCCAC92
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........V;.7B=.?y..h.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\VideoAnalyzer.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00l9L4/nO3N9c:lr4/gq
                                                                                                                                                                                                                            MD5:5153857ED1A7A5AFD50E9B4FA638BFD9
                                                                                                                                                                                                                            SHA1:92469C59E976CF99C69F39BEB3AE5CC7743B4523
                                                                                                                                                                                                                            SHA-256:6A33D0497B59E02ECE79AE7FD6626E13209A74F0ABBF29418EE80619D7A15CA7
                                                                                                                                                                                                                            SHA-512:9837002F7BCE8729FE6D111B5A921021772373CC37189F8DCA8B5820856E3C67770D2505A3C97B9C7BA4A8DECC5E51E3C2D740B79A988CFD38BCA838DBD5019A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........n]Z..#$...X2...

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\avcodec.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.174800876357291
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lSIXZan:loIXZan
                                                                                                                                                                                                                            MD5:C57124A3A09867156827B48240C1E804
                                                                                                                                                                                                                            SHA1:486BA5DD340D0391F15B1FAC050CE9B552B99C70
                                                                                                                                                                                                                            SHA-256:BEB3262B6CEE6FEE3143D1F89CAC22DC2C8ADE03B6D2E1F34FA4CD08BCBFE97E
                                                                                                                                                                                                                            SHA-512:2D9294AF967979C32D0772E9BCF0109AA3703AD1AD016399723935654BDC10A60A533A1A5F16F1B4EB5176D51FB8361CFA9D5C88D6D96453DE2250D9A845A632
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........m..{...&..j..

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\avfilter.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lTO3FhAgO:lk17O
                                                                                                                                                                                                                            MD5:1D6F60A6AA7DC9DF8F89DFE699B9CC59
                                                                                                                                                                                                                            SHA1:75658E5EA54DF91348FFC866BFC82BC5D2CB0190
                                                                                                                                                                                                                            SHA-256:729A57E0B0397F4BAFB0CC70038A269B93B2D08634B2F8BA13DA2E6D83F1DDA8
                                                                                                                                                                                                                            SHA-512:40573D9C6CD5DEECE4015BC6F95AC1C9FB6F15226FF5B96AC04F1ABC75101E46B39909F44231F9433379D59742134A5EA9DDCE875607989F28864A47354744F5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........e....U...9.....

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\avformat.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lK7w4Ln:lwU4Ln
                                                                                                                                                                                                                            MD5:EFDE797879C38D28A5C37C490F5613E7
                                                                                                                                                                                                                            SHA1:08A77BF62EB2DC19495190BF9167718F60B9A26B
                                                                                                                                                                                                                            SHA-256:B1A9130E65878585D30C0735A954DD6082FF43DC9C2BE3CE7E79997F802668AB
                                                                                                                                                                                                                            SHA-512:6F88700C0B5EDAD12AC5AD4A8EBCCB7D08545C63310D93CCE4B8E010913D9A531ADC1FCA7272ACA8062F2A3AA17EB4FD469BD780E25D14DED2997FF5C80819FB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta............@a...V=../2.4

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00ldpI9ztXuNVn:lpIDuH
                                                                                                                                                                                                                            MD5:AB49EC7B3B8ADB9D6F29DC107FF81CC5
                                                                                                                                                                                                                            SHA1:8DC2DCA800BF99B48E86C2EEE289FAA3E1A3892B
                                                                                                                                                                                                                            SHA-256:D118484FC6E778B8ACAF28499E10243810906B55829C6BF7913BD07AB1BBC334
                                                                                                                                                                                                                            SHA-512:D487F62DA31CE07B668B764ED76525F98AAB7FECBA707E3987C099018DE042BCBC4114B890A74BCBFD5422A71AE3702B1417E4EB5A56CAAC089D9D41F13E26F1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........p.$T.{G...Or.D.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00laquErmk:lgquEyk
                                                                                                                                                                                                                            MD5:8CFA0638459DB6DB689F81C1FC97C075
                                                                                                                                                                                                                            SHA1:878EB0B46FC4C6CD7F30388559CD8A6AE0EBEAEC
                                                                                                                                                                                                                            SHA-256:694D64A21EEABD25A85FE3ACF627DC294E8B8426DEA52515361A33F975C6C48C
                                                                                                                                                                                                                            SHA-512:FAF9E9A2C21C408B5F020608A0F413E60EE84C489E1ED09644E11E79098F437C01BA37746ED9C03BD6E0096E2421E47135C2896E5FE25F5C67FA2E153F0DEC9A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta............KwR..n....*.+

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lrvEOPu:lJ2
                                                                                                                                                                                                                            MD5:9C3E4AA6A36A7E5B86123592BFC01324
                                                                                                                                                                                                                            SHA1:6C3C1BB7EFC89C2F8888A8278501C8E9B88D1D20
                                                                                                                                                                                                                            SHA-256:26760DD7529F0DB8F418AA1B3FD59AA79CD6AD5D9537C3AA89EC60D95984BEB5
                                                                                                                                                                                                                            SHA-512:BADA79C8592F06F421ABCB9321D97ED52F0EA72D802B58102244B997D2714CD8102BD00585CA09E7AA81FACF0C6B589B384A29D83ADF39B4CF6585FEEC8F6D7E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta...........`~....|.....

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\libass.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lp2aDrSD:lbKD
                                                                                                                                                                                                                            MD5:590553401CC62BBA2C3180F51287D11A
                                                                                                                                                                                                                            SHA1:494CE17FAF1555F1B58D1E0980AA96F0963F8B01
                                                                                                                                                                                                                            SHA-256:5E32132D138ECC49CEBB6E90F488B0E338F9F202C00148D7187CBF506168108F
                                                                                                                                                                                                                            SHA-512:C087A2BCF2A73429C7631526B30F6AF851EE092C21675211139AE6AD90A27D1EC1E86E2AA4463D6A0E84B6344A21E794F898D4A758611031B15E4208C7721593
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........D.&cf.....=.e...

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\libeay32.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.135891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lyEw7TZ:lIEwPZ
                                                                                                                                                                                                                            MD5:4F1585068A3A6C78152C57EBEBDF3C9A
                                                                                                                                                                                                                            SHA1:796478622A1E974984C9D067A5ADE40FA84614C0
                                                                                                                                                                                                                            SHA-256:83C81746F7065C2B5E49D08310E61FFBC70A2286966CBD57F3E78A106A9729E0
                                                                                                                                                                                                                            SHA-512:66517A051B9DE200BD31EEF88B2F938EA52DE09B69CA746C7490506BCC937C6812E4E0C3292139E3630ABE646177B2D70ABA9FD2C570990AF4F93A3E188D0FBC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta..........aZ...b=y.v..4.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dll.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.049800876357291
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lq8obCx:lQF+
                                                                                                                                                                                                                            MD5:DEB83F8ED1B63E6352B95DDF77403F93
                                                                                                                                                                                                                            SHA1:E69DCB790341CA9D52890FC8173965925E5F03BF
                                                                                                                                                                                                                            SHA-256:9EFCCD9ADF774083D9C85E6BA4710596FDF89C191B751BA494A7CA16B98B7091
                                                                                                                                                                                                                            SHA-512:21A0296DBE0CB96EB3A12E515F455F6ECC2312547781A8A6F7AE7D6132558F4FF5BDAB29548AB3C73CBC852CB5C51AB6D0B3928DEC887A1F4A2161291B2B1524
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........G\.........mZ.Z]

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\meta\@APPDATA@\Movavi Slideshow Maker 4\resources\themes\Default\VideoEditor.rcc.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.198391110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lpz3wihS:lIig
                                                                                                                                                                                                                            MD5:A912FF91BEE41ECF4C0ADA49F0B007F2
                                                                                                                                                                                                                            SHA1:C07AFC11D5201A0ADEA21C75FE9789923FB42F40
                                                                                                                                                                                                                            SHA-256:7A0B3390C8753BF988B046D9D17CA9F98E29C4A26D3E135F92008FE2414FABE1
                                                                                                                                                                                                                            SHA-512:326A3AA6FA8A2EBD678065F205F8A08D8C53758A1F7CB3DAA93859C0742BA3433D42D14FFCE73908C6770EE23DA2F1BD9D89A429F5770ACE08A5F7DB6225A549
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta...........<d...RU)....

