Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pf-setup-en.exe

Overview

General Information

Sample name:pf-setup-en.exe
Analysis ID:1562231
MD5:a00d7a76edf06b1b0376c49a429c61fc
SHA1:2f8608b7760be958200e77631cb777a66d479d21
SHA256:d3ef92dff42514142428c4e20012bb399a38a415abfe6f4ddc18f91ed16b2a12
Infos:

Detection

Score:30
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • pf-setup-en.exe (PID: 7280 cmdline: "C:\Users\user\Desktop\pf-setup-en.exe" MD5: A00D7A76EDF06B1B0376C49A429C61FC)
    • AskInstallChecker.exe (PID: 7304 cmdline: "C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe" PTF MD5: 8F9B5F4F87207BE1CF810DDC95124F92)
    • PhotoFiltre.exe (PID: 7776 cmdline: "C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe" MD5: F549FEA1507C1FE8788E13AE1888C4FC)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-25T11:32:57.227732+010028032742Potentially Bad Traffic192.168.2.44973034.117.224.11280TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeReversingLabs: Detection: 18%
        Multi AV Scanner detection for submitted file
        Source: pf-setup-en.exeReversingLabs: Detection: 22%
        Source: pf-setup-en.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: C:\Users\user\Desktop\pf-setup-en.exeWindow detected: < &Back&Next >CancelNSIS (c) - PhotoFiltre (c) - Antonio Da Cruz NSIS (c) - PhotoFiltre (c) - Antonio Da CruzLicense AgreementPlease review the license terms before installing PhotoFiltre.Press Page Down to see the rest of the agreement.PhotoFiltre End User License AgreementThe PhotoFiltre programme is supplied 'as is'. The user runs PhotoFiltreat his or her own risk without warranty or guarantee on the part of the author. The author is under no obligation to correct bugs or other insuffiencies in the programme.The author is not responsable for any damages suffered by the user resulting from the use or distribution of the programme.In the same way the author is not responsable for any loss of revenueor profit or of any loss of (records or) information or for direct or indirect damage which which may occur from the use of the programme nor for the reason that the programme may be inoperable and this nonobstantthe fact that the author may have been advised of the possibility of such damage.PhotoFiltre is supplied free of charge for private or educative use. Any commercial or professional use requires a registered copy of the programme.The use of the PhotoFiltre programme implies the acceptance by the user of the terms of this license agreement.If you accept the terms of the agreement select the first option below. You must accept the agreement to install PhotoFiltre. Click Next to continue.I &accept the terms of the License AgreementI &do not accept the terms of the License Agreement
        Source: C:\Users\user\Desktop\pf-setup-en.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoFiltreJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Program Files (x86)\PhotoFiltre\License.txtJump to behavior
        Source: Binary string: C:\hudson\jobs\Installchecker\workspace\build\installchecker\Release\AskInstallChecker.pdb source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.dr
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
        Source: Joe Sandbox ViewIP Address: 34.117.224.112 34.117.224.112
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49730 -> 34.117.224.112:80
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid= HTTP/1.1User-Agent: AskInstallCheckerHost: img.apnanalytics.com
        Source: global trafficDNS traffic detected: DNS query: websearch.ask.com
        Source: global trafficDNS traffic detected: DNS query: img.apnanalytics.com
        Source: pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtml
        Source: pf-setup-en.exe, 00000000.00000003.2009189543.000000000077B000.00000004.00000020.00020000.00000000.sdmp, pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlhttp://sp.ask.com/en/docs/about/privacy.shtmlopen
        Source: pf-setup-en.exe, 00000000.00000003.2009189543.000000000077B000.00000004.00000020.00020000.00000000.sdmp, pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlopen
        Source: pf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.drString found in binary or memory: http://forum.photofiltre.com
        Source: pf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.drString found in binary or memory: http://forum.photofiltre.comopen
        Source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.drString found in binary or memory: http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=%s&encb=%s&chk=
        Source: AskInstallChecker.exe, 00000001.00000002.1722179302.00000000012FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=
        Source: AskInstallChecker.exe, 00000001.00000002.1722179302.000000000133C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=L
        Source: AskInstallChecker.exe, 00000001.00000002.1722179302.000000000133C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=O
        Source: pf-setup-en.exe, Uninst.exe.0.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: pf-setup-en.exe, Uninst.exe.0.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sp.ask.com/en/docs/about/privacy.shtml
        Source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe.0.drString found in binary or memory: http://sp.ask.com/en/docs/about/terms_of_service.shtml0
        Source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.drString found in binary or memory: http://websearch.ask.com/preinstall?client=ic&tb=%s&r=0&ipid=%s&npid=%s&iev=%d&ielu=%d&fflu=%d&iv=%s
        Source: AskInstallChecker.exe, 00000001.00000002.1722179302.00000000012FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://websearch.ask.com/preinstall?client=ic&tb=PTF&r=0&ipid=&npid=PTF&iev=9&ielu=0&fflu=0&iv=&nv=1
        Source: pf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2008220430.0000000000627000.00000002.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.drString found in binary or memory: http://www.photofiltre.com
        Source: pf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.drString found in binary or memory: http://www.photofiltre.comopenU
        Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
        Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
        Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
        Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
        Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
        Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
        Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
        Source: pf-setup-en.exe, 00000000.00000003.1927038130.0000000002A9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePhotoFiltre.exe8 vs pf-setup-en.exe
        Source: pf-setup-en.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: classification engineClassification label: sus30.spyw.winEXE@5/84@2/1