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Application.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4400136
                                                                                                                                                                                                                            Entropy (8bit):7.438866529966472
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:YGMpqQOZCv82s886iugAxhTglzTMn3JXMiCHGj010Q+MQN/kkRhe4Y4Y4Y4Y4Y4p:SpqQOXxAxhTgKlMeMQ5x7f35d
                                                                                                                                                                                                                            MD5:1B46F1BFFA7EB06502DE924891F9B4BF
                                                                                                                                                                                                                            SHA1:4CFAE9571EDED302D4B1F4C2FBF540C6E835297B
                                                                                                                                                                                                                            SHA-256:20C7EB26D2562A20E4BC4D9648C32330179F1036759DE28371B6BC0E19F7FEE0
                                                                                                                                                                                                                            SHA-512:F89734D87E240984DC3945793181EB5F3BA7B7D253E667F154C4ABFFD58774A0FB821E9F5B0315F3537FDD0F9ACA1D6C4D3AD2F1094BD5DD53F8D95B62462DBD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......XLCu.--&.--&.--&.U.&.--&'s.'.--&'s)'.--&'s,'.--&'s('.--&.t,'.--&...&.--&.s,'.--&.-,&.)-&.s('/--&.s-'.--&.s/'.--&Rich.--&................PE..L......Z.........."!..........7.....n........ ...............................`C......[C...@.........................._@.<...,.@.D....`B...............C......pB.......>.T...................d.>.......>.@............ ...............................text............................... ..`.rdata..6.6.. ....6.................@..@.data....R....A..F....A.............@....gfids..L....@B.......B.............@..@.tls.........PB.......B.............@....rsrc........`B.......B.............@..@.reloc.......pB...... B.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ConfInt.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1102856
                                                                                                                                                                                                                            Entropy (8bit):6.490996449178343
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:tLjYErwpntR5wuos3TtmizH93LR1dXHwQGmzkDY3rgEju+3An24TKxW+a:FlrwpnMsDtmizH93LJzprnjTk
                                                                                                                                                                                                                            MD5:4CDE04AB03AF7BFC1F65BC19470B62AF
                                                                                                                                                                                                                            SHA1:E9971523D0D51BC2868969C65009F55FB23B44E1
                                                                                                                                                                                                                            SHA-256:FD4A5961C372D0DFA065745D3A512E95000011C59317E4E407F15E2B67B6486E
                                                                                                                                                                                                                            SHA-512:AB2C71CC3111681A20618880CDDB4FD3EB96463C1CB8BE3DC23C5744903877D66E98A8B9A9AFA8997BA85B2F7579052A1762295343DF94B9220692C86B5F02DB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ,T.dM:.dM:.dM:.m5..hM:._.9.lM:._.>.oM:._.;.`M:._.?.sM:...fM:..;.`M:...;.gM:.dM;..M:...?.uM:...:.eM:...8.eM:.RichdM:.........PE..L......Z.........."!........................ ...............................p............@..............................~..,\.......P.......................`.........T...........................H...@............ ...............................text............................... ..`.rdata...a... ...b..................@..@.data............:...t..............@....gfids..L....0......................@..@.tls.........@......................@....rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\CudaManager.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):134152
                                                                                                                                                                                                                            Entropy (8bit):6.449969494940418
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:+aBeaUZYYYIYddbqWKp9A+OCSaJDbh1G3L:+aBeaU2HKrOGJ4L
                                                                                                                                                                                                                            MD5:96240E96BD3CC865E1A068B560181B52
                                                                                                                                                                                                                            SHA1:0B710B5FB99D724811CDD5091E750E319C8E870B
                                                                                                                                                                                                                            SHA-256:1425FEB675EFD8505F76E1B8290919B979AB0D4F6563A2412C1D2990CE0A98C3
                                                                                                                                                                                                                            SHA-512:09B4436CC28834C943068B7BDDB246A5F8CCA6DE2933FD9153E44999CF63E3BFEF916131F14FF4D722E6B3ABF46C6E01260D4EDFE18A7B611DD01E48FA5B784C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........4J.gJ.gJ.gC.;gN.gq..fH.gq..fX.gq..fA.gq..fN.g./cgH.gO..gK.g...fN.g..fI.gJ.g..g..fK.g..fK.g..fK.gRichJ.g........PE..L......Z.........."!.....b...........M.......................................`......vR....@.............................T............ .......................0..`%..p...T...................$..........@...............H............................text....`.......b.................. ..`.rdata..lK.......L...f..............@..@.data...............................@....SHAREDS............................@....tls................................@....gfids..D...........................@..@.rsrc........ ......................@..@.reloc..`%...0...&..................@..B........................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\DecoderRAW.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1099280
                                                                                                                                                                                                                            Entropy (8bit):5.5107292249425095
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:NcIATiq8Z7rXLVRevvvIOTYGLDxpg80vkSmCkuDzThnWR:NcIATinXLLevvuGLD/g80vkSJr3F
                                                                                                                                                                                                                            MD5:1711F4D9E59F76246817679EAB5540B4
                                                                                                                                                                                                                            SHA1:EAAFB95E3DF688643B62F60A52ADCCF88EB4DE98
                                                                                                                                                                                                                            SHA-256:1E2E1DACC4AA34A98FC92993C8A6932784D11E185F2EB006F9F1D698C4CA6A58
                                                                                                                                                                                                                            SHA-512:6D0158605D3C523B6CF337963DEE982DC5518AF9CC233EF4477D82852C47177AE228B1456E9CC0BC1AC8BD7AFD971C1E620BE99FE85E4821C5DAC551949E81C1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...ob..ob..ob..f...}b....[.lb..T<..ab..T<..db..T<..ib..T<..yb....W.kb...;..ib...<..fb..ob...b...<..eb...<..nb...<..nb..Richob..........................PE..L......Z.........."!.................c....... ......................................C<....@.........................Ph..$U..t........p..........................`......T...........................(...@............ ..L............................text...B........................... ..`.rdata....... ......................@..@.data...lH.......D..................@....gfids..H....@......................@..@.tls.........P......................@..._RDATA.......`......................@..@.rsrc........p.......$..............@..@.reloc..`............&..............@..B........................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorLogic.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):7768592
                                                                                                                                                                                                                            Entropy (8bit):6.313366131940976
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:GvF/i5AMBE9rqNeqqcp8lCIdtjHHiaTBrXPM5UeLOOEqB/vRP7xE0vsXrX5Kk4Th:mF/aAUExpdcp8lCYtrH3JeLAsPvMrX
                                                                                                                                                                                                                            MD5:EA5C98BFFF00DBF7151B06832622763B
                                                                                                                                                                                                                            SHA1:6919D9CB2DC1AC3565D21186D2141B8A59D752EF
                                                                                                                                                                                                                            SHA-256:C7F297FB4951975FEA9A115042E9D507007CDAC63DB6CEA07AEE0AE49E0DE7AE
                                                                                                                                                                                                                            SHA-512:6780AC9386D0ECC5DBB6788343B8C6FD0D2AA4CF2013E808649105159CF0D11E7052A57343613E5FD300C898F7A0C6E2E3761D64E7AE072551AD49CAB93D11E1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#...g.|.g.|.g.|.n..m.|.\...n.|.\.x.l.|.\.}.c.|.\.y.q.|..w..c.|...}.e.|...}.c.|...}.<.|.g.}..|...y...|...|.f.|...~.f.|.Richg.|.........PE..L......Z.........."!......R...#.....~MJ.......R...............................v.....A.v...@.........................@.b.(...h.h......0p..............nv......@p.8...0.U.T.....................U.......U.@.............R..'...........................text...m.R.......R................. ..`.rdata..&.....R.......R.............@..@.data...,0....j.......j.............@....gfids..L.....p.......o.............@..@.tls......... p.......o.............@....rsrc........0p.......o.............@..@.reloc..8....@p.......o.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModel.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1288720
                                                                                                                                                                                                                            Entropy (8bit):6.177629919654217
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:ga7PQP6KNsGrbovClj9UeN4udUUW2wwxmmWlR8ddMSvac7EOZr0XaCLr22xUsSis:ga7PV3ptgnu
                                                                                                                                                                                                                            MD5:70FA45B7CD812FB35B79160D3F30F4BD
                                                                                                                                                                                                                            SHA1:14CED346D24A76A89C7CB5942E8EACCB91B3747E
                                                                                                                                                                                                                            SHA-256:B7B919A4D830C8A6811410BCF1585189F6107DC71C4DC9C52FDB8695FFA31B50
                                                                                                                                                                                                                            SHA-512:EF5A275CC3AA41A8BF5E730D799449FBA362B2096C5D171A8BFB8436EEA9D31302F416509B77F6879287349D53B0829978585CCC29AC960E16C2185BB9B5E500
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8%YT|D7.|D7.|D7.u<..zD7.G.4..D7.G.2.iD7.G.3.wD7.G.6.xD7.....~D7...6.~D7...6.wD7.|D6..D7...2.zD7...7.}D7...5.}D7.Rich|D7.........................PE..L......Z.........."!................................................................u.....@.................................H....... .......................0..x.......T...........................(...@............................................text............................... ..`.rdata..............................@..@.data...L....p...|...L..............@....tls................................@....gfids..D...........................@..@.rsrc........ ......................@..@.reloc..x....0......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorModule.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4163080
                                                                                                                                                                                                                            Entropy (8bit):6.292109648962723
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:sewPFrw9ZfdTy4pd8BCLzoOImwvl+iawZre:twS9HyBCLEOImwvl+im
                                                                                                                                                                                                                            MD5:09C5345F81C9DE57781BE550A796C690
                                                                                                                                                                                                                            SHA1:00F7DFEA27D514BA04218CBEF84B7F0519AD7BB1
                                                                                                                                                                                                                            SHA-256:F85CBCF8B855D9D04CD6B3F0C599A3E2AD75546336ED611CE7B1C9BC1ACC0A7A
                                                                                                                                                                                                                            SHA-512:A88398C739036D9F7B6558DC255EE8372915F9B6098AB7FFD1519FCC1EC5592C72B23B99238DB10583A95396F9C6D5EAD7C4EA6FFA24E02801993A8776C85AD0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...oa.oa.oa.f.P.ga.T?..ha.T?.|a.T?.da.T?.ka.....ka..8.ka..?."a.oa.Kk..?.(a..?.na..?..na.Richoa.................PE..L......Z.........."!......*..z......n.&.......+...............................?.......@...@..........................z5.x...H{5.......;..............j?.......;.......-.T...................T.-.......-.@.............+.P)...........................text...g.*.......*................. ..`.rdata........+.......*.............@..@.data.........7.......7.............@....tls..........;......J;.............@....gfids..D.....;......L;.............@..@.rsrc.........;......N;.............@..@.reloc........;......P;.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorUtil.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2213384
                                                                                                                                                                                                                            Entropy (8bit):6.366484054263376
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:O09i181EmdExCCBb2FHtu8HYs3c9Dw5+xUxaIiBjo:O09n1ZEYBFHtu8HYsEDwEHxBM
                                                                                                                                                                                                                            MD5:C0513CE4A6F41815A69A37CDBE613A86
                                                                                                                                                                                                                            SHA1:4C8A172EB8BF4CD3EE9E52A7076CF36D817C0942
                                                                                                                                                                                                                            SHA-256:56EDA6182C27B08E143393814708F6ADB6D33479CCF6F0C96254A8B69FF1235D
                                                                                                                                                                                                                            SHA-512:1E4A656D6434CD4801607F69926E5F39224B3FD27D56CB6221BB7E4ABB2DDC43A4376CAEB96DB4DF0524FA98716EEE10680FBF2EFC2DA2AE56D2F9012DF8000C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...o...o...o..Wo...o...n...o...n...o...n...o...n...oE..o...oj..n...o...n...o...o...o...n...o...n...o...n...oRich...o................PE..L......Z.........."!.....V...P.......*.......p............................... "......j"...@..........................1......L......... ...............!...... .........T...................T...........@............p...............................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data...T....@......................@....gfids..L...........................@..@.tls.......... .....................@....rsrc......... .....................@..@.reloc....... .....................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\EditorView.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5252624
                                                                                                                                                                                                                            Entropy (8bit):6.308977070093551
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:laeM3m+mE7IIzUO62+NpKgzJZocJyhXzbHpV8M1B/T1pvnayKUyq:geMy7NxJZoccvjT1pPa
                                                                                                                                                                                                                            MD5:B1DCD9956F2901D068D0DD514EA30A49
                                                                                                                                                                                                                            SHA1:64602D9F457B9FB0B1420E03AED3536C83962B9E
                                                                                                                                                                                                                            SHA-256:51F8EA93B34C1EBF84E527C897B8688C5F2EAECCF3F3613C378D0E923B6A6454
                                                                                                                                                                                                                            SHA-512:38C956CDBDF5E9ACF2FD1EF5F38893AB775B8DDE7471E726CFC4857DDCF0A5D615EE041C2112A8E01CFA04387E6C7837336C2D43ADA42B37708EAEE6CF63A7C5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2R.RS<.RS<.RS<.[+..TS<.i.?.ZS<.i.8.YS<.i.=.VS<.i.9.ES<.....VS<...=.VS<...=.}S<.RS=.*X<...9.+S<...<.SS<...>.SS<.RichRS<.........PE..L......Z.........."!......7..^.......&2.......7...............................P.....9mP...@.........................p.C.(....jE.......K...............P.......K.h....Y;.T....................Z;.....8Z;.@.............7.`............................text.....7.......7................. ..`.rdata...&....7..(....7.............@..@.data....p....G..Z....G.............@....tls.........pK.......K.............@....gfids..D.....K......0K.............@..@.rsrc.........K......2K.............@..@.reloc..h.....K......4K.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\ExivMetadata.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2180624
                                                                                                                                                                                                                            Entropy (8bit):6.6191909501279484
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:L0LPEMIn/1F06Lh0m44MFRIR1dmr+TLkzK:L0LPEMp62T4MFRgN
                                                                                                                                                                                                                            MD5:4743883D312D982E18E8CA7CA956767E
                                                                                                                                                                                                                            SHA1:C6773D339B6F7EFF4895AC9025954CFDFBF60DCE
                                                                                                                                                                                                                            SHA-256:29D3B56626598E2797DA0294514C2624F42BAF632D497D62A977EA25EC6BFF2D
                                                                                                                                                                                                                            SHA-512:FAD40A1310AE1D4801E57D18124701B07576F013582B2D521F1F19F20E9F54A267574E7C02C6B4326D58D9AE2077BA0723D9F58B810E7A35F563D3276CCBEFFC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......(.4l..gl..gl..ge.Cgx..g.&.go..gW..fk..gW..fg..gW..fh..gW..fv..g.y.gd..g...fa..g...fj..g...fg..gl..g..g...f(..g...fm..g...fm..gRichl..g........................PE..L......Z.........."!.....N..................`...............................P".....].!...@.........................P................p ..............*!....... .........T...................T...........@............`..|............................text....L.......N.................. ..`.rdata.. ....`.......R..............@..@.data...,S.......x..................@....gfids..H....P ......T..............@..@.tls.........` ......V..............@....rsrc........p ......X..............@..@.reloc........ ......Z..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\FilmMaker.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1965072
                                                                                                                                                                                                                            Entropy (8bit):6.263555564389405
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:zQ/pdvRxrLvU2sP1ct2Xr2UKQH2OmZOP/:U/pIywXqPQH2OmZOH
                                                                                                                                                                                                                            MD5:5518BCD4F6DC8AF3F6EC1D9D86D551D8
                                                                                                                                                                                                                            SHA1:9C2237EA60D90E30F3FAC522ACD3D445CA0D929E
                                                                                                                                                                                                                            SHA-256:30B457DFEDD6CA17DFF3A61647AF1F1FD16683F21BA1C018E8D664C2EAEEC6F7
                                                                                                                                                                                                                            SHA-512:6BD63F575519D2D0032C150B53BE0C5CB5D4E1BEDA0E0A714DB655B8A2E1DCF8AB73748B8906D7EC3DC5EE87540DADE94860320780FED7C7BD71DC8662D7053D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z............cJ.....E.....E.....E.....E....b......MB....(E..........(E....(E....(E....Rich...........................PE..L......Z.........."!.....f...v...............................................@......C6....@.........................PL..8....P.......P.......................`......@...T...............................@............................................text....d.......f.................. ..`.rdata...!......."...j..............@..@.data....|.......t..................@....tls.........0......................@....gfids..D....@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Filters.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1712648
                                                                                                                                                                                                                            Entropy (8bit):6.357540392611961
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:EfnUmqH+D8tt4kAsb7R/q8zLIMXhoN1oz4Ag2tSSJbRlbR54g2Rfn8FlK9FT:Efjbsb7qMRr320o
                                                                                                                                                                                                                            MD5:F095CC70D7A27CFC5CBD940C579ECDF3
                                                                                                                                                                                                                            SHA1:54345A5478C988A3E7078D8F5EA1FC5F0F98AC5B
                                                                                                                                                                                                                            SHA-256:F26957743379662E55CA1BC35D3A3D0CF5E6B4ADB1DB199B08F17578C50A9B18
                                                                                                                                                                                                                            SHA-512:283286251DB092ED807FBCC26FB4E1F61103755A1FE7AC8A84AF281B63D57B73B52CCA1B5FD8071215E12E88619202347F37B754EA0D31CD17EAB20F039D0E65
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..1.b.b.b.b.b.b..}b.b.b'<.c.b.b'<.c.b.b'<.c.b.b'<.c.b.b..%b.b.b.;.c.b.b.<.c.b.b.b.b.`.b.<.c_b.b.<.c.b.b.<.c.b.bRich.b.b................PE..L......Z.........."!................ ........ ......................................1.....@.........................._..P....j..................................0e..P5..T....................6.......5..@............ ..d............................text............................... ..`.rdata....... ......................@..@.data........0......................@....gfids..L...........................@..@.tls................................@..._RDATA..............................@..@.rsrc...............................@..@.reloc..0e.......f..................@..B........................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\GeneralPlugin.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3507216
                                                                                                                                                                                                                            Entropy (8bit):7.958800747735346
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:98304:DTY1x84UWqJyeE/+s1lwjU/GBKlK4XXMOmsH/xE:DTQM3g1lwI/PJnMYH/K
                                                                                                                                                                                                                            MD5:E8BCF641E5BF465D16A319277775F78F
                                                                                                                                                                                                                            SHA1:F44022191D8DC6B3793FCAADA9088EC83469DF7E
                                                                                                                                                                                                                            SHA-256:914E5D426A4D0FF8E6EBBA027BCF55374FF8EC981621085FF40A42A21DFBBBE8
                                                                                                                                                                                                                            SHA-512:65C3385BFB7D1F3770115589671AEAE0FAA2D2FBE4E15C3741629BA944A52AE8B2CDE2621FAB8C3B9D6B044BB6DF5843210792448F145EBCEFF78F4712D19D90
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............~U..~U..~UDm.U..~UDm.Ut.~UDm.U..~U..{T..~U-..U..~U.}T..~U.{T..~U.zT..~U.l.U..~U...U..~Ug.{T..~Ug.~T..~Ug.|T..~URich..~U........................PE..L......Z.........."!.........b.......................................................'6...@............................|...m........................h5....................................P...................................................... . .........V..................@....rsrc................f..............@....idata .............h..............@... ..L..........j..............@...ogxfutkn..1...W...0..l..............@...uczfqxzy.............f5.............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Core.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4648968
                                                                                                                                                                                                                            Entropy (8bit):6.845273620705971
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:Yg7R0PnB5Y8Vh8+gARa61cjr94fJsv6tWKFdu9CkTQ7aCT0AaasQLlRtgqEkLx06:D7RIB5JgkrqP9UJsv6tWKFdu9C2DuiQR
                                                                                                                                                                                                                            MD5:D4FC5E41BE328A98C005A666272CE6E2
                                                                                                                                                                                                                            SHA1:D6017248D936EE5488A043A00222AB74D14D338E
                                                                                                                                                                                                                            SHA-256:0E0EFB868798F375A1927AA27D8A7294ABEB29179B40A55F0DA7C4779CC54F1A
                                                                                                                                                                                                                            SHA-512:58DEA76C3DBC16E2058F18D3BD65F57EC47B4487A8165F3E7CC250BD4081CCCFF7F71C4A05F6BB625D5789476BB9B8EE77E0EC8D0ACEF03DF8390ECD8A61D0F3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......64..rU.CrU.CrU.C{-tC`U.C.. CwU.CI..B|U.CI..ByU.CI..BvU.CI..BkU.CP5.BqU.CP5.B}U.CrU.CST.C...BTU.C...BtT.C...BsU.C...CsU.CrUpCsU.C...BsU.CRichrU.C................PE..L....!.Y...........!......#..z#.....i.!.......#....g.........................PG.......G...@...........................?.p...`.E.|.....E...............F.......E..W..0.<.......................<.....P.<.@.............#..............................text...Q.#.......#................. ..`.rdata....!...#...!...#.............@..@.data....z...@E..L...&E.............@....tls..........E......rE.............@....gfids..0.....E......tE.............@..@.rsrc.........E......vE.............@..@.reloc...W....E..X...|E.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Gui.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5023760
                                                                                                                                                                                                                            Entropy (8bit):6.801933494978092
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:N5znUGL/Y0CgtbZPpBEHivkKrfB5sIjat0vKf/8Mkj1IGbdWckJ+4Ncxy7Lp97ga:zjv9pvLrxvSA1IGWNzj1Cwp
                                                                                                                                                                                                                            MD5:725E29E775B2B2DC947478FE01C8BF6E
                                                                                                                                                                                                                            SHA1:EF9B7B50DE16DFDAFB0C681A22B13D38B76C03AB
                                                                                                                                                                                                                            SHA-256:41F80696EC0BA0DB54EBFAC3CDD21A3A727CEE85085EC1712D6A7CFB0DD456A5
                                                                                                                                                                                                                            SHA-512:666D88FD6548986B9544E9EA6F5E9776EFCBA63733F03F898D74719E86B971D8A0A96EE92DE42D3096B35396805DEE2E3E1CB64E964F1EAC3A9D6C038859743C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............s...s...s......s.G[....s..p...s..w...s..r...s..v...s.N.r...s...r...s...r..s.N.w...s.N.v...s.N.s...s.K.....s.......s.N.q...s.Rich..s.........PE..L....".Y...........!......,..& ......,.......,.............................. M.....^.L...@..........................(1..`..|.H.@.....J...............L.......K......0.....................L.0......0.@.............,..............................text...z.,.......,................. ..`.rdata........,.......,.............@..@.data...T@...pI......VI.............@....gfids..L.....J......dJ.............@..@.tls..........J......fJ.............@..._RDATA..0.....J......hJ.............@..@.rsrc.........J......jJ.............@..@.reloc........K......pJ.............@..B........................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Qml.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2518024
                                                                                                                                                                                                                            Entropy (8bit):6.544214046535609
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:B8gyHfJgsHzR2/BkbTjgne/7MCzLIrXwXtAMrB5u:B85HzRtbfwiDXtAMrBQ
                                                                                                                                                                                                                            MD5:BD87B4CFEB393EB75BA3820492CD38B0
                                                                                                                                                                                                                            SHA1:FE92B919FF4F6779315969CF793ECD12768D9610
                                                                                                                                                                                                                            SHA-256:C7297DBB3B96460C39132D943AB012BA018E2447C61CACE034085A339AC54354
                                                                                                                                                                                                                            SHA-512:BDF209EAC6ABCB71A026ACC3D2FBD144CED0142EF0DEA4280A145EF85925EF1C4B4261533CB125885996BD4FE7330D4C7569B701C71BC39A2217D864E948FA1D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............q...q...q.....q...r...q...t...q...u...q...p...q.-.p...q...p...q...p...q.-.t.g.q.-.q...q.(.....q.....q.-.s...q.Rich..q.................PE..L....'.Y...........!.........T......}........ .....f..........................&......a'...@......................... ....d...p#.......%..............P&...... %.....`..................................@............ ..0............................text............................... ..`.rdata...3... ...4..................@..@.data........`$..r...H$.............@....gfids..L.....$.......$.............@..@.tls..........%.......$.............@....rsrc.........%.......$.............@..@.reloc....... %.......$.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Quick.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2584592
                                                                                                                                                                                                                            Entropy (8bit):6.673967359191832
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:+72NPUIttYsZE4VbGxzTfT8c/YQ/UEgDma7fCaG6DbWAFjuJqFYm5scuw1KIwXga:IvsNWei+YCoHYp7tlMvbjZbfFNAabzX
                                                                                                                                                                                                                            MD5:DD1911EDF6E525414043017CC95BBD66
                                                                                                                                                                                                                            SHA1:5159FBF1868F772BF025F2D8B4008C0284D06794
                                                                                                                                                                                                                            SHA-256:34A827CF0BBF6FC01F80A16AE2A2462AFA869FC5941C4848F3EF0C80CE3394ED
                                                                                                                                                                                                                            SHA-512:985CC620D4BB1D6F612E587DB234E954E8D82F706D954B0DFA72CB6B5A57C23A784F074D4D758A97BDD0F86DB22ACA19DB635FF4DD8F9F4813EC020CAB74500A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t....v..v..v.m...v.Ku..v.Kr..v.Kw..v.Ks..v.&Kw..v.uw..v..w...v.&Ks.I.v.&Kv..v.#K...v.....v.&Kt..v.Rich..v.........PE..L...g(.Y...........!.........J......c........0................................'.......'...@.........................`.........".,....p%..............T'.......%.h7......................................@............0...)...........................text............................... ..`.rdata..`....0......................@..@.data...|.....$..v....$.............@....gfids..L....P%.......%.............@..@.tls.........`%.......%.............@....rsrc........p%.......%.............@..@.reloc..h7....%..8....%.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5Widgets.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4441096
                                                                                                                                                                                                                            Entropy (8bit):6.863374475131253
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:/PQn9PEAVrrHG8E7fb/wIKzjSc122lu2kYBOruWeYNOu+Sr+2xTTW+k:wpEpz7jCjrTuveMnrr+25TWP
                                                                                                                                                                                                                            MD5:9CD7925D5F4117E033370C21CB9587AF
                                                                                                                                                                                                                            SHA1:401A2D6790B4199D0E9969EF91AD1FE7CABEDA09
                                                                                                                                                                                                                            SHA-256:B482699FB43BE37BF1840D7A263671F29A2E394B169D0553320030EBD686A8C8
                                                                                                                                                                                                                            SHA-512:D6EFD1AC6274B53FBD02A959214E35648A17332CD0C6B415D333260AEAD1778C04C1F99EBFA6111197333C7EDCE20033C0D40C0C0E8409DBED5B055EE21BE810
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'...F.A.F.A.F.A.>-A.F.A...@.F.A...@.F.A...@.F.A...@.F.A8..@.F.A.&.@.F.A.F.AyJ.A8..@.F.A8..@.F.A=.AA.F.A.F)A.F.A8..@.F.ARich.F.A................PE..L...M#.Y...........!......*...........*.......*....e..........................D.....X"D...@.........................@.5.D....z=.......@...............C.......@..g....4.......................4.......4.@.............*..2...........................text.....*.......*................. ..`.rdata........*.......*.............@..@.data....p....?..h....?.............@....gfids..L....p@......6@.............@..@.tls..........@......8@.............@....rsrc.........@......:@.............@..@.reloc...g....@..h...@@.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\Qt5XmlPatterns.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2253328
                                                                                                                                                                                                                            Entropy (8bit):6.603086704899176
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:ca5PCwBljqnVwHmuEXPTV/KD69ZEF/lBHasxA7v0wVywTSnJKWTK:cahwVxXBKu9KasQv0KywTSnJKWTK
                                                                                                                                                                                                                            MD5:CC6D3FE1F5A7B24EBA2A2F088FC8D9CB
                                                                                                                                                                                                                            SHA1:68C9AD27B1DCC372EFBEB749CE7EAD35EEFE8619
                                                                                                                                                                                                                            SHA-256:74B0DF17B0F3474518897B35C276692C99614CE9A8AD0DCC2D5AF051F3FB2ED8
                                                                                                                                                                                                                            SHA-512:604D08E68B8D5EA3461301BF63D6EB88C7227C67346AB64253EEDB43B2B052BF83E5EBE4D7DAC1B29D2FE8BCBC01EB3BD1CCDEDBB923CD63387F647253934386
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,T+_M:x_M:x_M:xV5.xWM:x}-;y]M:xd.9yXM:xd.>yTM:xd.;y[M:xd.?yGM:x..;yZM:x_M;xGO:x..?y.L:x..:y^M:x...x^M:x_M.x^M:x..8y^M:xRich_M:x........................PE..L....%.Y...........!...............................a..........................".......#...@.........................P....@........... ..............F"......0 ..b..P...............................p...@...............T............................text............................... ..`.rdata...K.......L..................@..@.data........0......................@....gfids..L..... .....................@..@.tls.......... .....................@....rsrc........ .....................@..@.reloc...b...0 ..d..................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):860680
                                                                                                                                                                                                                            Entropy (8bit):6.3917500089558414
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:a341ikxHgEcvF0swEKjY9BAYhllllllllldokJA/Oz4Pq+OI0+5B1w+4v9ThM4mD:64gjhllllllllldoD/OUPq+r4vhhzqhP
                                                                                                                                                                                                                            MD5:B9563BC9A137423D873F79DF83E26812
                                                                                                                                                                                                                            SHA1:D92DB683E283A5A83873C7AABD84EED018DA9C9F
                                                                                                                                                                                                                            SHA-256:E782F3DB9090ACB6DA0DDC71BBC33C9AE08059287C14F678C165071FA6C5A7A8
                                                                                                                                                                                                                            SHA-512:CD6F24B601F1D55A71FADF59419FA09D6C2340549823EC7A74E99CEF86F62422A0498C6CED24FBC9920EBAC72A766FFA6CA5FF91B608894425C61C0302F53C7C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......eI9.!(W.!(W.!(W.(P.-(W..vT.#(W..vS.,(W..vV.%(W..vR.<(W....%(W..qV.'(W..vV..(W.!(V..*W..vR.3(W..v.. (W..vU. (W.Rich!(W.................PE..L...M..Z.........."......t.......................@..........................P............@.................................L6..H....p...G..............................T...........................(...@............................................text...!s.......t.................. ..`.rdata..6k.......l...x..............@..@.data...`N.......F..................@....gfids..T....P.......*..............@..@.tls.........`.......,..............@....rsrc....G...p...H..................@..@.reloc...............v..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\VideoAnalyzer.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2137616
                                                                                                                                                                                                                            Entropy (8bit):6.699846603006673
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:z3O1czzceUDaGPjyM4gdv1/cETC5KTiEnZyv0TMYDehh:z3liDaG2Cv1EyTbBD
                                                                                                                                                                                                                            MD5:D06E5D5A829F23240712A8583209B50F
                                                                                                                                                                                                                            SHA1:3E472569F9DD5F66018EA04E27EDD308355BCC5C
                                                                                                                                                                                                                            SHA-256:662A8DE3AC302A917CB8EB6F5290DB361A3DC0F47DAE02E5F987B3B69C8C5764
                                                                                                                                                                                                                            SHA-512:D99C087FD76EE4BC8F95B649CD98DE49A0AA76ED083DD5E60F19521C13925A09827C0050793241CC34E2BC5B668173E920846DFEC40611306A8F287B686B8803
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................yN.......................L&B.........c.................................Rich...................PE..L......Z.........."!.................U........................................".....#.!...@......................... B.......S..|....P!............... ......`!......$..T...................4%.......$..@............................................text............................... ..`.rdata..............................@..@.data............T...z..............@....gfids..@..... .....................@..@.tls.......... .....................@..._RDATA........ .....................@..@.rsrc........P!......n..............@..@.reloc.......`!......p..............@..B........................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avcodec.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20760184
                                                                                                                                                                                                                            Entropy (8bit):6.590900113670029
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:196608:MEFS0QsBS5IZyeqAjtq3Ofk99k9yaEqitVeuT/Tzw5gYIBd1qtbMEbXdGjxqY86J:fg0QQSbeqAjteTzwtbgxqY86pus8D3
                                                                                                                                                                                                                            MD5:7F6DD6ED7B04B5DC2617F09EA66A83E0
                                                                                                                                                                                                                            SHA1:F71FDF022BFBEB503DA2D4BB0475073019CF9CD2
                                                                                                                                                                                                                            SHA-256:66D92E901B9129E8773E5E5773363BCF9CF0F022D3C669255EA3E0EE21AC8434
                                                                                                                                                                                                                            SHA-512:FEEED393CBCA0D3EC773B1DF9CB8D96ADE2302EC241DEFFE4FECDFAD4FD2B2A4F217A33B9ECD1D5676298BCA20E8021C61C727DDA2B966617E70963AEDE6A20D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!e&Z..$........!..........#..j........... .....f................................}.<....... ......................p...........-..................h.<............................................................................................text...............................`.P`.data....X... ...Z..................@.`..rdata..0.D.......D..p..............@..@.rodata......P.......:..............@.`@/4........... ......................@.0@.bss.....h.... .......................p..edata.......p......................@.0@.idata...-..........................@.0..CRT....,............. .............@.0..tls.... ........... .............@.0..reloc.............." .............@.0B/14.....X.............#.............@.@B/29......e.......f....#.............@..B/41..........0.......P$.............@..B/55..........@.......X$.............@..B/67.....8....P.......b$.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avfilter.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3183656
                                                                                                                                                                                                                            Entropy (8bit):6.267272093053561
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:gLv7EmQRG8Jx+zpFlyhCzyFj1f68pN9dH/xYTt0ShiwWozSOesWzsEe:IgGeapFlyhTfDpNb/xY2S8
                                                                                                                                                                                                                            MD5:BE65CED2E0C455858FAE39C188A9C0F1
                                                                                                                                                                                                                            SHA1:609574D8BBFEF83F8EA150E4F1293FB52071E3A7
                                                                                                                                                                                                                            SHA-256:EE14ECC080C09588ABC1D295C7CBEA00F9928A1B63C008A333A5D9768D1EB5EC
                                                                                                                                                                                                                            SHA-512:3ACDBF9F28C9FE7BDC7F10207188B39519399F2A12E093BDAA435E6D6ADF8933C15490755724D00C7606569964690EE51567EB425E6AC877DBB0FB8815C0F973
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#e&Z..*.?<.....!.....@....*..R...........P.....k..........................+......t1....... .......................*.......*..1...................x0......p*.L............................`*.....................$.*.H............................text....>.......@..................`.P`.data...HL...P...N...D..............@.`..rdata..............................@.p@.rodata.......&......l&.............@.`@/4............&......r&.............@.0@.bss....@P....).......................p..edata........*......x).............@.0@.idata...1....*..2....).............@.0..CRT....,....P*.......).............@.0..tls.... ....`*.......).............@.0..reloc..L....p*.......).............@.0B/14.....8....P+.......*.............@.@B/29.....Q....`+.. ....*.............@..B/41...../.....+.......*.............@..B/55.....$.....+.......*.............@..B/67.....8.....+.......*.

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\avformat.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2883232
                                                                                                                                                                                                                            Entropy (8bit):6.159675780589993
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:OgjoqNjPHD7X6jweWtnJD3lZmMylthjS1ZNCNKHZlk8BOD1tACYvRqK3+J7jaqiL:OgjoqNjHD7XkweWz5ZmjhjS1ZNCA59BZ
                                                                                                                                                                                                                            MD5:A71E8C4061D5EDFF563D9CCE2F329234
                                                                                                                                                                                                                            SHA1:883190E9C5FB7E3D416790DB5F7F8063C4D85CA4
                                                                                                                                                                                                                            SHA-256:F68F00498355789D844183D9F775563E6A973539AB0639D96C0B2DF726195542
                                                                                                                                                                                                                            SHA-512:E3DA1EA8C17A3AFA455368051152B71ECA1D3B611B20940D4623F238E01B95D9B17E4C2F5642D5AA31C5CCE8AB6380ACD2A84D1C80A847A75126CD8A6545C6E2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."e&Z.$&..=.....!..........%....................e..........................&.....[.,....... ...................... %......@%..=....................+.......%.@.............................%.....................|H%..............................text...............................`.P`.data...............................@.`..rdata..............................@.p@/4......D....@".......".............@.0@.bss....@.....%.......................p..edata....... %.......$.............@.0@.idata...=...@%..>....%.............@.0..CRT....,.....%......B%.............@.0..tls.... .....%......D%.............@.0..reloc..@.....%......F%.............@.0B/14.....8....`&.......%.............@.@B/29.....Q....p&.. ....%.............@..B/41...../.....&.......&.............@..B/55.....$.....&.......&.............@..B/67.....8.....&......"&.............@.0B........................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qgif.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):33288
                                                                                                                                                                                                                            Entropy (8bit):6.385647278453995
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:a6nLJiRxTr8RkWeDjIvkdRLFA1c5OW89CXgUP3whP:PFiDTr8kWMjMkzFAS5OW8AQUPghP
                                                                                                                                                                                                                            MD5:700C24540D7B4716F9824F720B44E8B0
                                                                                                                                                                                                                            SHA1:2526441D011650838B98320E47303AB0F09584D3
                                                                                                                                                                                                                            SHA-256:F53F37687D8DB9E2651051BD0FE1A5BEB6A9081F2804332ACFBF4413F0B5FB89
                                                                                                                                                                                                                            SHA-512:04961A9312911761D0D568C4710D7C21693F626C615ABADF8FBED03733BDA29D1362673377CC5867371FA4757399A20135867B28FAC3749F57A382521617A7FF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.._..j...j...j.......j.0.k...j.).k...j.0.i...j.0.o...j.0.n...j...k...j...k.g.j...o...j...j...j......j...h...j.Rich..j.................PE..L....#.Y...........!.....4...2.......<.......P............................................@.........................p[..t....[..........8............f..........D....T.......................T......0T..@............P...............................text....3.......4.................. ..`.rdata..V....P.......8..............@..@.data........p.......T..............@....qtmetad ............V..............@..P.gfids..L............X..............@..@.tls.................Z..............@....rsrc...8............\..............@..@.reloc..D............`..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qjpeg.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):252936
                                                                                                                                                                                                                            Entropy (8bit):6.542210702922311
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:qPHZYqszHEHn3CuKS6b/J9yXp1xp7S4pak+/Gk9hNuE5EIozxzb:AHZYM3CuKtJ9yXp1xp7Zhw1a
                                                                                                                                                                                                                            MD5:F79A074B7752E6FA6E88CCFA832A882B
                                                                                                                                                                                                                            SHA1:7BA940D208DCC186CB6FD99BFCB31066D45C2D19
                                                                                                                                                                                                                            SHA-256:3914B7FADF81608BBA087718CB0D469401B7D785D45197ACCFA04EC6ACCE7CAA
                                                                                                                                                                                                                            SHA-512:A35739D10177A9D8973EF4695A372975CFCC49FEB7A88520285C3A2B5D86367FC9876A124CD30C96E001814ADAD1DC52D0041752943A8C608DBFCE819C4AA055
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}..}9...9...9...0.y.3....../;....../;....../;....../-....../2....../<...9........../......./:....../8.......8....../8...Rich9...................PE..L....#.Y...........!.....P...p.......Y.......`............................... ............@.........................@...t...............8...................................................\...........@............`...............................text....N.......P.................. ..`.rdata...Q...`...R...T..............@..@.data...............................@....qtmetad@...........................@..P.gfids..L...........................@..@.tls................................@....rsrc...8...........................@..@.reloc..............................@..B................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\imageformats\qtiff.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):323592
                                                                                                                                                                                                                            Entropy (8bit):5.702638469860292
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:4nBMm4FK7JwUDIDGIK482edm2s3JDBfbwX/VDkuZUk2WY:4ug6UDv482L9bwE
                                                                                                                                                                                                                            MD5:C6CAB5607E8CB6AB1E7CBFB4EAB50E9F
                                                                                                                                                                                                                            SHA1:0A731734FC6663B6B9D04DD1F39669CBEFC051C4
                                                                                                                                                                                                                            SHA-256:DA89016C70DC1EF3C3409F3AD0024779066018C4EAFE4D5035C855F740D1B852
                                                                                                                                                                                                                            SHA-512:8C542B3306D3A72345D5E35120DF019E5B2005ECD2372561C6BB14864AA0E448BCFE2531CEF5457D0012ABA5CAFD2F01F22E3D199B431F5579C6B26D5A76C7B4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................._...........................................)......................3..........Rich...........PE..L....$.Y...........!.........P...............................................0.......h....@.............................t...............8............................~......................,........~..@...............T............................text.............................. ..`.rdata..............................@..@.data....*.......&..................@....qtmetad@...........................@..P.tls................................@....gfids..L...........................@..@.rsrc...8...........................@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libass.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2493672
                                                                                                                                                                                                                            Entropy (8bit):6.799803147772597
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:ONLlISsD2+kwQBAUZLYbBcpGaXBuQQ9OQPOCbr:ONTK+LBAUZLFm1r
                                                                                                                                                                                                                            MD5:4413266366BCF0C5D0E53DFF65F8B7B7
                                                                                                                                                                                                                            SHA1:99419709EE048C1FFC18987B9422A168F04286CE
                                                                                                                                                                                                                            SHA-256:8CCDDF597C51E4065BD0EAE584DE079E823CBF58119C7B8CED1F3492443BF308
                                                                                                                                                                                                                            SHA-512:34B4DDF725A423E5CBFA382AD9A4A2C0344AE4C6A9D23FAC4EB2074CA02EE2435E2205DE8BFD948C6C27E947F694AAE06D50381A790CB6D6783EB989024A0709
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e&Z.."........!.........."..............0.....c..........................#.......'....... .......................".4.....".......................%......."...............................".....................h."..............................text...............................`.P`.data...<C...0...D..................@.`..rdata...............\..............@.p@/4............ ......b .............@.0@.bss.........`".......................p..edata..4....."......0".............@.0@.idata........"......6".............@.0..CRT....,....."......D".............@.0..tls.... ....."......F".............@.0..reloc........"......H".............@.0B/14.....8....P#.......".............@.@B/29.....Q....`#.. ....".............@..B/41...../.....#.......".............@..B/55.....$.....#.......".............@..B/67.....8.....#.......".............@.0B........................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\libeay32.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1274888
                                                                                                                                                                                                                            Entropy (8bit):6.812537778860811
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:/P9+KpPEuO9o6F6W/QqR+fOUGR+YNe/dDM0cOWf3AXtPrqtXUsgRXc:dJ6F6W/7ZNeK0OfAXtPrqJUsgRXc
                                                                                                                                                                                                                            MD5:9F615AA4E59717623D79B876BABC34E4
                                                                                                                                                                                                                            SHA1:A6B7F966B6EA17C93913FDAB359F7631F5F58E59
                                                                                                                                                                                                                            SHA-256:AE0C1653BAFF4B0F634FD66242AFC26A4B501FF7D0EEB5CB8A042BED99F63C37
                                                                                                                                                                                                                            SHA-512:260F52BF7CFF3E1D47300113F68D716FB947AF6B8C6AE38B8A07A39A11E461A71CB8DFC3A3E90F8C19D3BAC8CCF31E9F4FF045167020A5D65529E91828A276D3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~............gp.....A.....A.....A.....A......(.......Z........\A....\A....YA.....\A....Rich...................PE..L......W...........!.........h...............0...........................................@.............................t...._..h.......H............X....... .........T...........................(...@............0..x............................text............................... ..`.rdata...<...0...>..................@..@.data........p...`...T..............@....gfids..............................@..@.rsrc...H...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\platforms\qwindows.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1017872
                                                                                                                                                                                                                            Entropy (8bit):6.658087890642478
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:w13c9SU6mjvEiZfF3LCfUTHCvsIHZHIi:lYU62nZfFu/9Ki
                                                                                                                                                                                                                            MD5:475CFECED8FDCDFEBACB156D5AAF5A5D
                                                                                                                                                                                                                            SHA1:1C4003862DB36C4D469DB9BCAA8FF47152EE1BE6
                                                                                                                                                                                                                            SHA-256:6AEB7AAC7B91E5976A68FA683EACE4E1A61D5DF82DE91DD9B787DF8AE8092A25
                                                                                                                                                                                                                            SHA-512:F26037AE18DADB6B2CEC7EB8ECBD05C8509FA5A427567B5629F7A891EEBB4D5DA72DF1D3FB7B75F0EF5E90A2995050728F4ABE6A441B64F0A87A54AD048B0E14
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........C..O".O".O".FZ..A".t|.M".t|.G".t|.W".t|.D"..|.K".mB.G".mB.\".O".'..|.U"..|.a"..|.N"..|..N"..|.N".RichO".........................PE..L....#.Y...........!.....:...R.......<.......P............................................@.........................p...x...........@..@............l.......P..............................l...........@............P...............................text...a9.......:.................. ..`.rdata..bp...P...r...>..............@..@.data...|=..........................@....qtmetad............................@..P.gfids..X.... ......................@..@.tls.........0......................@....rsrc...@....@......................@..@.reloc.......P......................@..B................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\modified\@APPDATA@\Movavi Slideshow Maker 4\resources\themes\Default\VideoEditor.rcc

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:Qt Binary Resource file
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10470292
                                                                                                                                                                                                                            Entropy (8bit):7.513819796543405
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:98304:+zsO0cTuI0bFOiypKut/4fv/c0IQ3uU0d1g0+C+Fo+WqfmsMXK8CrC/iA8IwoSFO:cfvOFxi/46Q3uZ7g0+CMWsms2K1ZIwnO
                                                                                                                                                                                                                            MD5:84AE3C64FCEC95C752552984B3F2F620
                                                                                                                                                                                                                            SHA1:5523A1BBD9F92B52D68B8DE7B5E62C59AE69D228
                                                                                                                                                                                                                            SHA-256:ACC994617D00C16DF30780C4FA6B9AAFBF2F5979D6A20AA5C3256FD5DDD893C8
                                                                                                                                                                                                                            SHA-512:8AE9CE6F8DB82C7C3265B099EE4BAFB4998492BE318E56C98DEC02D21371746F8424A65164AEB60E02CDFA3B4D2845A8327DE6D9E531CA7E925A228F306E622A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:qres...............>... .PNG........IHDR...'...'.......Q5....pHYs..........+.....MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.Ik

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):27736
                                                                                                                                                                                                                            Entropy (8bit):6.6061036473605865
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:9IORiXXRRa/x56f2uH53OFhXh+xHZjC0ricp:9IOcXXRWyHlJricp
                                                                                                                                                                                                                            MD5:46938D51A127BCF45160C5D857F5DB37
                                                                                                                                                                                                                            SHA1:6444E4A90E9C1B668811B25F95035B97D0C64600
                                                                                                                                                                                                                            SHA-256:AD4A4D6C9AEF0C437990867682939CA191E46921B0AC7FB088A7AE9CBB6FFD00
                                                                                                                                                                                                                            SHA-512:D3EF7BBABC347E2D43AA212C81B452BB561455DBEC352F2080D5B8514E8DAD5775E7B2B94E5414A008E26C60F77A37E894AFCAFD19785639C5BB1DCB37891A3C
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........."......F..........z(.......`....@.................................E........................................R..(....p...............R..X.......H.......8...............................................t............................text...tE.......F.................. ..`.data...`....`......................@....rsrc........p.......J..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe.manifest