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Program Files (x86)\PhotoFiltreJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltreJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Local\Temp\nsmFF90.tmpJump to behavior
        Source: Yara matchFile source: 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe, type: DROPPED
        Source: pf-setup-en.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: pf-setup-en.exeReversingLabs: Detection: 22%
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile read: C:\Users\user\Desktop\pf-setup-en.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\pf-setup-en.exe "C:\Users\user\Desktop\pf-setup-en.exe"
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe "C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe" PTF
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess created: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe "C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe"
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe "C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe" PTFJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess created: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe "C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe"Jump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: acgenral.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: acgenral.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: acgenral.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: version.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: msvfw32.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
        Source: PhotoFiltre.lnk.0.drLNK file: ..\..\..\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe
        Source: PhotoFiltre.lnk0.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe
        Source: PhotoFiltre Information.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\PhotoFiltre\PhotoFiltre.htm
        Source: PhotoMasque Information.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\PhotoFiltre\PhotoMasque.htm
        Source: Uninstall PhotoFiltre.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\PhotoFiltre\Uninst.exe
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile written: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\ioSpecial.iniJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeWindow found: window name: TMainFormJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeAutomated click: Next >
        Source: C:\Users\user\Desktop\pf-setup-en.exeAutomated click: I accept the terms of the License Agreement
        Source: C:\Users\user\Desktop\pf-setup-en.exeAutomated click: Next >
        Source: C:\Users\user\Desktop\pf-setup-en.exeAutomated click: Next >
        Source: C:\Users\user\Desktop\pf-setup-en.exeAutomated click: Next >
        Source: C:\Users\user\Desktop\pf-setup-en.exeAutomated click: Install
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\pf-setup-en.exeWindow detected: < &Back&Next >CancelNSIS (c) - PhotoFiltre (c) - Antonio Da Cruz NSIS (c) - PhotoFiltre (c) - Antonio Da CruzLicense AgreementPlease review the license terms before installing PhotoFiltre.Press Page Down to see the rest of the agreement.PhotoFiltre End User License AgreementThe PhotoFiltre programme is supplied 'as is'. The user runs PhotoFiltreat his or her own risk without warranty or guarantee on the part of the author. The author is under no obligation to correct bugs or other insuffiencies in the programme.The author is not responsable for any damages suffered by the user resulting from the use or distribution of the programme.In the same way the author is not responsable for any loss of revenueor profit or of any loss of (records or) information or for direct or indirect damage which which may occur from the use of the programme nor for the reason that the programme may be inoperable and this nonobstantthe fact that the author may have been advised of the possibility of such damage.PhotoFiltre is supplied free of charge for private or educative use. Any commercial or professional use requires a registered copy of the programme.The use of the PhotoFiltre programme implies the acceptance by the user of the terms of this license agreement.If you accept the terms of the agreement select the first option below. You must accept the agreement to install PhotoFiltre. Click Next to continue.I &accept the terms of the License AgreementI &do not accept the terms of the License Agreement
        Source: C:\Users\user\Desktop\pf-setup-en.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoFiltreJump to behavior
        Source: pf-setup-en.exeStatic file information: File size 4118294 > 1048576
        Source: Binary string: C:\hudson\jobs\Installchecker\workspace\build\installchecker\Release\AskInstallChecker.pdb source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.dr
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\StartMenu.dllJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\nsDialogs.dllJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Program Files (x86)\PhotoFiltre\TranslationEN.plgJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\InstallOptions.dllJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Program Files (x86)\PhotoFiltre\Uninst.exeJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Program Files (x86)\PhotoFiltre\TranslationEN.plgJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Program Files (x86)\PhotoFiltre\License.txtJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltreJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoFiltre.lnkJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoFiltre Information.lnkJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoMasque Information.lnkJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\Uninstall PhotoFiltre.lnkJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\StartMenu.dllJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\nsDialogs.dllJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeDropped PE file which has not been started: C:\Program Files (x86)\PhotoFiltre\TranslationEN.plgJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\InstallOptions.dllJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeDropped PE file which has not been started: C:\Program Files (x86)\PhotoFiltre\Uninst.exeJump to dropped file
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
        Source: AskInstallChecker.exe, 00000001.00000002.1722179302.0000000001377000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000002.1722179302.00000000012FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\pf-setup-en.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\pf-setup-en.exeQueries volume information: C:\ VolumeInformationJump to behavior