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                            Size (bytes):304
                                                                                                                                                                                                                            Entropy (8bit):4.8207031374507565
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:qRu9Td8HKWBRu9Tf0W0WiWkoi8RcRJg/XSHT:O3fvW0WiEgJQU
                                                                                                                                                                                                                            MD5:ACF6A3667E991196B0B45339D7EF8109
                                                                                                                                                                                                                            SHA1:86E5539E047235CC9BD959FE536B54DC92A7C4BE
                                                                                                                                                                                                                            SHA-256:53A447FFFFAE835C9E52EDDC678EC1963A5FD3D3C1FAB83904C04A1FC2EC8F9D
                                                                                                                                                                                                                            SHA-512:66047291752C3482729D168FA3DAB16853429ABFCAEFF6B694E0825B4B29619197C22B0528DB6138DFBECBDD9AE549160BB5BB927C6CB291FDD9D857346CE4F5
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Preview:<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. ..<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_00400000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.643369950461906
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllT:idq2vVg3F+X324VYxzLtGYKAZTaYlMN
                                                                                                                                                                                                                            MD5:98FA505A36FA8E10C54576E73BCFD348
                                                                                                                                                                                                                            SHA1:B2B2858B06459190F712592FEFB59AEFEB9E3EA9
                                                                                                                                                                                                                            SHA-256:3C106B9A9255F3C687B5BC87FF3CD071FD3D97D1692EC2F6ADB99984BA1EF2BA
                                                                                                                                                                                                                            SHA-512:ED2B651AE47FA5F74AAF196D03B3C80602A3E229D44E9C2D0E40FBD7637CF446090B7933969DB5360C4ABAF057A141E057B6AC6FA942E2E6DCECDD33F870EF38
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`J..`J..KJ...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_004e0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6421540202882374
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllI:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:68F3901011096DA7CEB8463BFBD583EC
                                                                                                                                                                                                                            SHA1:E97BB22147E9EAE470B7FE2F45C10385522C60B4
                                                                                                                                                                                                                            SHA-256:91ED7EEC8B79C13E3BE1F23F703E7DB9DB3A0C626399253B1AD8552488FD4037
                                                                                                                                                                                                                            SHA-512:7590555983557F702DF6C66713BB3AA9AE284DA83D70CC0D529612BAD0D55D25E129B1D25A17EF2DD9D578BD61A6D976338B508C47F2CCB4727683862B786783
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................pN..pN..bN...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_00610000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.642891215114569
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllW:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:D5BEB3C804A3251BD472F06F28C559B0
                                                                                                                                                                                                                            SHA1:C23C2CCBDA163E337725B653B1275CB115A91B92
                                                                                                                                                                                                                            SHA-256:A484092DEAF8B04366C9654A0D9AC911A617EC636C85C824B26FBB58E0DB754A
                                                                                                                                                                                                                            SHA-512:D6490A66E8DFD259053A4A54B2879CD63AA253921DACA3D1A0B644439838B619A90ED7FDC24821C2316C970D0497EAA98BADAFD3E8ED8404A81FD56F4B55DD5B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................b...b.x.b...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_00650000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6402008952882374
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMLK:etGSGPxz/RZTaYlMG
                                                                                                                                                                                                                            MD5:359F259BAB802D38E00851DD43C99AB7
                                                                                                                                                                                                                            SHA1:9FE4F42A95355B351CDCDA1F2B5B197EDCC2BA46
                                                                                                                                                                                                                            SHA-256:B9B113F054BFAF289575F19AE0312EC68E98210F86947B18A84AF18D4D0A7E5C
                                                                                                                                                                                                                            SHA-512:9F7A0D68333BE926C0DDF047DEF31C980775053C59C9CE0BDD5BB87311971843F4854FD87B680D4DA47FF7876BCFE904B43BC715AF8CD09820167E3E554F3CFF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................Po..Po..Io...........@.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_00730000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.642891215114569
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM937:etGSGPxz/RZTaYlM9
                                                                                                                                                                                                                            MD5:C76C9A7C8C8CB9EAD60A744C2823CACB
                                                                                                                                                                                                                            SHA1:842FEF57132AD001C16D4B0A35DCA0EFAB9B3F13
                                                                                                                                                                                                                            SHA-256:AC2F70C378F8DAB77F63693999250936E5563DC04A322FE34990B8E9EC2290E4
                                                                                                                                                                                                                            SHA-512:B2D7C20476312936722601555D52B091490900869546E7D0AD451A7704D6689A8ACB8A56D02538B7D4C4C8D90E0E712909AF1586ACA31A01822A57CB4C789240
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................y...y.p.y...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_008e0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.642891215114569
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/llls:idq2vVg3F+X324VYxzLtGYKAZTaYlMb
                                                                                                                                                                                                                            MD5:17446CA15B2EA517E7634C0989FA76D4
                                                                                                                                                                                                                            SHA1:C7C304A79E3742991082D69824149D8B13F2BF3E
                                                                                                                                                                                                                            SHA-256:5839DDE4BBF44AB9652CA8BD77F97F8A24635DCD1E6E7EB7CD3C0E8BAC5FBB8A
                                                                                                                                                                                                                            SHA-512:2F55F0433B365681F53DD9A593BECA2435E59281E98734AD4E6EF91922E0C48CE34D7ADC312607E57AD376C904DB941915E96EF4A9877909E807AD6471477A44
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_00b30000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6280414367616558
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM99t:etGSGPxz/RZTaYlMx
                                                                                                                                                                                                                            MD5:71EF3A111C36DC245F34EBDE7F5CACAE
                                                                                                                                                                                                                            SHA1:E42D544A06C604CD9CA4571D679FBDA7AC7E6966
                                                                                                                                                                                                                            SHA-256:257278654C1EC2C4957C9C356C2BF185C50D368EAD623916E9E7AAF75A546370
                                                                                                                                                                                                                            SHA-512:426D3F8A908345799A896301A27DFB8F5E44475879DF4CDAC819FEE32DEA18F7AA2163F6ACB9184019265FC1D6E575DFDC54204D851A3FF5C93AA29923C7DF16
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................H............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_00bb0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6460602702882374
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllj:idq2vVg3F+X324VYxzLtGYKAZTaYlM5
                                                                                                                                                                                                                            MD5:E48C5321BE2C8A45DA57FACE83E2201B
                                                                                                                                                                                                                            SHA1:FE5E22E8758F292BFC0B58FE044B1EBE937643FD
                                                                                                                                                                                                                            SHA-256:1C25AC70DB326FFBBE14DD62ED63CD350876FE587A9BF86A9DF9321B87B10CE9
                                                                                                                                                                                                                            SHA-512:CC66246B836ABAD4C54AAB883AE1E039FB6B4C12A6F77D6083F2EE7B3A66DBEB53BBD7680F2AA747FF8749E4EF3CA3CAAB955A3D0F50B9F01FB801BD00834B74
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p...p...k............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_00c20000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6315664762874733
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMP/:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:FD9DBE712B3195398C2C7DB89166CD7E
                                                                                                                                                                                                                            SHA1:A33F7C7A5D14E8E34D7266D3D57AB42437266C62
                                                                                                                                                                                                                            SHA-256:08F3DDC904006EEE7A898CEDC62012B874CEDEB64F126398508D74762DB7D4D3
                                                                                                                                                                                                                            SHA-512:98B038F55BFEA1749A7F653423CD9278F67DE0CB45035C8B1AAC9960DE535359D57EEB55068BB5E343973DD7022D2CDEE4C60F420F6FA149E76B738531838DBD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_01020000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6596139064147342
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM6x:etGSGPxz/RZTaYlMc
                                                                                                                                                                                                                            MD5:D62662F15A58E2BEE9C83D93CF674151
                                                                                                                                                                                                                            SHA1:772E09A571EF4D80593E234EAAC90FD293580A6A
                                                                                                                                                                                                                            SHA-256:B3ABDC4A4FF0D2FB6E8085B9A0399F659B5E908425978EEBEB295C96A367E8F8
                                                                                                                                                                                                                            SHA-512:0F7F1C3C0B3AECB168E3310A536D06A0314A32D25959B7A2B0877C2FB634EF0C8A49E1C7E4CEFF2F763008FDC0E35975B714CEF8EEBE91B145BF7779481F4E5A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@...@...7............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_010a0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6693795314147342
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll7:idq2vVg3F+X324VYxzLtGYKAZTaYlMm
                                                                                                                                                                                                                            MD5:3B08E59A889BCABE5909E9BA633FC27F
                                                                                                                                                                                                                            SHA1:3B5F25D55A91D13D4B3B3304E51A1B58BD9E693C
                                                                                                                                                                                                                            SHA-256:090A46B8672936B9D949463AA1320A4C3E7BF709B329011ECC7321A9032CC975
                                                                                                                                                                                                                            SHA-512:1F3CD5248832EA7CEC4AC970472C5D811F253CD5262229817003A9CC4BAA5A76EBC5EA8766B687DAFC66610EACC30B4A9CD7B21E25D6BCD1E0CC0F29AE7AB098
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_01260000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6587383234535626
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMjrw:etGSGPxz/RZTaYlMjrw
                                                                                                                                                                                                                            MD5:323235E356717DAE8041F1B59717DE3D
                                                                                                                                                                                                                            SHA1:A361D30C58A76875DC2071FAAF3AEA9BB04EE879
                                                                                                                                                                                                                            SHA-256:B50C3DA05AD7E148AB0A5B374080A5BCFE733912957C185C81FCD12F07943662
                                                                                                                                                                                                                            SHA-512:9F47D5AA3A3FBBE63E7D353619D6811FAE7ED2E640A09DECCB89D76C67C7E6EC3937A2EE7A6DD71465A9A207CB55DAF66856E9E7AD4BD94D96147E2B52321091
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@...@...5............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_01390000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6666892115884027
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM1X:etGSGPxz/RZTaYlM1
                                                                                                                                                                                                                            MD5:F898F587CDAA8E83AC76668EF8193ECA
                                                                                                                                                                                                                            SHA1:ABEEB6097E4D6FF081130813AD517CED1E027435
                                                                                                                                                                                                                            SHA-256:898E4013BABD5C4F3CE9041DF8101559B2FF37B1842488BEE582A352FB6792E2
                                                                                                                                                                                                                            SHA-512:0AFF0AD4020AA9004C03FB70AB7427A2B5F0627EA684F69614EF7FEE2CAD93C7F8CAFDF3377BCE17BD1CBCA89DB7E831398D27DCCCAD7D69C7766A9DF1956242
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`:..`:..\:...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_013c0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6654732814147342
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMftq1:etGSGPxz/RZTaYlMFq1
                                                                                                                                                                                                                            MD5:0AB90172FAAD73A3306304B472516B1A
                                                                                                                                                                                                                            SHA1:825A0FCF195ACE15C2BB12E0F3622EF9301BF540
                                                                                                                                                                                                                            SHA-256:582DC1DC9B9613833CA8DD9B1FA676673B22838992D3D96BC2A2326A9D2DBD28
                                                                                                                                                                                                                            SHA-512:2F26AE3FDFFFEDC3AA3EC7C5E2972551A5075F4406FC19B10B176B28122D61BE7E3E061F11A5B3BBD97D505E38102378ECEFE404DDB1BBC488D27942960DED3F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................<...<...<...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_03940000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6564928289787666
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllS:idq2vVg3F+X324VYxzLtGYKAZTaYlMc
                                                                                                                                                                                                                            MD5:01B7774EB540D0A05F8FFB05CC2934FD
                                                                                                                                                                                                                            SHA1:287A75784D8E75378EEF3E1CE0FB7BAA5C662B49
                                                                                                                                                                                                                            SHA-256:77DE6ABFC09EFF53724988828926ABC53D2BAB936823A77C3E96108822503BC6
                                                                                                                                                                                                                            SHA-512:95555154DB36A3E4354735DDC13A286E1B742C8C8D49096F1F2A771FAE01F44DADAC8A119853683DD1608195609B6B0F06A368225A3A4A17DEFBCF95CA5B04AF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_03db0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6690869567952717
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMeRx:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:AE354F37543087AA253B98947985BA70
                                                                                                                                                                                                                            SHA1:9E7CACCB8AEB1B272F36CC30E1937DA102215076
                                                                                                                                                                                                                            SHA-256:6DB8DFC58E7CFEAAC608E503B7147B811F2AF7D4F0280C98CC741671222CBD72
                                                                                                                                                                                                                            SHA-512:FCDB8905D4F3AAC895AE1D01A6AC0AB92B2535758821FB26DC07BAC230C1471AD2D037359E20FB4134A587C09311A1400A4884748C546CDFE0CD2EFDCC06F5DA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`................................................... .............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_03ef0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.671713866888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM0Q:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:009D29F5905F47307B9F82643646A6B4
                                                                                                                                                                                                                            SHA1:33642A2B0D3382245E2CE359E293ACA6D88972E3
                                                                                                                                                                                                                            SHA-256:516A9EEB802DEBC8C475D3F98CB64D94E817BFD89721D444959D8CE9EE186368
                                                                                                                                                                                                                            SHA-512:DCF1E59685494CE7812ED2F72C018D1ABE5FEDFC875A8AA2AF56604B7B34EFDC5826923C29E02B9F524758445DA37CA39CAF537AE60D2895383CF12F9F5EE38F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................D.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_03f50000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.673666991888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMWVz51:etGSGPxz/RZTaYlMWV/
                                                                                                                                                                                                                            MD5:BF9DF2CE1B46C6E8B1C808D1B3BABA16
                                                                                                                                                                                                                            SHA1:3C2591CC943B2B385446C1E67A6D3602E53190C1
                                                                                                                                                                                                                            SHA-256:AD6DAC8584E7D7C0DE764E971F4692D7081E621B052664DBDAA53B1558DC8470
                                                                                                                                                                                                                            SHA-512:7CDD4BE634AA382F1A88E37316739A1E37900BBA2B367BB297EEDDDE9D27B723EFCF427B10344F45A31953FBE104EDD1DA662D261C85FF8FDD4CA25981337568
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................,.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04010000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllj:idq2vVg3F+X324VYxzLtGYKAZTaYlMi
                                                                                                                                                                                                                            MD5:7B77BC4100720047AF088C0B8C5C933F
                                                                                                                                                                                                                            SHA1:ED034C10A8AB62D43B4ABFC68C3A582A66A0301E
                                                                                                                                                                                                                            SHA-256:5568F56F644518C5FD4AD1C3CE64F38F453AC1DF34EFB3A7200EF14232F6013B
                                                                                                                                                                                                                            SHA-512:47B3D7285ABE203A0B68F26D7B4F94882809E976247CB7B1E75373AA5379726EB2FDC8447093A4F2DE0356F61CAE18899D3B0C5A8D507FE1FDA3FBB7F6E46A14
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04050000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6662357023631
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMDn:etGSGPxz/RZTaYlMD
                                                                                                                                                                                                                            MD5:FFC1E2741B2CB723CC5E3B4C7BAD98DB
                                                                                                                                                                                                                            SHA1:BB03457B125798E5C69687E9D769024750638617
                                                                                                                                                                                                                            SHA-256:452E69B561D4F43C2937F0C27F290B43600A9785724BE112923E9673E9BC9955
                                                                                                                                                                                                                            SHA-512:177B44DAF311051526879CCA9E1F8BE609BD625D66A9F3E00E2B9EDCC34958B4A406E7EC251C5A7C62E60A6C37D3209E0072EFA00FB287301130EEA8C93BDD8D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................0...0...%............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04090000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.665854491888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/llll:idq2vVg3F+X324VYxzLtGYKAZTaYlMJ
                                                                                                                                                                                                                            MD5:0C385C6631936F362B206A7D62E2DB8C
                                                                                                                                                                                                                            SHA1:308A15D771ED1F432B674BF8B835752CC3376EB5
                                                                                                                                                                                                                            SHA-256:EBD9B512A4BF3D44A08EDC73598C9FC61ADEE511C56241AC0F997F082D2224AE
                                                                                                                                                                                                                            SHA-512:D9CA7705666130A4CCF636C793653BFE92789DCDBB918F161B53F58F91214DE74E43C683F161CDB07DA88294EDDD69CF729C4EDF88B932BB129606E4A84E5AAF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P...P...7............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_040c0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.665854491888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMh7x:etGSGPxz/RZTaYlM1x
                                                                                                                                                                                                                            MD5:81B3021A0F611A866BDC2516D7F36079
                                                                                                                                                                                                                            SHA1:B5877D3BE5689038A0CB7684044E50A15E3125E5
                                                                                                                                                                                                                            SHA-256:6EA408995C42B0BE8BC722F998CE27B11075EED69BBF1F5D218759656575A79C
                                                                                                                                                                                                                            SHA-512:9B075BEE59D6C6035A23694BB8E4DB3529E1302B4ED180FC0FA4B0A0267006E777B6D430F8A6F77CB5116A1C08579FAA7D915E44804A84813C9791E55C3E9664
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p...p...Z............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04150000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMp9:etGSGPxz/RZTaYlMp
                                                                                                                                                                                                                            MD5:6492B66BA4444E535E8EB04387A7B785
                                                                                                                                                                                                                            SHA1:55BC4DE5B3F52B532C291A745556F7CB2426CFF8
                                                                                                                                                                                                                            SHA-256:34DFCE7182431BF7978D02F584A137D36E0090E519F22A191C7A55A030546FA3
                                                                                                                                                                                                                            SHA-512:9F18014822D76F792ABFFC2453A6489649A9D8C3D83380DE0DA4B59C3010CE6E2E0839EC0D60E5D5EE2F6238800786A9C233309EE4E81AB124A12D24354F0370
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................L.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_041b0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.665854491888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllN:idq2vVg3F+X324VYxzLtGYKAZTaYlMn
                                                                                                                                                                                                                            MD5:F1717268FF33500D839FC57AB9012FA4
                                                                                                                                                                                                                            SHA1:85E262679D1B15F2C10651D2D3E170F3B2FD8406
                                                                                                                                                                                                                            SHA-256:44259A7BA225A1F29BD1F432334897FB878AB5E59C640D0F86C37975861AB047
                                                                                                                                                                                                                            SHA-512:4922671FBBDD2FD16CB0EBEECDA13E6C6BEC551301AAE01723A9118F64B0C38A2EFF4424082651F2A7B628B30905813B630026F7AD9A740E37B94868CC3CA66A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................p.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04210000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6646385617152486
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll0:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:856DEF89C06235BB1A504ADE9D8543F9
                                                                                                                                                                                                                            SHA1:A2A6768BFB347D358C1460C9D721628FCFD2910B
                                                                                                                                                                                                                            SHA-256:8D6EEF4386EAE0ED120C1C881E352E6DB1302E1E55793724782A979F0AC034CC
                                                                                                                                                                                                                            SHA-512:5521CC33A375E9E2A665E3AAA52ACF1294F7EF2AEA06D3B8C3C9BFD8FDAD84DD862647C21751A0997AC248FB94666CBDC3AFEDA468CC57DB41914DE0AC4AFD9E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................$...$.T.$...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04270000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.669760741888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMn3:etGSGPxz/RZTaYlM3
                                                                                                                                                                                                                            MD5:046C1CE20DC6D8CCB7DBDDA56587647E
                                                                                                                                                                                                                            SHA1:501498D2B8674423853F69CE216FEE7769497E4E
                                                                                                                                                                                                                            SHA-256:DF70A7F8894D5C3BEFA397FD00BA7D5C2870BD71850B8076A3B2A0F3C9E921A5
                                                                                                                                                                                                                            SHA-512:CB1C93B8BE306D9437DC7E570BE8F42D3138FBD601C057E2092E60CE0B324C2E51EDA9AF8F9386BE341AEE6065C75011CDAC229FC3B3DB4EB9CE60D84FA9D38D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................'...'.\.'...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_042c0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6529677894529495
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllR:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:18F8F6044A5003AD9A9A1E9F8B0678FF
                                                                                                                                                                                                                            SHA1:6178812E3CE62F142CB08873E2F77BB489149C14
                                                                                                                                                                                                                            SHA-256:B9F63E3837187FD6E41B7A910D2C4FD1997479DA2C6036514A4A7D2FB08F8D94
                                                                                                                                                                                                                            SHA-512:D93FD8970DA3B3BEEAAC42465DC06FD1D1B7DDE5C41B9737DB9C65DBBD0CEEB42D30E7EE4F8FE9B0F51092C8916B8A75CFEC7F5A9D471F81A4B76FE60FC721A7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................./.../...............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04340000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.671713866888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllb:idq2vVg3F+X324VYxzLtGYKAZTaYlMj
                                                                                                                                                                                                                            MD5:E9340FE25464A28FD4D8DC92E9D007F0
                                                                                                                                                                                                                            SHA1:705118972BC5AA5E5C5AB4CD1BF4CB78FE0600BE
                                                                                                                                                                                                                            SHA-256:658E5D1786ABAF45674EA71EEB3081E1304859D8663DF70E3D61C2A1B3CBEF00
                                                                                                                                                                                                                            SHA-512:ED57E303BB1437B7A9AE5D7DE637BD6958B66D46FA42DA5556F89C4DDA3E3AB80E9B684FFF666F4B7A8EFCBA0D52F57AECE2001503C3597103865DA98F8316C8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................>...>...>...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_044d0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6631498675824072
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllr:idq2vVg3F+X324VYxzLtGYKAZTaYlMf
                                                                                                                                                                                                                            MD5:19E35EBEBCD1384C61D94C146D0AFBAD
                                                                                                                                                                                                                            SHA1:4BA4A8B745E5B2253F37DBDF8CA98CB3D8B8F972
                                                                                                                                                                                                                            SHA-256:FE20F9682369F7BC8A266799A23E114E7AD04329C7BC362DFE9910B7FCD8672D
                                                                                                                                                                                                                            SHA-512:BAC3BD1661FC7AE38EA2629DC981FF2A87DADB341CCB0160D7AD7CDFF42A3926DCCB5CB4F21DF583D9EB7B46CB394D364740E39AEC12A7C39079FB4078306218
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ O.. O...O...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04510000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6704979367152486
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlML2F:etGSGPxz/RZTaYlML2
                                                                                                                                                                                                                            MD5:5108CB2CA0057B91E373F44946C893EF
                                                                                                                                                                                                                            SHA1:828939209465F0A0AF251D7ACE27CA4EFAF9AE69
                                                                                                                                                                                                                            SHA-256:B31CCFFC00E9AA31A32A4BD2A29F2B19393983D397DDA8DBE798A054F492A4DA
                                                                                                                                                                                                                            SHA-512:216C64F37EDC2E94AB10144EA778DC0F385F767A4D29E52CD08838A36FBA5B62CB35C01BBD8342C1775640B16237E6B026A9EAC41B1B5D5CA28EF11D8BA60E0D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................S...S..S...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04560000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6669728971894313
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllu:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:8BFF269826C048B93B42CD6AAB5939A7
                                                                                                                                                                                                                            SHA1:39B361073976A46AA398175FB5C278CED9DB7F8A
                                                                                                                                                                                                                            SHA-256:46AFE9E9655D86BD9E8E2AEFC21CA001ACD49087676189DD10E1115F6DB4028E
                                                                                                                                                                                                                            SHA-512:DD96272FD3CBFE97EAEFEDED8B6A2FA145DA764AB2F35C9800EA480EC6584A8035A5D1F21FCA576D0BB0DAA8118627AE2C9559B9C4A0AE42678E1092CB569A5B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................X...X.p.X...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_045b0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6655960324099224
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllS:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:13F07690463D180C7785F3FE20624D32
                                                                                                                                                                                                                            SHA1:2524A2F9FE5F0CB311F1F1109B44802C6CCB32C5
                                                                                                                                                                                                                            SHA-256:D8955341380BB2A2BFB1C2A68F8842095A9525DE8F1170F98B85E565530917F9
                                                                                                                                                                                                                            SHA-512:3676BDFA3501B6ED33653C3A771F8FA9FA9CD22591AADFC603AC5DBD9E643F69139498D91BC5FC1F5552E308271F43CEF8CDC3F3C35213F16EA38F7CA71C2011
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................Pf..Pf.X@f...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_04760000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6709766720625856
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM8ex:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:AC3B62E3D8492597DF3406832A3AFFC7
                                                                                                                                                                                                                            SHA1:17B5F220C9EBDE2DA61529B358EE9E399A65A62B
                                                                                                                                                                                                                            SHA-256:8717C0A4AE2F245BF237A94B6FB4D4F34B8C3F3FF4CC4777F0F77926BAD0FCAF
                                                                                                                                                                                                                            SHA-512:832EE31C57C74DBD9CA25595AC57A06C714FAF3141303CB832A932DF4EF418E2CEF2BBAC30B6791B43C80AA4F65D5B33AF059C2B438CEA0B44C482094558B57A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................{...{...{...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_050a0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6595899635558533
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM5M:etGSGPxz/RZTaYlMG
                                                                                                                                                                                                                            MD5:81396B02AEEC50C238AB2B2E8F2C25C3
                                                                                                                                                                                                                            SHA1:D8E01B35850970FA83DDFAE1B31C3636F51EDFB9
                                                                                                                                                                                                                            SHA-256:1551EB7BEEA755FCBCA90CC13B8933E8EA0C7DC808A552EDF83AF61F68E88E0A
                                                                                                                                                                                                                            SHA-512:9E562BFF88781FA698A0C09CF63D824CD143B2EC6099CE3C68C196933F352BB0D27A57BF9B37062F773ED37AD5ED58C0D1282D99928744CCAF009211D869B503
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`4..`4...3.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05360000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6615430885558533
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMv5goi1:etGSGPxz/RZTaYlM5i1
                                                                                                                                                                                                                            MD5:B6D2519BBC4F0F963C5969E40D05E2A0
                                                                                                                                                                                                                            SHA1:B6887C811632A8E660DE76F218F08337847E6077
                                                                                                                                                                                                                            SHA-256:434E28A6EF24D1773C41D74C9CBA812A12056E01A987BCE8B2009C3979BFB70E
                                                                                                                                                                                                                            SHA-512:D35C1E58928F5B18594C9BD4E2F93FF88047D49175D15FAEAB55D03100B412555EB7C256F592EA15A74200CE1B23A0A0617D714AED2CAB4DD0957DAA2FD65857
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................8...8..8.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05450000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6690235470625856
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllP:idq2vVg3F+X324VYxzLtGYKAZTaYlM3
                                                                                                                                                                                                                            MD5:371299827711AA457DB8F539802845D2
                                                                                                                                                                                                                            SHA1:BF291BF6CD59D2405283222569D41156327DDA32
                                                                                                                                                                                                                            SHA-256:EE961B84C9EB491E322D949A5E239AFD7404AF40FF18E8C875D036B064A23CBF
                                                                                                                                                                                                                            SHA-512:BBB560A730649808807D378BFCC6B4EA7E13E91C3A39BD8F30718A7131AD9DF7F2C9FEDFA413705CB9EBAA24609453ED491CF5FC92E35FC410A6591E55E1C341
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................pG..pG.(OG...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05490000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.663415387789021
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMqv/:etGSGPxz/RZTaYlMqv/
                                                                                                                                                                                                                            MD5:010DBA140657A5ADA995BE21AD7D6B8F
                                                                                                                                                                                                                            SHA1:36F680BFB02898E5E020F0C75198926472E87FEB
                                                                                                                                                                                                                            SHA-256:1FC3AFCDB1955EEE001CE64166EF01A7D33B588DAFB5666104E4E14457B209F9
                                                                                                                                                                                                                            SHA-512:B60DDCDD10BCEB7973F9004EBA10E6A8F496E1A711EAED626C9F766D3B914972F3E2219D1CA6E8A8531710D4CE499A7AB598AC8F3A15BB7D99565AF5EFBE103A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................K...K...K...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_054d0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6709766720625856
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM3/t:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:03601AFBD5A49D60943FCC71B6F6E89C
                                                                                                                                                                                                                            SHA1:14560E1C67A3B07AF82C1EE7952B06A923E4065E
                                                                                                                                                                                                                            SHA-256:039EC16FF9FEE01FA9FDBD04D67D2975FFE6D9D5ADB5BC96D46E4DB6DC24D7C6
                                                                                                                                                                                                                            SHA-512:0D8B6D26B88094C3B53AAA0FBAAA15968BC79DD94A60982D42C390914E695E7C8B85CBB987134E90A807DFFD7CC0E11BC7A45F32F11AA697812342F03D6F8200
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................Q...Q.x.Q...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05540000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6646385617152486
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllu:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:2CD6FDBEA109DBBAAB7B9E8E3008B194
                                                                                                                                                                                                                            SHA1:AB5600315540F3B289D455681F8816C7B40FBD83
                                                                                                                                                                                                                            SHA-256:7F2B994CDE62F39B70E96602E96D65F1A5F1E78DF6AC36CCCA46F887A3E0DBD4
                                                                                                                                                                                                                            SHA-512:24B5AA186CBC047D88EF65AA8416F17DEAA9D2FD1B53B9ED82D5670193E07B0D6AD4934771A4CF74896030DD00F238BB2CF31B660FBA3556F936DA52DE3729F3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@V..@V..-V...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05580000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6486011646296257
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllT:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:5ECB791292468BCD3523C6D05E00F794
                                                                                                                                                                                                                            SHA1:328785161B254670CFCAF9337D8B77AB96B3AFD4
                                                                                                                                                                                                                            SHA-256:A9CD6D502B2D4834F883F8534FA3D87C53822B320D8685B850C2B1C3294943C5
                                                                                                                                                                                                                            SHA-512:8A6DCB247002EE6B23498CDF6D1F39E14534386B900F95643890260FE17FE007C28F3A092F63932587DDE395423341051CABBA34827F33AC32A55B11A64AE3F0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................Z...Z.h.Z...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_055c0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6736669918889169
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMtk6:etGSGPxz/RZTaYlMtz
                                                                                                                                                                                                                            MD5:B84024AD412FCB70DAAF0E3926D9DA3E
                                                                                                                                                                                                                            SHA1:BFE9ECB28B9586045DB34614CC4BEA5159207730
                                                                                                                                                                                                                            SHA-256:E10521099D78F6A1C13FE4F8CF5647DFC2CC378FD9DCA51BB882EC4CD7AC832F
                                                                                                                                                                                                                            SHA-512:87EB47CE3F4DA09E54EDD5B545AA17E0DF8B381F00497A7BCCF7DA718BE05D621168056F9C71205E8E644692D88BA4AD4EA3368BCEE885272D17B9D880687304
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................^...^...^...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05610000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.661431322930928
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/llls:idq2vVg3F+X324VYxzLtGYKAZTaYlMD
                                                                                                                                                                                                                            MD5:9F39593028265129BB04570946F21D8A
                                                                                                                                                                                                                            SHA1:9A335BC790F731DEBF6FA32557F7F13A5A55AAD6
                                                                                                                                                                                                                            SHA-256:7A23D5A6FA9A10515F632FC3C33DF14E0F5883FB6D70B8737B0DD014155ACFCB
                                                                                                                                                                                                                            SHA-512:DDCA5BB9C921C86CC7C8D7E1A8E5E8AE7193AEF1E51C36B08F8BE7F0BE2889573477C6B06C9565C31799527F4B971C8F031E0672164F9E7C635C113BA30B5046
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................b...b...b...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05640000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMVtTt:etGSGPxz/RZTaYlMVtR
                                                                                                                                                                                                                            MD5:6CD399FCB405CA6E7FB7770F11D30FBC
                                                                                                                                                                                                                            SHA1:F85049F9E5BA43FB76E1513A234C6A41FF666AFC
                                                                                                                                                                                                                            SHA-256:B7C05C2BD214EF78A37117446A97DE29166E21A6CE8D773326CE1419819E2570
                                                                                                                                                                                                                            SHA-512:EFE8937046C8BF4C31543CAAA01550A96C4D2A89523F0643658E435FE65154372F6B8A7ABCB0C906478D9C5A7DC5521485B0F8DDDF48A4DD36F159CF2E2DD451
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................f...f...f...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05690000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.673666991888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMbadX:etGSGPxz/RZTaYlMbC
                                                                                                                                                                                                                            MD5:460DB042E1AC7684C3C1BBEDE148CA92
                                                                                                                                                                                                                            SHA1:B0713D9E7D8EFDFF8DD0C6DB1E4301C58C9976BF
                                                                                                                                                                                                                            SHA-256:64C7AE484AD09B3394DF4EBEC55111A56F40665ADD9F9D4BBFE2835072801738
                                                                                                                                                                                                                            SHA-512:D04BA2EC621B4B9B114B7E64B094E96E144EE1837369EC5AB1CB2BFD35DB3BE4E66BD8B6059499F6C660D9688E747B453421FA36C9CA5D3523EC9A214A45AD5F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................j...j...j...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_056d0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6585064227560757
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMX6fg:etGSGPxz/RZTaYlMt
                                                                                                                                                                                                                            MD5:301242894B526F0049FCB9E58EA9BE7D
                                                                                                                                                                                                                            SHA1:15348D53D142185427BF57C1E181FFD7D743F528
                                                                                                                                                                                                                            SHA-256:A0B04E691B5A1B391176B22BA90A0D1585E01A354135C085B0A0D529FD5EA284
                                                                                                                                                                                                                            SHA-512:64295E9206F3739AC82A976472DE8587876DA0BBE67A46A61FF436472E4ACBAEC62631EC7A87BC885D456C3F432C636E1001BD64DD6B548702C87A4BD68458DC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ p.. p.P.o...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05720000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6689260221894313
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMW1n:etGSGPxz/RZTaYlMa
                                                                                                                                                                                                                            MD5:151286DCA2669DEC4DDF21AC2F9F0932
                                                                                                                                                                                                                            SHA1:042B20883F74703692EF5CFEDC19167C309EDA79
                                                                                                                                                                                                                            SHA-256:C2A8F11A4992B02ECCA95352D7F7AC531D6C813926F04D0444B11D00CEB8ACB3
                                                                                                                                                                                                                            SHA-512:3F3B0EFE5E1A8C0E4B9367F156B219ED323F6EEB6CE5F4616BA122E03A15231CDB5F7A39D145A50A1DF6D23D98B924504C173DB4C460BC219F458AB076D5C1EC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................s...s...s...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05760000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.668286352236254
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM+v:etGSGPxz/RZTaYlM+
                                                                                                                                                                                                                            MD5:A94FB7091809A1C71FD710051CECDDD2
                                                                                                                                                                                                                            SHA1:E89521180F5437E61FF69C7B8BC696C708E13E90
                                                                                                                                                                                                                            SHA-256:58025F3F9314568F76AF9444357C38C59897C4E12D98239BC00BA38386F1EBFE
                                                                                                                                                                                                                            SHA-512:B256BB0E5D0658BA00D962080E383D59EB4168D5ED82028E9E480F89EF9DEE297CF5A7C0BEF86070AF873FC7B3169ECFBF6C442EE5A54F5CE471342A4D92182B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................y...y...y...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_057f0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6545397039787666
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMN/:etGSGPxz/RZTaYlMN
                                                                                                                                                                                                                            MD5:F51112647CA7C500EE7AF82F53BB9923
                                                                                                                                                                                                                            SHA1:2840D09BABBB5D23DFB18809D3E875547121A5AD
                                                                                                                                                                                                                            SHA-256:40DCF28350A8BD94EE7B150A7FA3E9D6C177261F8678E4BEEAFE01164BAD1C32
                                                                                                                                                                                                                            SHA-512:AE3F07E12EE11BC6DF13D44AFE5195CEFDA5B68968B44B4A17F101CF636B625EE053BCF8F81E7C3886D0CA6E633570F253343A05B9E253E8D819E46F29EEFDEA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05820000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.664380102236254
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMia/t:etGSGPxz/RZTaYlMv
                                                                                                                                                                                                                            MD5:25A89BFA0D3B9E0AD9357D409A61D321
                                                                                                                                                                                                                            SHA1:5683A33D28ACE12F2D95F5706B8B023B820F659F
                                                                                                                                                                                                                            SHA-256:67435C9757CCC945CC9E8F4644ADB6126B79F4164138517549846DB03F57BC78
                                                                                                                                                                                                                            SHA-512:C4D089A283837CD788DD20AAB2A032B7ECE256D9C826120089B50A24A9C9C743A3842E8241F84C6D46F9FAF93A63651878490D3D28A8E67B29BC92FD57A6162A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................@............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05860000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6680588326153525
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll6:idq2vVg3F+X324VYxzLtGYKAZTaYlMO
                                                                                                                                                                                                                            MD5:5304AB9F225B4E091B784578DD16C392
                                                                                                                                                                                                                            SHA1:AE303540681DB0085643B6F43B7E722AA3FE22B9
                                                                                                                                                                                                                            SHA-256:E9F9129482FB2CD3ADA1438E132B11DBF78F6917413E5DECCE0FE23BE04D0CF6
                                                                                                                                                                                                                            SHA-512:F4A2616E7BFA46F107C91AB9A66EA36EEE0228D60EA130BF52651B15AD0B3650A43939E79DA7491148D68297FB4C878F4D8FCA5E655BA9B98E9BF2CC81FE0DEA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_058c0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.668286352236254
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM7mg:etGSGPxz/RZTaYlMh
                                                                                                                                                                                                                            MD5:FF42D3DE2690055113802351EEE69BB3
                                                                                                                                                                                                                            SHA1:B57F165E1879FC6BC76F260DF7197CCABD782505
                                                                                                                                                                                                                            SHA-256:C8C6B23331B3FEE52C6000BD18D0A96A1B2B0C2E1F657F5B119AAA095AF28A29
                                                                                                                                                                                                                            SHA-512:C427B772092BDE4E9E633E321174FBBE8F7A35E28F40BEDA1D9D4642FA1A667DBEFA1171CDE14E478CFAC85DC7DBC5FB615868749517007A9F3BEE636A84A184
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P...P...@............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_058e0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.665368512789021
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMKr:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:1574377E6F5B0BD49008797536751E10
                                                                                                                                                                                                                            SHA1:0BA3D9F71DAA84D2B2BED26990953D559D9C1441
                                                                                                                                                                                                                            SHA-256:8CD676ECBC0F9CE35566222E1755FEA3A3F0CD0B4D59548A567CB31C13AE0EDB
                                                                                                                                                                                                                            SHA-512:80A237C391CF61A710F748158154D40A362C82B26C0BED1274CA0EF28A732AE49A48F95E4011081AE0CF5249D753FA4EBF0594E37AE84E81D2E722B42CD34499
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05ab0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM5T+:etGSGPxz/RZTaYlM5S
                                                                                                                                                                                                                            MD5:DED4E5BD68F2227FF87B211C70D7E368
                                                                                                                                                                                                                            SHA1:F277C76A641E556D5436713EF4EDC1F0150EE06C
                                                                                                                                                                                                                            SHA-256:666B523EC6092D655FC09D49CC7F57770F8DC0D38192DD820808FFADBA95A29E
                                                                                                                                                                                                                            SHA-512:35E0FEAAC01C76BF0EAFA7A8554D677DA6DF074DEDF6BE67C15CBD44F42B31515D558FE46DD95907A4242A0D45681D8B9F46E91DA45DA23EC347C38A8BE058B6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@...@..P6............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05ae0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6690235470625856
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMKXl:etGSGPxz/RZTaYlMK
                                                                                                                                                                                                                            MD5:6915E97D0C89332350104C9552F78C40
                                                                                                                                                                                                                            SHA1:81017E9E9966C54F8C88E43FC64E5F73BD673EEC
                                                                                                                                                                                                                            SHA-256:503B8FE1F487528E0F71C88F8F583147AA7A1534B8A72CAE59BD824A5DA237A9
                                                                                                                                                                                                                            SHA-512:33A7E35B81DED3C4D76272308F69500CC9DE8D484BCBE98BB88DD08E979360B7FEFF129936ACD84310FBD0C3D7D910423A6D6F2C7A0E19ED8A1A1D7231BC3D35
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p...p..D\............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05be0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6616754779297442
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMGfZll:etGSGPxz/RZTaYlM+
                                                                                                                                                                                                                            MD5:5977F14B305934BBEE176AE6639AEA4E
                                                                                                                                                                                                                            SHA1:3C9C7A3321FE634146CCE901A8116E963C7EBB1F
                                                                                                                                                                                                                            SHA-256:49FFC9C881A0FFE463A9660CAB27C9C56D7A7895EA27F94BF606D27F80E79C90
                                                                                                                                                                                                                            SHA-512:8E56742761CB05979265E28AB13BFFFA815C0B31EBCB6F79F8D3C02C863437FE856093F476063460F5B2EEA24D1A13C69474594FFA55ADE40683EDA6D2E98048
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ ... ..X.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05c20000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.673666991888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMmt:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:8B6A1A994472637045BB46826FB94B0B
                                                                                                                                                                                                                            SHA1:8C4E83FFDCA265C2EFBD3C1B5B9759AD76314219
                                                                                                                                                                                                                            SHA-256:F1AE67B543690DC7483DD6C3EF75D03B701DC3EEFFF11E1A7B42AD9B4AB28830
                                                                                                                                                                                                                            SHA-512:DD60F525925D4A805D5044A8DEF4254A9F7ADB539D9D6B3364EFA9E5B811056D5C315B64A47D580C26FEA3A7D1777907FD7D8002B126F75576C653BAE1148616
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05c70000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6709766720625856
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMlXZ2:etGSGPxz/RZTaYlMl0
                                                                                                                                                                                                                            MD5:1126521074A7B89CB700B40005E0B0E1
                                                                                                                                                                                                                            SHA1:44676DBC0EFBDBBBAA19E9D83FB81CB30D496988
                                                                                                                                                                                                                            SHA-256:1949B4A8F0D797054F753B74849CBA948655B48ABEE8B3D148CC5B90E328DDB1
                                                                                                                                                                                                                            SHA-512:93E360B8AD713B3140233F1EB5EEB39515AE711C719377460AD4B22AE159041FE0BBA6989C0B550B18DA69F61E2CD27CB68297143D52432FC72F25C39CD4207A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`...`..8Q............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05ca0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.673666991888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMyB:etGSGPxz/RZTaYlME
                                                                                                                                                                                                                            MD5:32D4F013B9B5F4BE84F30DDA2CFBF690
                                                                                                                                                                                                                            SHA1:F364CAC0F8419886F925A2F56CB87129E8C4D26C
                                                                                                                                                                                                                            SHA-256:5EAA45AA7D66EDB13932145AA45B7CAC4FBC3D1F26BB93404D0CC1AD92FC5A5D
                                                                                                                                                                                                                            SHA-512:A8C33E3F5EB71640DC4489536C40262C139FE33C8CBA9C0FD2C9F175F70A6B96257E4103426BDE61C7769B9DBBC3D31834FA14B5B5EE128F1630F94A8C0DF870
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05d10000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.667807616888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM6St:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:C349660E0E932FC9355AD84F2D5C718D
                                                                                                                                                                                                                            SHA1:D03ABF0BBC2F7255C5963728CF8EB3E8E63CB848
                                                                                                                                                                                                                            SHA-256:C14D0E01A5B25E9BAD74C369F8CFA5CAA6D358F9F8279B50B3A487234F33BA4D
                                                                                                                                                                                                                            SHA-512:AE475C618BC3D7CA65353B9B1161769D028404197860C94527CAC14032A40D004DE1A8B05DB1F00800117881EB1EDB0780BD460A5CFE268EF8885D2D4658929C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................@.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05ea0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.669760741888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMOlhg:etGSGPxz/RZTaYlMqg
                                                                                                                                                                                                                            MD5:D643A7D21FB0D25BD93C99C8D109FEB0
                                                                                                                                                                                                                            SHA1:0AC6870981E1B1F839DC8A4CF34BB25092E5C559
                                                                                                                                                                                                                            SHA-256:F6B7A5BC65F1985CED15C52007C53AD56C68D30B0A332CBF266C7BF9F7659084
                                                                                                                                                                                                                            SHA-512:D08C8CA3FBF57DBCC8DA7434C028FD95E0307B747373F94066C2B118FCAAE3B8D1F0F1EF4664963AE9CDC7F022F1338F132564F62DF91353E5BC2361D9367844
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@...@...5............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05f00000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.671713866888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMoFe:etGSGPxz/RZTaYlMY
                                                                                                                                                                                                                            MD5:66641C502F27E06ADE4329A0CD43D670
                                                                                                                                                                                                                            SHA1:0EEDBB14730953C1DD8F794E7BD3CC9BD40F2D32
                                                                                                                                                                                                                            SHA-256:3DCDA2812F1ED3D04FB9A90C2C21A137287799E85E5AC72A495D5844B61F67E1
                                                                                                                                                                                                                            SHA-512:6EB59AEE65B034B9B803C218142E69F4F9E26298557A27BC970B27B4B45674993E4F06D12964C76BE2E0AB1114B5ACAA11DD416B06C12EB64A30FB7CA43D131A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05f30000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6627590187295218
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll+:idq2vVg3F+X324VYxzLtGYKAZTaYlMT
                                                                                                                                                                                                                            MD5:FC0DE98BDC4F9F525D150F955C27D6D6
                                                                                                                                                                                                                            SHA1:EF5C28177CF39B49D2DBFE7BAF579C0D40140A0A
                                                                                                                                                                                                                            SHA-256:4C4E9B1A542DD810B82273AC44FCA99718E39B56E5689E8A13209BBDCAF5E636
                                                                                                                                                                                                                            SHA-512:BB1C28E54E0174E9241A59EB406778DBF2E92BB8939A2085932D538B89DE4B36D55AC16A27F6D45983B1E93FD526C2933701774B5188DEB55A5A3D128430C9F4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.................................................................0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_05f90000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.645854300668629
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM4lj:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:1409BCE63538560176F670E6913FB26A
                                                                                                                                                                                                                            SHA1:AC28CFC6DFBD5132D2A142B36D211C46FAD473E9
                                                                                                                                                                                                                            SHA-256:449506AE72DAA2F044CBA31A7EE69554C84ECF768A0663FD444D0636DFBA454C
                                                                                                                                                                                                                            SHA-512:D4EF40AE59C4C8AD781064B4884F7D2D056F81DA47FC91BDF0066BFE50916BA16AAF3A8CF2943C4417F627F947BBE98A765413C80D1C03CCDBCF1D28F080571C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................`.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_06110000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.663796598263204
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll6:idq2vVg3F+X324VYxzLtGYKAZTaYlMo
                                                                                                                                                                                                                            MD5:D283B7D04D3A04B223D74BB368E72E0B
                                                                                                                                                                                                                            SHA1:6ECDAC03C54667A5EDA209F215F1DD8E2FF90F47
                                                                                                                                                                                                                            SHA-256:427944F26F5BE2D9A3F0507866D9E4152944B986A374F48E5A2C800646870844
                                                                                                                                                                                                                            SHA-512:777CD2FFC1BD2347E94CFD24D472B66921C2F9C203C1A98A35F22B0A38ED91D705BF5BF347818B7296088F72F4C524882DEB1C1C3F9CB886B53F7689F3F166B0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`...................................................h.............0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_06210000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6623294523631
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMT0Nt:etGSGPxz/RZTaYlMI
                                                                                                                                                                                                                            MD5:E9B2781B93F144280777DD925BDA2D97
                                                                                                                                                                                                                            SHA1:BC4FA0260629A82043FDC294E5DF4F9A01625249
                                                                                                                                                                                                                            SHA-256:565022D040E9C98724E08AF5912965000529CACDA80D341A175BE2C56C3054E3
                                                                                                                                                                                                                            SHA-512:995325D6B45EBD8A88CCD14F50A44BA6AE577356F228B1798E2FE81E1B408C3C335237507C25B85C0C060CCA6F53758B52A1F6A0CDB4B805FC998E1CAEB20ABD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................!...!...!...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_06240000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6720950773631
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMXDZ:etGSGPxz/RZTaYlMXD
                                                                                                                                                                                                                            MD5:0A4FD1FA6538653C5671B77FF84F15D5
                                                                                                                                                                                                                            SHA1:F71D38FBF2D1C58A60B1F22709480BE261A1DF1D
                                                                                                                                                                                                                            SHA-256:2985D8EE5CECF25668045AF65FB41F3EFCFF21D90109F386A01492D258AF5B94
                                                                                                                                                                                                                            SHA-512:D0356CFE088A6E255E51B8EDC8BE42C24FD1438AA1963B7838A6D54199302147C9D42C90E0E5DAC346BD39401DAE57246F8B1B41555C3714ADDD2F40441F4F3D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................&...&...&...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_06280000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6674516325367685
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMog:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:39EB4170A5EFF9DEDA71B9FB17BBC4FD
                                                                                                                                                                                                                            SHA1:F029BBEA5A46F0EEB073E08ECBC160082569F31D
                                                                                                                                                                                                                            SHA-256:26745C455D86C47FCD89E5529207ED837C39E9870D11530B3365CD6A38085403
                                                                                                                                                                                                                            SHA-512:801618385B8FB342C6633F19DDE17E912271221EF31FB33F384A3B2B80413AB86DA7A70F28A3C9B73EDC5072490C2920FD3236A101949475FB2F43B101E1BB95
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p/..p/.,P/...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_06330000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6694047575367685
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllC:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:A5C8DBB772F5509517EA94C2334DD91D
                                                                                                                                                                                                                            SHA1:7FC580B3039B6E5C480AB8481C6AAD2918D34177
                                                                                                                                                                                                                            SHA-256:8EF63A65FED80EE2E899BCA12DAEF7A0CDB4A43CF38BDD780E2C01ECDB3AD209
                                                                                                                                                                                                                            SHA-512:EB67F7AAEED54A435BFCAC09B03925415B85CAFD339B750D592B9B4B82261F2802F592DAB424692CA695D176B97AB83D8D5408FD564F026E5AF8254CD800B117
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................6...6...6...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_06390000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.666714437710437
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllA:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:E37A1A677461A7C0971C2D91433D9A6A
                                                                                                                                                                                                                            SHA1:BAF38EDE271A9D9B1C4693869133CD5323F1DCB6
                                                                                                                                                                                                                            SHA-256:324917ABC57CC36D5C20D5602C0F8AE0F0F75FD31E801AF8EA1A5BA0923C65CF
                                                                                                                                                                                                                            SHA-512:10FAEA26ECDDEFB87CF08BB38008C69374C55FA95A76DC4BD9BC9587CAFF88548B1673FDB979D87FCB285457DA46A7541EFEA9A6B0F54D063E887AF7FDB309EC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P<..P<.@><...........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_62c80000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6634962135558533
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllG:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:5CC7218C62197721D5AEEA4E4D8C7BD7
                                                                                                                                                                                                                            SHA1:68D889915EF600B055C126A21735E67ABA33AA8E
                                                                                                                                                                                                                            SHA-256:BA19027CD8B0EF13F35275BB9382610F4F0BA655691DE5745ED7AD3D3C983124
                                                                                                                                                                                                                            SHA-512:68D55B17D0020C582906E225EFDF431D1B3E9A6E68A31ACAF946361066608431CC4F0931759F699F902082905065FAD5400F0BA0A62C5432BB0880223BF806E2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................b...b...b....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_63180000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6611871042037045
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMJGC:etGSGPxz/RZTaYlMN
                                                                                                                                                                                                                            MD5:BC881E02BD9471CC3D8E2D06226E53F0
                                                                                                                                                                                                                            SHA1:3EFD8CFE8C1A75D90FC58A83860CB3B082AC470C
                                                                                                                                                                                                                            SHA-256:7D6CDA5FC13B96CD938A7401C766735147CBE829FB299D6E43347285955C322C
                                                                                                                                                                                                                            SHA-512:B5438FA5DAA4A0DA0D179186685C91A096152124A4EF0694AC0C491A3D6299BF4217A7064490FBCBDC370D8C82D44BDDCCACA387FF36B121CEBD186E23A1A19C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................:c..:c.l:c....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_64000000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6590220090545913
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllY:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:1193D63C9CB3D1552F4A0BE51CB1F8A5
                                                                                                                                                                                                                            SHA1:4566FDE4B763F9A1FD7C778B5F67F6F2BC911811
                                                                                                                                                                                                                            SHA-256:FF63627C19D23B4ECF5D34F550A1FAD7F0A6ECBB571C66F944C8C8E7FD425D70
                                                                                                                                                                                                                            SHA-512:9F9497943641CB9DB900ED84FD3B596A2BE1DFD40C031CB7DAC61591AADFCC188BD07F83E41E98F46F17B66259D5DA8A470F45B30666DDC8F212A0DDE8785DB1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................d...d.|.d..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_64b40000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6600686989031903
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMeQ:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:B8AFD340E563E1DF65BB38E399D56C50
                                                                                                                                                                                                                            SHA1:4139E6A6234B973C96809DA20FEC93A68A1245D4
                                                                                                                                                                                                                            SHA-256:FEC30DADC854FA17357FA19577EC68032D7D1552E99ED65801336A62D55B1C7F
                                                                                                                                                                                                                            SHA-512:0A02194B9020F8F9803A09A6D7AE1F3A29BF94284247B790B3E7E691224606903C1666C62A09EE3C2639468E0374799B5B65DC80E5F288B17727042322B5BE69
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................d...d.4.d....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_65200000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.656543659377373
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMUvLl:etGSGPxz/RZTaYlMg
                                                                                                                                                                                                                            MD5:BAD4570AF2AEB80E814A148B4EEED86D
                                                                                                                                                                                                                            SHA1:3CBAAB2071B5007AC3062A07718998056E8568F4
                                                                                                                                                                                                                            SHA-256:560B5C94DACFBE316EC5A1AA5B9380948635D66E402AD47284952858AA4AFF88
                                                                                                                                                                                                                            SHA-512:225BEACD7251E8BE8C94C23854C24327992575A84C14D34260B0282932BEF4AA3131EF4FD5F561B29D70AF7E61FD3BD83B81087F2E4882975041CF8D5D7DB830
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P)e.P)e..)e....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_65bc0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6592339792037045
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMKR:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:B952DD52B9F22C056686AD606B67B454
                                                                                                                                                                                                                            SHA1:C4F55AC13FAE584359E2DA10FDD539456302B155
                                                                                                                                                                                                                            SHA-256:A62F7B2B511CE419E4E096AB4D2A84AD4A0A5683DD5275DF9EF0B28FFB8E5C1E
                                                                                                                                                                                                                            SHA-512:47023FDDAF8415A800E26EAA1AD6675AE74947ECC803AA7A7236D6EB4FF1591F8FB103D1642ECFADB79128D5AEBDDA4D85E3CBF88DC7B05006FB4434852E1765
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................e...e...e....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_66980000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6665677438563675
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMX7Nl:etGSGPxz/RZTaYlMXr
                                                                                                                                                                                                                            MD5:F0CAAF29EF0A91B72C4030C360C77AF4
                                                                                                                                                                                                                            SHA1:213E088FA54D4C15EEC9777A70A7DB1BB0CF2B99
                                                                                                                                                                                                                            SHA-256:72DDCEBED5C15DFAECF1DF0FCE4E65E5E530AAC13616E5B51A1AD1B5D492AF81
                                                                                                                                                                                                                            SHA-512:298760C56C8F831E015692942A9AAB8B297F2750C543F98AC72C3AB5FBA8134486508D598860F3733E25D30DE5B263116D62191BA2885F901F5B11F3657CD898
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................Gh..Gh.Y*h....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_688d0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6674516325367683
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM1n:etGSGPxz/RZTaYlM1
                                                                                                                                                                                                                            MD5:3111B0B800BBC46F53D0316CA7C6CBD4
                                                                                                                                                                                                                            SHA1:32A3FEAA4113850C86D02F1CF7AFA86740038078
                                                                                                                                                                                                                            SHA-256:2DB6A94F0CA911F5DF48C0C4446C1E97075BCB840D54BCE5AC204173DEA53377
                                                                                                                                                                                                                            SHA-512:5AC7BEB1CF2928BA564211884DE579E7BA265D694436C24952A9FEE8569D76895ACFAE00BFCB39008ECC586F86B328F831AF4A5683201561892291E829E3FD28
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................0.h.0.h.).h..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_68b50000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.637510575461906
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMa5:etGSGPxz/RZTaYlM6
                                                                                                                                                                                                                            MD5:63E084E76C2078C68A77D2ADAC1DB8CA
                                                                                                                                                                                                                            SHA1:5E7A751E659859FDB01BF58D5AEB0F07B1C59EA6
                                                                                                                                                                                                                            SHA-256:BF0C1E400825C31E480D38D8657A019991A5EEE4A1284ED21927DA34E49BA7FD
                                                                                                                                                                                                                            SHA-512:3452A5411EDDDA839A2911A597819EBF20C131E4698782704D18153115E9927AA0DB6D29325A7EDE7C489FE281B4DE1584B50EFD9A11C7EB18A883E43BD985AC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................p.i.p.iX].i..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_690a0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.661948241888917
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMtl:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:029C23EB774A5DA463E87643852309EF
                                                                                                                                                                                                                            SHA1:9649D91B312942FA76520B1F6A17034631E26EB6
                                                                                                                                                                                                                            SHA-256:160069B057FB7AB0731D8E67B51200FE9582B4FFEA953AC8624257310795C98D
                                                                                                                                                                                                                            SHA-512:003F64DAF81F79EA543C0E204C6E8D63B1571D771DCD2FEA688FBD02485758FC3C13FDC8A7DF238F8D52B35D5B74B0207D86292B5420D1124183542E788E23D7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................Ei..Ei@mEi..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_69bb0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.642891215114569
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM0X:etGSGPxz/RZTaYlM0
                                                                                                                                                                                                                            MD5:80D89740CB774C1A2352651DD5CCB214
                                                                                                                                                                                                                            SHA1:0025B45D73599DE4AA37EFF92213B5A06B997440
                                                                                                                                                                                                                            SHA-256:AA4049466C05A1A22948A3235313CA901B9ACEB9EE68E46A7F7E5097A17FAE42
                                                                                                                                                                                                                            SHA-512:553581386C242A8076A99569C10CD96C1192E38E1D5387576EB15595A959FF7F8F611E14B0A98635E4E7966DB0C1BB4FBD40F4C2A967102316D523BF2E6C7FBB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................i...i...i..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_69df0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.653802509152435
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM9lUkl/:etGSGPxz/RZTaYlM9l
                                                                                                                                                                                                                            MD5:3EB5E03F26F5BB501BFFEC1FA3E7563E
                                                                                                                                                                                                                            SHA1:84FE10AEDC9F9F7CA194E47DF2622FE54D556DBB
                                                                                                                                                                                                                            SHA-256:DEB06FD231579C784B8A711373AF8BD355B54FE407BFDC1DC638BC05B06114C7
                                                                                                                                                                                                                            SHA-512:B77167825D36E147BDBB21DCCEA270BDF40710010E1D8900158C16154F2418E20DC59EBD8F9D78D5C6F69C96A31B8B98424B4C7EF643E9DB1BB1E1CACBC96AF7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................i...i...i..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_69f70000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6491590643261036
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM89vd:etGSGPxz/RZTaYlM89
                                                                                                                                                                                                                            MD5:7AD76FCBF85ECDC30FFDB5A88E918052
                                                                                                                                                                                                                            SHA1:54018656821FBE7E612B921692F9CA448712ACFD
                                                                                                                                                                                                                            SHA-256:9097EC9C834BB752755100BB566B441D226331D283F2594A6BC81FE7D494E5C9
                                                                                                                                                                                                                            SHA-512:B9307AF18F35878BDA87C54421EF62C6B1934D5168303E302A286EA2BBE93CD48EF06BCC83E075BCD7FD55AF0236E98D76816909C11AA05A83BCC2A1B7295F01
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................i...ip..i..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_69fc0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6701010891014139
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lllI:idq2vVg3F+X324VYxzLtGYKAZTaYlM
                                                                                                                                                                                                                            MD5:67EBC05FF17810AD5B61115565DD49A1
                                                                                                                                                                                                                            SHA1:63AD0A42657F220D9D21F0B6012E9AE5619402DA
                                                                                                                                                                                                                            SHA-256:FEB287B667434E1F0BFA7A5039734EAE6B4F061F5C5E40E37CA74726987DC1DE
                                                                                                                                                                                                                            SHA-512:35C602E431245B9E73221599D5282D58919060A1BEAB283A1E12783F86410570B1BAA9666AB6124A4D3E86110AD8C05AF485B3B28DE8C790187246CA181109B1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................j...j@|.j..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6a200000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6694047575367683
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMHd/:etGSGPxz/RZTaYlMHd/
                                                                                                                                                                                                                            MD5:6C57DB54589E56B3DCA9880D34AB6CFC
                                                                                                                                                                                                                            SHA1:1C7BEB3AEE60FBA03AE5B5CBCA2C2E21D35FBA94
                                                                                                                                                                                                                            SHA-256:82A9CFBF6E46477C4D5D6A1183E4D41665AE6B1C6E0F8709297C0F066EE6CDA3
                                                                                                                                                                                                                            SHA-512:1309A9DE2A9FBD08B96540B15FF0919C368B40B49CD5A3A67E61667A343E466AD72C588821542708DC0C76059ADF00C01972EE3DA5E814E4FAEA89032E7AA305
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`@j.`@j.?@j..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6a670000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6685375679626895
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMckP:etGSGPxz/RZTaYlMTP
                                                                                                                                                                                                                            MD5:5E94B068DD3B0690375BF14FDE367D85
                                                                                                                                                                                                                            SHA1:212389C079A5C54550B59C69C670F81BDE129351
                                                                                                                                                                                                                            SHA-256:BC165EF215E0830C99FED4D0DA535D194EFB79A622F362A4001B49B062D94D0F
                                                                                                                                                                                                                            SHA-512:D64C937F6FD9063BB2539ED17B28B2596629184260D65163DC3ADB3F4181BC4073319D181E2D1501C0F07C13DA8BA885A4BB4605BC7AE6E3BD0688972E08E64B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................j...jl..j..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6a8b0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6721782977560757
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlM9u:etGSGPxz/RZTaYlM9
                                                                                                                                                                                                                            MD5:F5754A6F073BF9D1CF4993C9153D14F7
                                                                                                                                                                                                                            SHA1:0B7C24C52F7498841A531D96FBBEFB4CBFFA4251
                                                                                                                                                                                                                            SHA-256:56DAD7E1A0BFC53C04C8D4564894C2460B6521A26964ED7F5BD7107A2D509ED0
                                                                                                                                                                                                                            SHA-512:F1969CCDB3840A2829C8A90E6E28AC102A40574FF3B4634D7057FC32CD5DE60262EA79E661323AF655A31A287122F6CB19C51F40B55F92C0285996230C9C56AD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ .j. .j...j..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6b080000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.659661884152435
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMIX:etGSGPxz/RZTaYlM
                                                                                                                                                                                                                            MD5:FA640F5B0D064BAE0501123715D2442F
                                                                                                                                                                                                                            SHA1:17C4F1BCAEFCAFB05D9A01A12DB1D381DB2AE92D
                                                                                                                                                                                                                            SHA-256:376ADDB34FBE7EF2FFA48EF74C9AE913411FC5E61EF86D7058034F93730C5044
                                                                                                                                                                                                                            SHA-512:9015402C268FC0B3B6F39DE74BBA28D079962C296682E8CBE418CEEEA1871D8CC5889CF0E6C36539BE476F460DCAE806A32E0E8F9E76639839B71A9B6B67F3A3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................-k..-k..,k..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6b300000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6647204494487509
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMeFrzt:etGSGPxz/RZTaYlMeFV
                                                                                                                                                                                                                            MD5:013939A95448A6B87A766043FEEEF444
                                                                                                                                                                                                                            SHA1:974E783097C7F6F38F2D137CC97B5F49B5B1FAA7
                                                                                                                                                                                                                            SHA-256:B5BA8CE815A7CE9DE51C6BCEA50D52420A35259313125C8AD8012860D56583B9
                                                                                                                                                                                                                            SHA-512:66DDB6CA154BE7CB40BA86973E6969E3D288C09C7A3D701FE88CCDCDED73A4055D3EE6E7701CA02C281EA623C5E04D1591F9D63FDF610368531D92CBD4BA5146
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`Uk.`Uk(@Uk..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6b5b0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.674145727236254
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMaQXl:etGSGPxz/RZTaYlMB1
                                                                                                                                                                                                                            MD5:A3DF630D71E9FCEEF32F81EA109D92A5
                                                                                                                                                                                                                            SHA1:94A8A9EC8D876DFE4BF4FFBA2FF171BCE52ECFD0
                                                                                                                                                                                                                            SHA-256:57534F1E0FEFAE6670AF43CA964A0CD9555E8E1BC0E1B73595E786C903E82BD8
                                                                                                                                                                                                                            SHA-512:CCA5A83A9651C99F9118100BE43CE4E66DF999AD5AD6013F7ABFBF446045C99FC453265D2B8366F83C0354007E1A7E062D00FA8B4BDA3F7727DCDD13605B4889
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................P.k.P.k./.k..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6bc10000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6627106628372827
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMFv/:etGSGPxz/RZTaYlMV
                                                                                                                                                                                                                            MD5:84294A6E40A681D77A6BB62F4E4FB2CB
                                                                                                                                                                                                                            SHA1:69378D417641C4D43A6B1435F7A1C788A268FD88
                                                                                                                                                                                                                            SHA-256:B9ACFA8CBB08E4F043499F1AF1B7853B72EDA74B2C8BC0652DE682C6C31CF4A1
                                                                                                                                                                                                                            SHA-512:4731880A92CCC5A59D3184A565E18869FA18EAE2A4B53196FB83EB038F5E1DE0F2DF38A7B09B68822EFEBA9C5283F801A145E25F975DFB3E986F48C8D34F3239
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................l...lD..l..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6c0a0000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6642825773630998
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMJr:etGSGPxz/RZTaYlMJ
                                                                                                                                                                                                                            MD5:C0E0673706E9DE5ADF67A650644EAA49
                                                                                                                                                                                                                            SHA1:5B1EDE2E1E165CB656B03995D9DE2055869DFCD3
                                                                                                                                                                                                                            SHA-256:1F9AFD8099271B7B2BEEA5D38E0FF9099F3388E4131F076B5F3D1679ADC3D698
                                                                                                                                                                                                                            SHA-512:15F73CC649911F54A869F355890B73648C5EB8ACCD8CDC3209B38AF4302C0CCF24B0868A6EB7A52825D1E92B7FAAD76190B5BD453CBCB9B7C2B3A1A4EC891578
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`.............................................Tl..Tl..Tl..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6c590000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.669404757536768
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:WlWUqt/vll8DYZcFTS9gXeF+X32ZpQ8SVYWufzyQtGYKlml/T5/llXErR/l/lll+:idq2vVg3F+X324VYxzLtGYKAZTaYlMo
                                                                                                                                                                                                                            MD5:1AD2BBA62A6FB4FFE82C2B1FD05CC8A8
                                                                                                                                                                                                                            SHA1:D1FF44E543CB14BE7EF2E1159E5A849BE6670F3B
                                                                                                                                                                                                                            SHA-256:5FBAAB0C308D269E9E28CDEEA3FBD078AFFAE2F2C72669DB3AA474D918C4D953
                                                                                                                                                                                                                            SHA-512:F5862222D0F21806DF72DB89B6D56BF61BF6503109437D264376FC949EC21670B9BD1D423A424A0A819E9CA18817920AE8BD0DB8552C0B5398D9E03AF738DC5E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`..............................................l...lh].l..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6ca20000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6654985075367683
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMpXr/:etGSGPxz/RZTaYlM5r
                                                                                                                                                                                                                            MD5:EE1E3FF2A6E2C7C7453FE1E521CEC950
                                                                                                                                                                                                                            SHA1:86FA1450FF3EE0C45AAC0C1221CC3B255186B2F9
                                                                                                                                                                                                                            SHA-256:D06676575A2D0BF0AC35CBBEE95B97F8A95795A18F4E0C07854AD7261336998C
                                                                                                                                                                                                                            SHA-512:CA35398F959427672846C6F83F3DE47822FDC49C0826AD19CA095BA1437146D31DCB95ADDDC4A83CF3E5F50344CE7DD49F6367BA0305989451100DFCC9EB3280
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................@.l.@.lh#.l..........0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6d280000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6600686989031903
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMHCowl:etGSGPxz/RZTaYlMH6
                                                                                                                                                                                                                            MD5:38EA521A2F0559153A68DC405C23ED8F
                                                                                                                                                                                                                            SHA1:D22D24D496E9C18AAF9BF0F02C4E5E0E2AE51DD7
                                                                                                                                                                                                                            SHA-256:09E39A9DD274AC9AC8703DAB7E2047150553E369E8423366D35D5BBB7CB2E848
                                                                                                                                                                                                                            SHA-512:86EFA09CACC762327F9B81C495B87519EEAF4A3D5A9B2D0685CA3C5A69B2E453791FA4FAF2607309DF0560906EB7A9EA9156F3CEF84080B938A207566B5D5E0D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................`*m.`*m.#*m....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\local\temp\404_6eb40000_tls.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                            Entropy (8bit):1.6545353666355087
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:idq2vVg3F+X324VYxzLtGYKAZTaYlMnL/:etGSGPxz/RZTaYlMnL
                                                                                                                                                                                                                            MD5:1F5AC387DEA592AF2C2052848A7D5A8D
                                                                                                                                                                                                                            SHA1:B69325A55E98607BC03D4A9E8BF6CCC91CA04644
                                                                                                                                                                                                                            SHA-256:0EA9D5CE5FD9AB7ED0C6D209911498BCC9CD7737E4EC168C2304F06D4C30C258
                                                                                                                                                                                                                            SHA-512:46E41F8A31CB4CAB046237E2C9E17B58CD9911F1BA6B7AB76C8FF3FD04C186B2041D0DD712D204890980151EFC82938D6D5041894ED1BE16BC97E00E36FC7905
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U|.U|.U|.X.3.T|.X...T|.RichU|.........................PE..L...xV4............!......................................................... ............@................................. ........................................................................................................................xtlsmal4...........................`............................................ .n. .n..n....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\roaming\meta\@APPDATACOMMON@\ydumnozt.kxd.__meta__