        Stealing of Sensitive Information

        barindex
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        Windows Service        		1
        Windows Service        		12
        Masquerading        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote Services1
        Data from Local System        		1
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Registry Run Keys / Startup Folder        		1
        Process Injection        		1
        Process Injection        		LSASS Memory3
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable Media2
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAt1
        DLL Side-Loading        		1
        Registry Run Keys / Startup Folder        		1
        DLL Side-Loading        		Security Account Manager12
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        pf-setup-en.exe23%ReversingLabsWin32.PUA.AskToolbar

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe0%ReversingLabs
        C:\Program Files (x86)\PhotoFiltre\TranslationEN.plg4%ReversingLabs
        C:\Program Files (x86)\PhotoFiltre\Uninst.exe0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe18%ReversingLabsWin32.PUA.AskToolbar
        C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\InstallOptions.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\StartMenu.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\nsDialogs.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://about.ask.com/en/docs/about/ask_eula.shtml0%Avira URL Cloudsafe
        http://www.photofiltre.comopenU0%Avira URL Cloudsafe
        http://sp.ask.com/en/docs/about/privacy.shtml0%Avira URL Cloudsafe
        http://about.ask.com/en/docs/about/ask_eula.shtmlopen0%Avira URL Cloudsafe
        http://sp.ask.com/en/docs/about/terms_of_service.shtml00%Avira URL Cloudsafe
        http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=%s&encb=%s&chk=0%Avira URL Cloudsafe
        http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=0%Avira URL Cloudsafe
        http://forum.photofiltre.com0%Avira URL Cloudsafe
        http://about.ask.com/en/docs/about/ask_eula.shtmlhttp://sp.ask.com/en/docs/about/privacy.shtmlopen0%Avira URL Cloudsafe
        http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=O0%Avira URL Cloudsafe
        http://forum.photofiltre.comopen0%Avira URL Cloudsafe
        http://www.photofiltre.com0%Avira URL Cloudsafe
        http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=L0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        img.apnanalytics.com
        		34.117.224.112
        		truefalse
          		unknown
          websearch.ask.com
          		unknown
          		unknownfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://sp.ask.com/en/docs/about/terms_of_service.shtml0pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe.0.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://sp.ask.com/en/docs/about/privacy.shtmlpf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://nsis.sf.net/NSIS_Errorpf-setup-en.exe, Uninst.exe.0.drfalse
              		high
              https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgAskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgAskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiAskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://websearch.ask.com/preinstall?client=ic&tb=%s&r=0&ipid=%s&npid=%s&iev=%d&ielu=%d&fflu=%d&iv=%spf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.drfalse
                      		high
                      http://websearch.ask.com/preinstall?client=ic&tb=PTF&r=0&ipid=&npid=PTF&iev=9&ielu=0&fflu=0&iv=&nv=1AskInstallChecker.exe, 00000001.00000002.1722179302.00000000012FC000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=AskInstallChecker.exe, 00000001.00000002.1722179302.00000000012FC000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://about.ask.com/en/docs/about/ask_eula.shtmlpf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://about.ask.com/en/docs/about/ask_eula.shtmlopenpf-setup-en.exe, 00000000.00000003.2009189543.000000000077B000.00000004.00000020.00020000.00000000.sdmp, pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.photofiltre.comopenUpf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaAskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=OAskInstallChecker.exe, 00000001.00000002.1722179302.000000000133C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://nsis.sf.net/NSIS_ErrorErrorpf-setup-en.exe, Uninst.exe.0.drfalse
                              		high
                              http://about.ask.com/en/docs/about/ask_eula.shtmlhttp://sp.ask.com/en/docs/about/privacy.shtmlopenpf-setup-en.exe, 00000000.00000003.2009189543.000000000077B000.00000004.00000020.00020000.00000000.sdmp, pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://forum.photofiltre.compf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=%s&encb=%s&chk=pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.photofiltre.compf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2008220430.0000000000627000.00000002.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=LAskInstallChecker.exe, 00000001.00000002.1722179302.000000000133C000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://forum.photofiltre.comopenpf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.drfalse
                                • Avira URL Cloud: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                34.117.224.112
                                		img.apnanalytics.comUnited States
                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1562231
                                Start date and time:2024-11-25 11:32:00 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 4m 42s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:9
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:pf-setup-en.exe
                                Detection:SUS
                                Classification:sus30.spyw.winEXE@5/84@2/1
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • VT rate limit hit for: pf-setup-en.exe

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                05:33:43API Interceptor54x Sleep call for process: PhotoFiltre.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                34.117.224.1127zip.exeGet hashmaliciousUnknownBrowse
                                • img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invos&ts=HuCd6&guid=

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                img.apnanalytics.comPDFXVwer.exeGet hashmaliciousUnknownBrowse
                                • 34.117.224.112
                                cpu-z_1.61-setup-en.exe.exeGet hashmaliciousCobaltStrikeBrowse
                                • 34.117.224.112
                                FileViewPro_2013.exeGet hashmaliciousUnknownBrowse
                                • 34.117.224.112
                                LxSiksaL23.exeGet hashmaliciousCryptOneBrowse
                                • 34.117.224.112
                                7zip.exeGet hashmaliciousUnknownBrowse
                                • 34.117.224.112
                                codecs.for.windows.7.pack.v4.0.5.setup.exeGet hashmaliciousUnknownBrowse
                                • 34.117.224.112
                                AskInstallChecker-1.5.0.0.exeGet hashmaliciousUnknownBrowse
                                • 34.98.113.198
                                DPSetup.exeGet hashmaliciousUnknownBrowse
                                • 34.98.113.198

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                • 34.117.188.166
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 34.117.188.166
                                file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                • 34.116.198.130
                                file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                • 34.116.198.130
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 34.117.188.166
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 34.117.188.166
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 34.117.188.166
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 34.117.188.166
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 34.117.188.166
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 34.117.188.166

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\InstallOptions.dllhttps://us10.mipcm.com:9743/pub/windows/mipc/v9.1.1.2201131522/MIPC_Setup_v9.1.1.2201131522.exeGet hashmaliciousUnknownBrowse
                                  Setup.exeGet hashmaliciousUnknownBrowse
                                    RangerForCanonCR135iCR190i-4.6.4.1-1.8.0.1.exeGet hashmaliciousUnknownBrowse
                                      SecuriteInfo.com.W32.AIDetect.malware2.2661.exeGet hashmaliciousUnknownBrowse
                                        lPowYwPvuQ.exeGet hashmaliciousUnknownBrowse
                                          8Rc1CnrlKH.exeGet hashmaliciousUnknownBrowse
                                            C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe7zip.exeGet hashmaliciousUnknownBrowse
                                              DPSetup.exeGet hashmaliciousUnknownBrowse