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                            Entropy (8bit):4.260891110799899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:H00lKs5zvmuDyn:lwsdmMyn
                                                                                                                                                                                                                            MD5:032EFF890581C969A281DCEAB927E322
                                                                                                                                                                                                                            SHA1:D46FE8460B5E02DD55CA798DF32661558BC26777
                                                                                                                                                                                                                            SHA-256:9D5636835240C62BFA41149306E7BD92A4F8BEC4A093655FAA185BEBA92054D7
                                                                                                                                                                                                                            SHA-512:0AE3903AA939F8DD6311B4FE73D93D75419A03B2F56298AA770D5503338518B2C5243AD22C98E4E1482A10BE1BBA0FDC8E98A42AF8EB3EA0D97EDAF6E176406A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmmeta.........'V%.f..J.....X..

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\roaming\modified\@APPDATACOMMON@\ydumnozt.kxd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5075
                                                                                                                                                                                                                            Entropy (8bit):6.113060818040102
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:iDtE58Yz5UGZfW3UGzKVBem6tqU1y9uiv6lJlW/V:i658EUGZfczEem2qWy9ux7uV
                                                                                                                                                                                                                            MD5:275625AC660E164AC304A087E658938E
                                                                                                                                                                                                                            SHA1:FB97C50D10529236E42D9FDF4794B084AC16FC1B
                                                                                                                                                                                                                            SHA-256:0262D12C45662D446606635130A69E4DA1CB3913FB3A2031C3B657A516B6714F
                                                                                                                                                                                                                            SHA-512:50B8EAFB374C83196AEA7E0F1179AB78ED3DD2F9550DC0D32AB4CF582E31C9B9E22699EF893EFD07BEB1FAC1738E205C072CB3A37729A7DF097723DCF1FAB660
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:$.....nL.......pZin....Y...$..................................................................................................................................................................P....4$.e...)..5.....$......,$.t....$.....t...4$XSW.$$..$.[......U......,$.....R.W......5.[..6C.]..=......R...h.]~+.4$...........1t$.^..$V....$$R......T$..,...]..R..$ZR..$Z..jYyT1.Z.....R.......u.._....Z.4$......P. ..>R..Y.o...R.Q).Z..XU.......].s...14$34$\h5=.D..$.....U.F.......J....,$..$.4$..$...h..9U..$............]..$.$$h/....4$..$.0}=......A..w...8......R...34$......$........U.4$.............^3.$1.$3.$\.}.....S........+..ZU....~1.]......$...........$.$$.......$........$XV..$.+.....P.....U....o........p.._.......7..eM..q........S..$W........O......p....$..e)...$..e...p...<$........M.~W......$$h..,..$..$..jZVR.<$h...\.<$...W..$_GS..$..i..1.Y.......h.Z2q.g...W..Ww....Asw...HW...........$.n..._......}.,....4$.$$h...L.4$.............$..k.?....w7.......$ST.......$..$.,$...}..$VT.4$^..

                                                                                                                                                                                                                            C:\Users\user\Desktop\Data\xsandbox.bin

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                            Entropy (8bit):2.521782221599798
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Zmf/ln:s
                                                                                                                                                                                                                            MD5:EC3D19E8E9B05D025CB56C2A98EAD8E7
                                                                                                                                                                                                                            SHA1:748532EDEB86496C8EFE5E2327501D89EC1F13DF
                                                                                                                                                                                                                            SHA-256:EDB7BE3EF6098A1E24D0C72BBC6F968DEA773951A0DD07B63BAD6D9009AE3BF4
                                                                                                                                                                                                                            SHA-512:175FB8432472B6795BB5DB0EBA61BC7B57331720825DF5B048F3086815BA844DF4F7E83E42FF9E8FE5AB01700675A774CB916677953D6E0088FFBF1FA2775349
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:xvmsbox.........

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):7.999392230014389
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                            File name:Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            File size:80'474'129 bytes
                                                                                                                                                                                                                            MD5:0cd8f9edc5183f8729598f19cf2da06b
                                                                                                                                                                                                                            SHA1:300049e800fe66c3ea872abf9ac9599b351ba9a6
                                                                                                                                                                                                                            SHA256:9a6d2d6ca21a6b83a31aa5a5f855d653d66096ffe0b25dcdf04f4943e3d3892d
                                                                                                                                                                                                                            SHA512:c558f86674c8bd8514e1c8e40447e07989a18b3dd785dbc304a006e1e050c39c282e39b7c9374ff5cb6303de1b72ad93d5ee5bb8a56b6f74ed864e039d5e8037
                                                                                                                                                                                                                            SSDEEP:1572864:vXF7UdMErU3IRMw17P7F5ye1ddvzw8HN/fngj3h8E1aVNJk4zszlB:v1+MErU3IRj1z7Kivz3fgjR8JvJkIszT
                                                                                                                                                                                                                            TLSH:F30833524A5DC7C2E3481F3061EE607D0A6DDEFEA9E94105C4C0C14D3E9AA6EF7A0EB5
                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n+.Z.........."......P...p......z(.......`....@..........................0.............................................

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:5e635b49593d0d86

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x40287a
                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                            Time Stamp:0x5AF32B6E [Wed May 9 17:10:06 2018 UTC]
                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                            OS Version Minor:1
                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                            File Version Minor:1
                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                            Subsystem Version Minor:1
                                                                                                                                                                                                                            Import Hash:2a23b322f4a5d4d7ef2a2b48495acd72

                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                            and esp, FFFFFFF8h
                                                                                                                                                                                                                            sub esp, 0000088Ch
                                                                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                            mov ebx, ecx
                                                                                                                                                                                                                            push edi
                                                                                                                                                                                                                            mov dword ptr [esp+10h], ebx
                                                                                                                                                                                                                            mov dword ptr [esp+4Ch], ecx
                                                                                                                                                                                                                            mov dword ptr [esp+34h], ecx
                                                                                                                                                                                                                            mov dword ptr [esp+2Ch], ecx
                                                                                                                                                                                                                            mov dword ptr [esp+1Ch], ecx
                                                                                                                                                                                                                            mov dword ptr [esp+50h], ecx
                                                                                                                                                                                                                            mov dword ptr [esp+20h], ecx
                                                                                                                                                                                                                            mov dword ptr [esp+54h], ecx
                                                                                                                                                                                                                            call 00007FCC44692A55h
                                                                                                                                                                                                                            mov esi, dword ptr [004DC014h]
                                                                                                                                                                                                                            call esi
                                                                                                                                                                                                                            and eax, 11h
                                                                                                                                                                                                                            mov dword ptr [esp+3Ch], 00000003h
                                                                                                                                                                                                                            cmp eax, 00000111h
                                                                                                                                                                                                                            je 00007FCC44693006h
                                                                                                                                                                                                                            call esi
                                                                                                                                                                                                                            mov dword ptr [00406040h], eax
                                                                                                                                                                                                                            mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                            mov dword ptr [esp+18h], eax
                                                                                                                                                                                                                            mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                            mov dword ptr [esp+30h], eax
                                                                                                                                                                                                                            mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                            mov dword ptr [esp+24h], eax
                                                                                                                                                                                                                            jmp 00007FCC446930B6h
                                                                                                                                                                                                                            mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                            mov ecx, dword ptr [esp+20h]
                                                                                                                                                                                                                            mov dword ptr [esp+30h], eax
                                                                                                                                                                                                                            mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                            mov dword ptr [esp+18h], ecx
                                                                                                                                                                                                                            mov dword ptr [esp+24h], eax
                                                                                                                                                                                                                            mov esi, ebx
                                                                                                                                                                                                                            push 00000004h
                                                                                                                                                                                                                            push 00001000h
                                                                                                                                                                                                                            push ecx
                                                                                                                                                                                                                            push 00000000h
                                                                                                                                                                                                                            call dword ptr [004DC05Ch]
                                                                                                                                                                                                                            mov edi, eax
                                                                                                                                                                                                                            call 00007FCC44693BEAh
                                                                                                                                                                                                                            mov ecx, eax
                                                                                                                                                                                                                            sub ecx, dword ptr [00406040h]
                                                                                                                                                                                                                            xor edx, edx
                                                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                                                            div dword ptr [esp+3Ch]
                                                                                                                                                                                                                            test ecx, FFFF8000h
                                                                                                                                                                                                                            je 00007FCC44692FF5h
                                                                                                                                                                                                                            test edx, edx
                                                                                                                                                                                                                            je 00007FCC446937CDh

                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xdc0740x28.idata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xde0000x248be.rsrc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xdd0000x248.reloc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0xdc0000x74.idata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                            .text0x10000x45740x4600097f87feef4e9836a899bdac9e50b6c0False0.5686941964285714data6.360440384903771IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .data0x60000x4600x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .xcpad0x70000xd50000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0
                                                                                                                                                                                                                            .idata0xdc0000x36c0x400543953fe66b0720f1740bdd0d222e2d3False0.4287109375data4.351609356800353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .reloc0xdd0000x2480x4008d23464b94af92ae72e33b90b8465fe7False0.55078125data4.3868706265282915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .rsrc0xde0000x248be0x24a00ba39a09b5c508a4931f56865522f5ec2False0.45735788182593856data5.946110885118665IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                            RT_ICON0xde2200xbba4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedRussianRussia0.9963152635523358
                                                                                                                                                                                                                            RT_ICON0xe9dc40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536RussianRussia0.16182124689459362
                                                                                                                                                                                                                            RT_ICON0xfa5ec0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384RussianRussia0.22726735947094945
                                                                                                                                                                                                                            RT_ICON0xfe8140x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216RussianRussia0.28827800829875516
                                                                                                                                                                                                                            RT_ICON0x100dbc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096RussianRussia0.36374296435272047
                                                                                                                                                                                                                            RT_ICON0x101e640x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024RussianRussia0.5824468085106383
                                                                                                                                                                                                                            RT_GROUP_ICON0x1022cc0x5adataRussianRussia0.7666666666666667
                                                                                                                                                                                                                            RT_VERSION0x1023260x40cdataRussianRussia0.43243243243243246
                                                                                                                                                                                                                            RT_MANIFEST0x1027320x18cXML 1.0 document, ASCII text, with CRLF line terminators0.5277777777777778

                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                            KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, GetProcAddress, GetModuleHandleW, GetTickCount, GetModuleFileNameW, SetEnvironmentVariableW, IsWow64Process, GetCurrentProcess, OpenProcess, GetLastError, DuplicateHandle, GetCommandLineW, OpenFileMappingW, MapViewOfFile, SetEvent, UnmapViewOfFile, CloseHandle, GetCommandLineA, CreateFileW, CreateFileMappingW, GetFileSizeEx, VirtualAlloc, VirtualFree, LoadLibraryW, ExitProcess, GetModuleHandleA

                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                            RussianRussia

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.516252041 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.516309977 CEST44349730172.67.75.65192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.516381979 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.546323061 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.546391010 CEST44349730172.67.75.65192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:36.170461893 CEST44349730172.67.75.65192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:36.170753002 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:36.859743118 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:36.859801054 CEST44349730172.67.75.65192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:36.860270023 CEST44349730172.67.75.65192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:36.860335112 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:36.871023893 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:36.911331892 CEST44349730172.67.75.65192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:37.316898108 CEST44349730172.67.75.65192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:37.316957951 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:37.316968918 CEST44349730172.67.75.65192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:37.317018032 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:37.317091942 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:37.317123890 CEST44349730172.67.75.65192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:37.317137003 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:37.317169905 CEST49730443192.168.2.4172.67.75.65
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.134146929 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.134197950 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.134270906 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.140691996 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.140741110 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.140806913 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.199218035 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.199225903 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.199239969 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.199263096 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.151333094 CEST49738443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.151424885 CEST4434973884.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.151524067 CEST49738443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.194269896 CEST49738443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.194346905 CEST4434973884.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.288218021 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.288388968 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.292711020 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.292793036 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.838280916 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.838372946 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.838426113 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.838506937 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.838973045 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.839035988 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.839401007 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.839473009 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.843228102 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.843867064 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.883335114 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.887367964 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.101473093 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.101604939 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.101665020 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.101699114 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.101721048 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.101752996 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.114854097 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.114912033 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.114938021 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.115008116 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.115072966 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.115072966 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.117768049 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.117821932 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.117842913 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.117894888 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.117908955 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.117953062 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.293737888 CEST4434973884.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.293807030 CEST49738443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.297457933 CEST49738443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.297473907 CEST4434973884.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.297873020 CEST4434973884.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:55.340781927 CEST49738443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.212651968 CEST49738443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.217933893 CEST49736443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.217971087 CEST4434973684.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.221735001 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.221776962 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.221842051 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.222465038 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.222481966 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.259330988 CEST4434973884.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.273583889 CEST49735443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.273654938 CEST4434973584.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.275352955 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.275392056 CEST4434974184.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.275506973 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.276021957 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.276029110 CEST4434974184.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.316400051 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.321822882 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.321932077 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.322779894 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.328103065 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.467525005 CEST4434973884.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.467761993 CEST4434973884.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.468563080 CEST49738443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.468909979 CEST49738443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.468952894 CEST4434973884.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151599884 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151719093 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151743889 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151750088 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151782036 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151784897 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151787996 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151818991 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151819944 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151858091 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151873112 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151909113 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151909113 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151945114 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.324354887 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.324426889 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.363461018 CEST4434974184.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.363698006 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.437068939 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.437081099 CEST4434974184.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.446901083 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.446906090 CEST4434974184.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.447308064 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.447343111 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.449196100 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.449201107 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.701276064 CEST4434974184.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.701339006 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.701353073 CEST4434974184.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.701397896 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.701435089 CEST4434974184.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.701482058 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.728569984 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.728636026 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.728663921 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.728703022 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.728851080 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.728893042 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.729116917 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.729161978 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.883836985 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.885395050 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.885716915 CEST49741443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.885740042 CEST4434974184.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.889487028 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.890818119 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.890913010 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.891107082 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.896475077 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.899900913 CEST49740443192.168.2.484.16.252.107
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.899926901 CEST4434974084.16.252.107192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128801107 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128869057 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128875017 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128923893 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128932953 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128958941 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128973007 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.129009962 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.129014969 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.129089117 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.129406929 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.129456997 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.132038116 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.132090092 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.132098913 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.132133961 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.132141113 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.132174015 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.132225990 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.135529041 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.135562897 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.135592937 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.135596037 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.135613918 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.135636091 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.138748884 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.138802052 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.138864994 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246376991 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246437073 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246469975 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246500969 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246504068 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246551991 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246551991 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246695042 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246747017 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246783972 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246799946 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246819019 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246823072 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.246871948 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.247510910 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.247564077 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.247580051 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.247596979 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.247618914 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.247631073 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.247678995 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249341965 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249373913 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249408960 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249417067 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249418020 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249442101 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249450922 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249490023 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249675989 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.249735117 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252473116 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252526999 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252528906 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252559900 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252593040 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252593994 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252610922 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252654076 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252839088 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.252898932 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.253314018 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.258702993 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.500294924 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.500341892 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.500374079 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.500380993 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.500411987 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.500427961 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.500427961 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.500466108 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.503550053 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.503583908 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.503607988 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.503618002 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.503627062 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.503680944 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.506953955 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.506989002 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.507019997 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.507023096 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.507040977 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.507074118 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.510152102 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.510188103 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.510207891 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.510221004 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.510252953 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.510272026 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.513331890 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.513365030 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.513400078 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.513402939 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.513402939 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.513484001 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.516710043 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.516743898 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.516777992 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.516808033 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.516843081 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.521302938 CEST804974218.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.521359921 CEST4974280192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725642920 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725702047 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725732088 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725755930 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725788116 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725822926 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725826979 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725826979 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725856066 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725858927 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725888968 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725898027 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725920916 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725939035 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725955963 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725972891 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725991011 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.726001978 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.726032972 CEST4974480192.168.2.418.66.112.49
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.733208895 CEST804974418.66.112.49192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.733329058 CEST4974480192.168.2.418.66.112.49

                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.480741024 CEST6494053192.168.2.41.1.1.1
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.489494085 CEST53649401.1.1.1192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:52.846982956 CEST5223853192.168.2.41.1.1.1
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.063520908 CEST53522381.1.1.1192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.133040905 CEST5872353192.168.2.41.1.1.1
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.143421888 CEST53587231.1.1.1192.168.2.4
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.292233944 CEST5595153192.168.2.41.1.1.1
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.314865112 CEST53559511.1.1.1192.168.2.4

                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.480741024 CEST192.168.2.41.1.1.10x2e04Standard query (0)start.turbo.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:52.846982956 CEST192.168.2.41.1.1.10x5c19Standard query (0)mip2.movavi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.133040905 CEST192.168.2.41.1.1.10x986cStandard query (0)codec-activate.movavi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.292233944 CEST192.168.2.41.1.1.10xeb12Standard query (0)img.movavi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.489494085 CEST1.1.1.1192.168.2.40x2e04No error (0)start.turbo.net172.67.75.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.489494085 CEST1.1.1.1192.168.2.40x2e04No error (0)start.turbo.net104.26.15.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:35.489494085 CEST1.1.1.1192.168.2.40x2e04No error (0)start.turbo.net104.26.14.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.063520908 CEST1.1.1.1192.168.2.40x5c19No error (0)mip2.movavi.comlsw-03-balancer.movavi.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:53.063520908 CEST1.1.1.1192.168.2.40x5c19No error (0)lsw-03-balancer.movavi.com84.16.252.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.143421888 CEST1.1.1.1192.168.2.40x986cNo error (0)codec-activate.movavi.comlsw-03-balancer.movavi.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:54.143421888 CEST1.1.1.1192.168.2.40x986cNo error (0)lsw-03-balancer.movavi.com84.16.252.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.314865112 CEST1.1.1.1192.168.2.40xeb12No error (0)img.movavi.comdb4t5hkfesjuw.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.314865112 CEST1.1.1.1192.168.2.40xeb12No error (0)db4t5hkfesjuw.cloudfront.net18.66.112.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.314865112 CEST1.1.1.1192.168.2.40xeb12No error (0)db4t5hkfesjuw.cloudfront.net18.66.112.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.314865112 CEST1.1.1.1192.168.2.40xeb12No error (0)db4t5hkfesjuw.cloudfront.net18.66.112.127A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.314865112 CEST1.1.1.1192.168.2.40xeb12No error (0)db4t5hkfesjuw.cloudfront.net18.66.112.33A (IP address)IN (0x0001)false

                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                            • start.turbo.net
                                                                                                                                                                                                                            • mip2.movavi.com
                                                                                                                                                                                                                            • codec-activate.movavi.com
                                                                                                                                                                                                                            • img.movavi.com

                                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            0192.168.2.44974218.66.112.4980404C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            Oct 25, 2024 10:04:56.322779894 CEST335OUTGET /webnagscreens/crossale_suite/style.css HTTP/1.1
                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                            Host: img.movavi.com
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151599884 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Content-Type: text/css
                                                                                                                                                                                                                            Content-Length: 5877
                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 06:30:27 GMT
                                                                                                                                                                                                                            Last-Modified: Thu, 09 Feb 2017 08:57:25 GMT
                                                                                                                                                                                                                            ETag: "f1759a3a2e4a1322edfad7386beb3a9e"
                                                                                                                                                                                                                            x-amz-meta-s3b-last-modified: 20170209T085719Z
                                                                                                                                                                                                                            x-amz-version-id: null
                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                            Server: AmazonS3
                                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                            X-Cache: Hit from cloudfront
                                                                                                                                                                                                                            Via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                            X-Amz-Cf-Pop: FRA56-P5
                                                                                                                                                                                                                            X-Amz-Cf-Id: YJaP69t0a5w2RX9ZqR9Cc_3mempv4VjCTqErGRTMBxiGkOMy_AYd1A==
                                                                                                                                                                                                                            Age: 5670
                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint
                                                                                                                                                                                                                            Report-To: {"group": "csp-endpoint", "max_age":86400,"endpoints":[{"url":"https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production"}]}
                                                                                                                                                                                                                            Data Raw: 2f 2a 09 54 68 61 74 20 69 73 20 61 20 6d 61 69 6e 20 63 73 73 20 66 69 6c 65 20 66 6f 72 20 63 72 6f 73 73 61 6c 65 20 73 75 69 74 65 20 2a 2f 0a 0a 2a 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0a 7d 0a 3a 66 6f 63 75 73 20 7b 0a 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 77 69 64 74 68 3a 20 38 30 30 70 78
                                                                                                                                                                                                                            Data Ascii: /*That is a main css file for crossale suite */* {margin: 0px;padding: 0px;}:focus {outline: none;}body {overflow: hidden;font-family: Arial, sans-serif;}.container {width: 800px
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151719093 CEST212INData Raw: 3b 0a 09 68 65 69 67 68 74 3a 20 34 35 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 62 39 63 62 65 31 20 75 72 6c 28 27 65 6e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 2e 63 6f 6e 74 61 69 6e 65 72 2e 64 65 20 7b 0a
                                                                                                                                                                                                                            Data Ascii: ;height: 450px;background: #b9cbe1 url('en.png') no-repeat;}.container.de {background: #b9cbe1 url('de.png') no-repeat;}.container.ru{background: #b9cbe1 url('ru.png') no-repeat;}.container.es{bac
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151750088 CEST1236INData Raw: 6b 67 72 6f 75 6e 64 3a 20 23 62 39 63 62 65 31 20 75 72 6c 28 27 65 73 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 2e 63 6f 6e 74 61 69 6e 65 72 2e 66 72 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 62 39 63 62 65 31 20 75
                                                                                                                                                                                                                            Data Ascii: kground: #b9cbe1 url('es.png') no-repeat;}.container.fr {background: #b9cbe1 url('fr.png') no-repeat;}.container.it {background: #b9cbe1 url('it.png') no-repeat;}.container.jp {background: #b9cbe1 url('jp.png') no-repeat;}.contai
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151784897 CEST1236INData Raw: 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 35 70 78 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 69 74 20 2e 68 65 61 64 6c 69 6e 65 2c 20 2e 66 72 20 2e 68 65 61 64 6c 69 6e 65 20 7b 0a 09 66 6f 6e 74 2d 73
                                                                                                                                                                                                                            Data Ascii: line-height: 45px;text-align: center;}.it .headline, .fr .headline {font-size: 32px;}#btn_checkbox, .checkbox {padding: 360px 0 0 32px;font-size: 12px;}.dontshow, #dontshow {margin:0; vertical-align:middle;display: inline-block
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151818991 CEST1236INData Raw: 67 69 6e 3a 20 30 20 30 20 32 70 78 20 30 3b 0a 7d 0a 2e 73 74 72 69 70 65 20 70 20 7b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 34 70 78 20 30 20 30 20 30 3b 0a 7d 0a 2e 73 74 72 69 70 65 2e 62 69 67
                                                                                                                                                                                                                            Data Ascii: gin: 0 0 2px 0;}.stripe p {font-size: 12px;padding: 4px 0 0 0;}.stripe.big p {padding: 2px 0 0 0;}.stripe.big p {line-height: 16px;}.it .stripe.big p, .it .stripe-5 p {padding: 1px 0 0 0;}.fr .stripe-5 p, .es .stripe-5 p, .
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151873112 CEST636INData Raw: 74 6e 5f 63 6c 6f 73 65 5f 6e 6c 2e 70 6e 67 22 29 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 2e 70 6c 20 2e 63 6c 6f 73 65 20 73 70 61 6e 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 62 74 6e 5f 63 6c 6f 73 65 5f 70 6c 2e 70 6e
                                                                                                                                                                                                                            Data Ascii: tn_close_nl.png") no-repeat;}.pl .close span {background: url("btn_close_pl.png") no-repeat;}.pt .close span {background: url("btn_close_pt.png") no-repeat;}.tr .close span {background: url("btn_close_tr.png") no-repeat;}.cn .clo
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.151909113 CEST1121INData Raw: 6f 75 6e 64 3a 20 75 72 6c 28 22 62 74 6e 5f 62 75 79 5f 72 75 2e 70 6e 67 22 29 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 7d 0a 2e 66 72 20 2e 62 75 79 20 73 70 61 6e 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 62 74 6e 5f 62 75 79
                                                                                                                                                                                                                            Data Ascii: ound: url("btn_buy_ru.png") no-repeat;}.fr .buy span {background: url("btn_buy_fr.png") no-repeat;}.es .buy span {background: url("btn_buy_es.png") no-repeat;}.it .buy span {background: url("btn_buy_it.png") no-repeat;}.jp .buy s
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.883836985 CEST332OUTGET /webnagscreens/crossale_suite/it.png HTTP/1.1
                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                            Host: img.movavi.com
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128801107 CEST989INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Content-Type: image/png
                                                                                                                                                                                                                            Content-Length: 38149
                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 07:50:03 GMT
                                                                                                                                                                                                                            Last-Modified: Wed, 19 Nov 2014 07:38:30 GMT
                                                                                                                                                                                                                            ETag: "697d3b9663340d6e6b986b6554860060"
                                                                                                                                                                                                                            x-amz-version-id: null
                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                            Server: AmazonS3
                                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                            X-Cache: Hit from cloudfront
                                                                                                                                                                                                                            Via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                            X-Amz-Cf-Pop: FRA56-P5
                                                                                                                                                                                                                            X-Amz-Cf-Id: Z2Fa7aanonnXT_lHyxQstfuizKUiBBURN4Mxy9IkFiV_aSfyMyHM6w==
                                                                                                                                                                                                                            Age: 896
                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint
                                                                                                                                                                                                                            Report-To: {"group": "csp-endpoint", "max_age":86400,"endpoints":[{"url":"https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production"}]}
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128869057 CEST1236INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 20 00 00 01 c2 08 03 00 00 00 20 bd 5d fa 00 00 03 00 50 4c 54 45 5e 79 a6 bc cb de d9 d9 d9 54 6f 9f 5e 79 a8 60 78 a5 bb cd de 7c 95 bd 59 74 a2 5e 79 a4 51 6e 9c 0f 11 11 63 7e a9 80 99
                                                                                                                                                                                                                            Data Ascii: PNGIHDR ]PLTE^yTo^y`x|Yt^yQnc~xnf[wqkuVr`x`zWrta|_zi_{rz]xTkC_]ydz !_y
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128923893 CEST1236INData Raw: 3c 6a 56 17 84 7b df a9 0f 9d 65 33 16 52 ea 5c 70 29 11 0f 30 59 98 65 7e b3 dc c7 a0 db fb 8f d2 b1 7f cd 0a fa 5b 48 31 ff 3a 89 32 29 11 10 b8 00 14 90 c9 cd ee ee cc b1 8f 0a 79 fc 07 fa 2e d6 bf 96 7e 6c bf 8c a3 4c 65 43 72 22 01 0c a6 02
                                                                                                                                                                                                                            Data Ascii: <jV{e3R\p)0Ye~[H1:2)y.~lLeCr"rm]XB` 2 9mPU@$d2z@YPB7\=Dgy%eCc0!V>_Y"9q%|]bAH}@\rcsF;R@
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.128958941 CEST1236INData Raw: f3 76 e4 55 a4 00 78 4d 2a c5 d3 e3 72 b7 a8 85 94 ec 48 47 04 84 75 46 9e c6 3c 56 b5 05 f0 e2 3c 5a 2d a6 54 ac d7 f9 03 d2 7e 72 7a 27 21 ac 2d 2d 65 c6 f0 ba 82 cb 70 f7 df f3 36 21 de a9 f9 38 26 20 e4 ef 2d 5f ef 0e 6c 38 78 15 ba 4c 78 7f
                                                                                                                                                                                                                            Data Ascii: vUxM*rHGuF<V<Z-T~rz'!--ep6!8& -_l8xLx/pNdlYUuYtvH}l?w]FD/vJArtB*^yAPCqt_1y)jkzy/H\wB@`w;,v$z
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.129014969 CEST1236INData Raw: f7 2e 4b 87 7e f8 3e cf 93 bb 28 06 0a 72 6a 08 e6 4e 04 c9 0f 11 c4 d6 43 e6 da 9a 1b 6a 91 6b d3 42 a8 49 48 18 69 1a f5 46 33 24 d1 84 cf af 52 72 60 13 48 3d 64 7c 88 e8 80 21 a0 2c 0e 8d 62 8c b1 76 4a a1 18 c8 30 41 f6 9a e4 3f 08 42 5d a2
                                                                                                                                                                                                                            Data Ascii: .K~>(rjNCjkBIHiF3$Rr`H=d|!,bvJ0A?B]TrF"n >ddD?$z~Hw`+",N^S?b=&!D<v5Z)dBOvtH2>(:|~J,`+HnTAx]Bv#j,f5B[d
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.253314018 CEST340OUTGET /webnagscreens/crossale_suite/btn_buy_it.png HTTP/1.1
                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                            Host: img.movavi.com
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.500294924 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Content-Type: image/png
                                                                                                                                                                                                                            Content-Length: 18237
                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 07:50:04 GMT
                                                                                                                                                                                                                            Last-Modified: Tue, 04 Mar 2014 06:01:54 GMT
                                                                                                                                                                                                                            ETag: "fc2597c59c8c818796b58a044ba05be1"
                                                                                                                                                                                                                            x-amz-meta-cb-modifiedtime: Tue, 04 Mar 2014 05:58:09 GMT
                                                                                                                                                                                                                            x-amz-version-id: null
                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                            Server: AmazonS3
                                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                            X-Cache: Hit from cloudfront
                                                                                                                                                                                                                            Via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                            X-Amz-Cf-Pop: FRA56-P5
                                                                                                                                                                                                                            X-Amz-Cf-Id: 5CZB6fBTDoXhHa8bO12Nktul2O6kZ4cEHyA9pPDfKOCu214xp9w9EQ==
                                                                                                                                                                                                                            Age: 895
                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint
                                                                                                                                                                                                                            Report-To: {"group": "csp-endpoint", "max_age":86400,"endpoints":[{"url":"https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production"}]}
                                                                                                                                                                                                                            Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 24 00 00 00 27 08 02 00 00 00 29 78 a2 a1 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 1a 74 45 58 74 53 6f 66 74 77 61 72 65 00 50 61 69 6e 74 2e 4e 45 54 20 76 33 2e 35 2e 31 30 30 f4 72 a1 00 00 46 ac 49 44 41 54 78 5e ed bd 87 77 1c c7 95 2f ac ff e0 7b 9f 83 24 07 05 ca ca 22 29 e6 9c 29 92 00 33 40 00 0c 00 48 82 99 54 a0 c4 28 4a 72 f6 da 6b fb d9 6b ef db b5 bc bb 0e 92 b3 1c 56 5e
                                                                                                                                                                                                                            Data Ascii: PNGIHDR$')xsRGBgAMAapHYs~tEXtSoftwarePaint.NET v3.5.100rFIDATx^w/{$"))3@HT(JrkkV^


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            1192.168.2.44974418.66.112.4980404C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            Oct 25, 2024 10:04:57.891107082 CEST342OUTGET /webnagscreens/crossale_suite/btn_close_it.png HTTP/1.1
                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                            Host: img.movavi.com
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725642920 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Content-Type: image/png
                                                                                                                                                                                                                            Content-Length: 10564
                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 07:50:04 GMT
                                                                                                                                                                                                                            Last-Modified: Tue, 04 Mar 2014 06:01:58 GMT
                                                                                                                                                                                                                            ETag: "a486b43dd1e8543cf1edbcf5111a8969"
                                                                                                                                                                                                                            x-amz-meta-cb-modifiedtime: Tue, 04 Mar 2014 05:56:40 GMT
                                                                                                                                                                                                                            x-amz-version-id: null
                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                            Server: AmazonS3
                                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                            X-Cache: Hit from cloudfront
                                                                                                                                                                                                                            Via: 1.1 0162e02b2d0212054988a68716227daa.cloudfront.net (CloudFront)
                                                                                                                                                                                                                            X-Amz-Cf-Pop: FRA56-P5
                                                                                                                                                                                                                            X-Amz-Cf-Id: TuCpiPVFnrH4vHcwqgHC8u02DpiF50CNIE7RIeaznshuRP9cX4a31A==
                                                                                                                                                                                                                            Age: 895
                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint
                                                                                                                                                                                                                            Report-To: {"group": "csp-endpoint", "max_age":86400,"endpoints":[{"url":"https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production"}]}
                                                                                                                                                                                                                            Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 24 00 00 00 27 08 02 00 00 00 29 78 a2 a1 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 1a 74 45 58 74 53 6f 66 74 77 61 72 65 00 50 61 69 6e 74 2e 4e 45 54 20 76 33 2e 35 2e 31 30 30 f4 72 a1 00 00 28 b3 49 44 41 54 78 5e ed 9d e7 7b 5b 37 b2 c6 fd 27 ef 73 ef dd 24 4e b2 f1 da b1 65 f5 46 75 51 2c 6a 94 a8 c2 de 8b 44 f5 e6 a6 5e 5c e2 64 4b 36 db b2 25 f9 7c 7f 38 2f 0d 33 47 94 23 6a 4b
                                                                                                                                                                                                                            Data Ascii: PNGIHDR$')xsRGBgAMAapHYs~tEXtSoftwarePaint.NET v3.5.100r(IDATx^{[7's$NeFuQ,jD^\dK6%|8/3G#jK
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725702047 CEST1236INData Raw: f2 c1 f3 4c 90 39 83 17 03 1c cc 0c 0a 25 53 b7 0a 7b 2f 2f 73 f1 d1 ab fc a3 97 f9 dd 17 b9 9d 97 c5 dd 2f e0 fc f6 f3 ec ce 69 6e f7 2c bb 7d 91 de 3c 4b 6d 9c 52 e6 76 9e c3 99 ad 73 1e 33 1b 67 75 19 98 18 98 95 df c1 d9 cd 73 d8 65 c4 70 bd
                                                                                                                                                                                                                            Data Ascii: L9%S{//s/in,}<KmRvs3gusep(7|Y.!Y8yZ0}dd{_H0}/n<W_B~Nn>7m_d2|S"{QyU{mdk|T?7F:'Mz4mMgN>e
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725755930 CEST1236INData Raw: e9 97 ae cd 4d 99 86 d2 b0 83 8f af ec 97 76 ce c7 e7 b3 c3 81 99 8e 9e be d0 4c b8 bc b4 0a 97 ca cb f9 42 29 9b 2b c0 85 62 b9 bc 54 29 be a7 1b 51 21 57 2c 17 59 b2 96 0a 85 c2 d2 12 e9 57 98 09 87 3a 3d 5d fd de c9 50 24 9f df 38 26 89 e2 ab
                                                                                                                                                                                                                            Data Ascii: MvLB)+bT)Q!W,YW:=]P$8&'.Lm)fq|U`lxfvq>&Vu@)ff(B3/._)pI2kIEsS_=,nlr}T*Mrlh&FE4|;A*CBaT.3
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725788116 CEST636INData Raw: 8c 50 a2 5c 5b 5b 5b 5e 5e 06 c9 63 30 18 94 b2 51 7a f1 e2 05 6e c3 61 ea 42 99 ff d3 12 23 81 aa 0f 0e cd 86 e7 67 67 26 83 01 6f 47 4f 5f cf d8 5c 7e f7 55 62 ed 54 c9 86 9b 0a bb 17 78 8d bd 2e b5 71 4e 2a fa 42 e9 11 5f 30 1a 8d 93 69 e9 54
                                                                                                                                                                                                                            Data Ascii: P\[[[^^c0QznaB#gg&oGO_\~UbTx.qN*B_0iT&"!"U2?d(1cR<{eAT+vN=~XtoeS&l&us#nvYir:_.rRcfJ"P>%3
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725822926 CEST1236INData Raw: 17 1a 0e e4 c2 93 06 90 12 4f 89 6a 02 d0 49 15 6a 71 f1 f9 f9 39 b5 4e 0f 8d 11 d6 64 ca 26 1b 4a cc aa f6 e7 43 1c 28 cc 84 b3 c1 19 39 86 1f 3d 43 be f9 f4 4a 6a ed 04 d6 cd ed 16 c7 92 d4 da 59 8a 4b f6 c6 49 d7 e0 78 57 df 90 cf 1f d4 9e 46
                                                                                                                                                                                                                            Data Ascii: OjIjq9Nd&JC(9=CJjYKIxWFdA@`gF^?}\a/sH0ydXzDF2%~_4KiIo;0_O9;.<}Sqv"ivddCH&b(4\+z
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725856066 CEST1236INData Raw: 9b df fc 06 c0 f1 f1 31 fe a2 c9 da da 1a 3d 82 51 36 02 78 f4 e8 11 ee a0 21 5e 63 db e4 11 fb ba 6a 1e 1d 1d 61 87 56 04 98 56 13 36 4c 26 50 0d 95 6f 80 1b 22 33 6e 28 6a 5e ca 9c de 63 71 56 c0 07 cd 1d 36 d9 32 5b e7 66 67 63 9b 8b 2c ef e7
                                                                                                                                                                                                                            Data Ascii: 1=Q6x!^cjaVV6L&Po"3n(j^cqV62[fgc,6?[z:Z[[[ZZ>|_ CJ.=%]S_LHJ0k4 XY)zAy}N %C4aLSwh{;>y104gVM<F)F(B`3-
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725888968 CEST424INData Raw: c0 68 90 54 71 f5 67 48 38 09 19 12 8c 56 18 e4 91 de 41 52 ca 8e 9a 5c 93 04 a6 61 47 47 57 af a7 93 55 96 65 9d 64 6b ea e8 e7 18 c9 b2 88 f3 38 8c 98 9b f6 ca 51 72 9d cb db 49 47 9f 77 d4 eb 23 c9 f5 31 af 71 b9 13 2b 0a ee 46 49 d1 46 70 2b
                                                                                                                                                                                                                            Data Ascii: hTqgH8VAR\aGGWUedk8QrIGw#1q+FIFp+Iz#jGSdb2X#$JzM+i2xECNGP0BK#cG=6Dz;Qgf_qq<GlAc<A1adN\_f
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725920916 CEST1236INData Raw: ba 63 7e 98 52 04 88 48 a5 96 cd 87 56 4c 14 00 a5 a2 35 ce 6c 03 26 e8 d5 05 e7 46 1e 51 0a 40 8f 58 a3 2d f3 89 46 3d 12 21 52 62 90 c7 52 a9 c4 e3 ef 7f ff 7b 16 17 06 43 a7 c0 56 57 57 01 70 e8 c0 08 ae 27 d9 e8 97 dd 4f bd d0 8a 01 d3 11 af
                                                                                                                                                                                                                            Data Ascii: c~RHVL5l&FQ@X-F=!RbR{CVWWp'OPJ/8"`pbp5eUs4?5<zJT:kndA4D(1AF2M#xIdD{)o4lA"SZR/j`x`Z&4`
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725955963 CEST1236INData Raw: 57 35 ae d6 2c 8e 78 ca 24 5b 71 f7 25 cc 03 c9 c6 e1 32 b7 f2 ec d7 0f bb 5a 3a 7b 46 47 86 e0 a1 81 c1 81 be 2a 13 01 44 46 35 1c 6a c8 44 d3 d5 24 0c d1 06 29 82 6d 13 04 96 73 04 65 0e 02 18 a7 a6 1a a9 3c aa 47 3d aa a1 c5 f0 28 8d 64 4a 30
                                                                                                                                                                                                                            Data Ascii: W5,x$[q%2Z:{FG*DF5jD$)mse<G=(dJ0HUCQL-*Z<"HFXJ50.VA,|xng>-2qx$7>gM2)C@!j)6(.<hl&HZIW
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.725991011 CEST1236INData Raw: d9 b4 b3 99 3f cb 60 fe 16 ce 45 76 d3 f9 ae c2 e5 a7 4b 1b a7 03 de f0 fd 96 2e 4f 7f 9f df 3f e6 7c 94 3c ee 1d 35 1f 55 11 0d 2e aa ab 14 11 43 d4 12 46 44 15 8f 92 25 50 12 8b 56 d6 a3 f0 08 94 26 7e df fc d0 83 92 86 04 25 65 6d 95 04 62 54
                                                                                                                                                                                                                            Data Ascii: ?`EvK.O?|<5U.CFD%PV&~%embT Sej,`MC"dV29`I0.l)vna4x+d:4sbIMS$%BCD@#h,BU^Z*dG#
                                                                                                                                                                                                                            Oct 25, 2024 10:04:58.733208895 CEST664INData Raw: 60 96 5d 30 cb 2e 98 65 17 cc b2 0b 66 d9 05 b3 ec 82 59 76 c1 2c bb 60 96 e7 33 db f0 65 e5 5c 72 95 04 8b e5 b7 71 dc 7c 7e 73 a1 b4 c7 86 14 e3 34 b1 f2 4c bf 6d 6c be 45 f7 cd 81 bf fc 43 37 b9 93 0d b6 9e 93 9b 91 59 62 c9 57 d6 5a dc b6 48
                                                                                                                                                                                                                            Data Ascii: `]0.efYv,`3e\rq|~s4LmlEC7YbWZH{8\sEoogp-Fm.x\UVYw`p-2m;-v]\@RS]8u|e{^|x-o zk..I


                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            0192.168.2.449730172.67.75.654436820C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2024-10-25 08:04:36 UTC500OUTPOST /services/1.0/activity/vm-18.4.1281.0/run HTTP/1.1
                                                                                                                                                                                                                            Spoon-ConfigId: 9D0F48FB-5A85-4D60-82CD-6B9F784D932B
                                                                                                                                                                                                                            Spoon-ConfigDigest: dd217e68ba4377edc484768b4f73528b
                                                                                                                                                                                                                            Spoon-BuildId: CFFB171A-E983-4234-BD47-C5170F552F60
                                                                                                                                                                                                                            Spoon-MacDigest: C3F43D71F2ADABCC8BFCAAC51BBDEC9C71A3BF08
                                                                                                                                                                                                                            Spoon-DeviceIp: 192.168.2.4
                                                                                                                                                                                                                            Spoon-TrialProduct: True
                                                                                                                                                                                                                            Spoon-StartupFile: @APPDATA@\Movavi Slideshow Maker 4\SlideshowMaker.exe
                                                                                                                                                                                                                            User-Agent: SpoonVm/1.0
                                                                                                                                                                                                                            Host: start.turbo.net
                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                            2024-10-25 08:04:37 UTC687INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 08:04:37 GMT
                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Cache-Control: public
                                                                                                                                                                                                                            X-AspNet-Version: 4.0.30319
                                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains;
                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nDcq%2BMCFT5A%2Ba1IA3Oiod14%2FNQH8QTaUztNOuBKZoCAXcgL6eMNoNiXkSM%2F%2BJ%2ByTKEiE%2Bw5ewHBfOK0r%2Bmo1DzWmahxDh04RLgLqOMPT%2Foa4%2FJDUmO3mwcGdaPN%2B3d%2BoVg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                            CF-RAY: 8d80b262da3b462c-DFW


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            1192.168.2.44973684.16.252.107443404C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2024-10-25 08:04:54 UTC508OUTGET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_start&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key= HTTP/1.1
                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                            Host: mip2.movavi.com
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            2024-10-25 08:04:55 UTC349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 08:04:55 GMT
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                            X-Error-Ex: Not found nagscreens from DB
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                            2024-10-25 08:04:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            2192.168.2.44973584.16.252.107443404C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2024-10-25 08:04:54 UTC508OUTGET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=app_close&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32711&os=win&act_key= HTTP/1.1
                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                            Host: mip2.movavi.com
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            2024-10-25 08:04:55 UTC603INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 08:04:55 GMT
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                            X-Nagscreen-Id: 226
                                                                                                                                                                                                                            X-Nagscreen-Name: ss_crosssale_suite_30off
                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                            X-Robots-Tag: noindex, nofollow
                                                                                                                                                                                                                            X-Country-Code: US
                                                                                                                                                                                                                            X-Country-Name: United States
                                                                                                                                                                                                                            X-Region-Code: TX
                                                                                                                                                                                                                            X-Region-Name: Texas
                                                                                                                                                                                                                            X-City-Name: Killeen
                                                                                                                                                                                                                            X-Postal-Code: 76549
                                                                                                                                                                                                                            X-Client-Timezone: America/Chicago
                                                                                                                                                                                                                            2024-10-25 08:04:55 UTC3493INData Raw: 65 65 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0d 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: eee<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
                                                                                                                                                                                                                            2024-10-25 08:04:55 UTC341INData Raw: 5f 75 72 6c 3d 73 73 5f 63 72 6f 73 73 73 61 6c 65 5f 73 75 69 74 65 5f 33 30 6f 66 66 22 20 6e 61 6d 65 3d 22 62 75 79 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 61 28 27 73 65 6e 64 27 2c 20 27 70 61 67 65 76 69 65 77 27 2c 27 2f 62 75 79 2d 73 6c 69 64 65 73 68 6f 77 63 72 65 61 74 6f 72 2d 73 73 5f 31 5f 63 72 6f 73 73 73 61 6c 65 5f 73 75 69 74 65 5f 33 30 6f 66 66 2d 6e 61 67 2d 69 74 27 29 3b 20 67 61 28 27 73 65 6e 64 27 2c 27 65 76 65 6e 74 27 2c 27 62 75 74 74 6f 6e 27 2c 27 62 75 79 27 2c 27 73 6c 69 64 65 73 68 6f 77 63 72 65 61 74 6f 72 27 29 3b 22 3e 3c 73 70 61 6e 20 6f 6e 63 6c 69 63 6b 3d 22 77 69 6e 64 6f 77 2e 65 78 74 65 72 6e 61 6c 2e 4f 6e 43 6c 6f 73 65 28 29 3b 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                                                                                            Data Ascii: _url=ss_crosssale_suite_30off" name="buy" onclick="ga('send', 'pageview','/buy-slideshowcreator-ss_1_crosssale_suite_30off-nag-it'); ga('send','event','button','buy','slideshowcreator');"><span onclick="window.external.OnClose();"></span></a> <


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            3192.168.2.44973884.16.252.107443404C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2024-10-25 08:04:56 UTC227OUTGET /api/v1/codec/all/?akey=&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771 HTTP/1.1
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                            Accept-Language: en-CH,*
                                                                                                                                                                                                                            User-Agent: Mozilla/5.0
                                                                                                                                                                                                                            Host: codec-activate.movavi.com
                                                                                                                                                                                                                            2024-10-25 08:04:56 UTC457INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 08:04:56 GMT
                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                            X-Cluster: lsw-06
                                                                                                                                                                                                                            X-Cluster-Country: EU
                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                            X-Country-Code: US
                                                                                                                                                                                                                            X-Country-Name: United States
                                                                                                                                                                                                                            X-Region-Code: TX
                                                                                                                                                                                                                            X-Region-Name: Texas
                                                                                                                                                                                                                            X-City-Name: Killeen
                                                                                                                                                                                                                            X-Postal-Code: 76549
                                                                                                                                                                                                                            X-Client-Timezone: America/Chicago
                                                                                                                                                                                                                            2024-10-25 08:04:56 UTC12INData Raw: 32 0d 0a 5b 5d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                            Data Ascii: 2[]0


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            4192.168.2.44974184.16.252.107443404C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2024-10-25 08:04:57 UTC511OUTGET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=major_update&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key= HTTP/1.1
                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                            Host: mip2.movavi.com
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            2024-10-25 08:04:57 UTC349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 08:04:57 GMT
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                            X-Error-Ex: Not found nagscreens from DB
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                            2024-10-25 08:04:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            5192.168.2.44974084.16.252.107443404C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2024-10-25 08:04:57 UTC517OUTGET /get_nag.php?app=slideshowcreator&module=slideshowcreator&app_ver=4-1-0&partner=&app_mode=activated&lang=it&app_action=capture_screencast&huid=4382b732c4891ce476ee93bd6ba3d93c6f2c1771&protocol=1&rnd=32718&os=win&act_key= HTTP/1.1
                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                            Accept-Language: en-CH
                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                            Host: mip2.movavi.com
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            2024-10-25 08:04:57 UTC349INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                            Date: Fri, 25 Oct 2024 08:04:57 GMT
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                            X-Error-Ex: Not found nagscreens from DB
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                            2024-10-25 08:04:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:04:04:34
                                                                                                                                                                                                                            Start date:25/10/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Movavi Slideshow Maker 4.exe"
                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                            File size:80'474'129 bytes
                                                                                                                                                                                                                            MD5 hash:0CD8F9EDC5183F8729598F19CF2DA06B
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                            Start time:04:04:38
                                                                                                                                                                                                                            Start date:25/10/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Data\local\stubexe\0x62CA35A75D236236\SlideshowMaker.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                            File size:27'736 bytes
                                                                                                                                                                                                                            MD5 hash:46938D51A127BCF45160C5D857F5DB37
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            No disassembly