                                                Created / dropped Files

                                                C:\Program Files (x86)\PhotoFiltre\License.txt

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1080
                                                Entropy (8bit):4.354245265151116
                                                Encrypted:false
                                                SSDEEP:24:u4PCErxE6ORRYcUmZmPFrjEd4rJEZxbGSTe5X5mFvQXgkPCX9+a:uirmlRl8Fs4uyz5ib+a
                                                MD5:1F3543A91D5DAD6831511825855BFE2D
                                                SHA1:A54A5128E864B3990961B060D5928F7F88E07DD9
                                                SHA-256:2A35474C4B3DEA3BA4585C6CB4E1A74C1ABD3B2676D1766052372749F09E33EE
                                                SHA-512:8D1A8835904FB97B81662AE4A7C08BE1D37E8653010B2E0034B8DB2DBD6C5932F81EB03D0B2BB42FA68509E9CE3CA5BCF65C23776D1808B5B6E475F3A7E42785
                                                Malicious:false
                                                Reputation:low
                                                Preview:User license agreement ..----------------------......The PhotoFiltre programme is supplied 'as is'. The user runs PhotoFiltre at his or her own risk ..without warranty or guarantee on the part of the author. The author is under no obligation to ..correct bugs or other insuffiencies in the programme.....The author is not responsable for any damages suffered by the user resulting from the use or ..distribution of the programme.....In the same way, the author is not responsable for any loss of revenue or profit , or of any ..loss of (records or) information, or for direct or indirect damage which which may occur from ..the use of the programme nor for the reason that the programme may be inoperable, and this ..nonobstant the fact that the author may have been advised of the possibility of such damage.....PhotoFiltre is supplied free of charge for private or educative use. Any commercial or ..professional use requires a registered copy of the programme.....The use of the PhotoFiltre progra

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Brush.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 240
                                                Category:dropped
                                                Size (bytes):8929
                                                Entropy (8bit):7.8548393293225205
                                                Encrypted:false
                                                SSDEEP:192:Bnnnnnru2X99S1G6+cW/DXI60OInS2tEVzlCv6auZrkK5:hnnnrDLqW/eOIn5tElvZrkK5
                                                MD5:5E57BCF89566AA9E04F3657AD4A6D83F
                                                SHA1:CB8A3E1639B7C0CBC8BA1C15341DF941E620C1C0
                                                SHA-256:41773D653CF53199775A8543FF1F53C55B13D014EB95FA9DE7AA8DE8BD0E02C0
                                                SHA-512:8E45113D1B0832784E402C92184C447B0E1FE5B71B8A21409E242A9EBEFAC506870AAB05A0E38744D8EF2227409FCC5493CDCC994D1CE021EDA3007B47A7A0C5
                                                Malicious:false
                                                Reputation:low
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.40....#.`.....<.*....$O.p.2..P..~pa..Q..I..... Ay~..g.U..p0..(.#K.dq......#~......K..M..@..0.h."7...P...0..oK.6....gt..x.*...B...B..@E.,X

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Bubbles.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):17458
                                                Entropy (8bit):7.743925664104521
                                                Encrypted:false
                                                SSDEEP:192:Pnnnnn7DFCfIH1MgWiG6n0BMyYkXzuH+7wvMLYPN0FBu+nyWDcxXLlD4glI+xBlQ:Pnnn7NqMw30PiJyWCLlD4KxRBYSVbSbR
                                                MD5:A75DFCE2AA9E5F36A4353D39ED88E090
                                                SHA1:A2E12903BE553E409976C2B917D7B76DE984723B
                                                SHA-256:D02FF850B41D474F7DC56EF49B7645E63F4E17203E39D13DC20531125C56E9A5
                                                SHA-512:5310EC8A560DFB5F68A90D83664456E028FAA55D3EB37EA4974E3D04999B692AE021723E2457F1174E2901AAF21F5E7F31682E2675FD6248BE4567D8835A411C
                                                Malicious:false
                                                Reputation:low
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*].$;Ph..`a..S.j.i....-d...C..!A....6..$V...C.%N.H.....':.p...E.4.B.../`.l."*..>.x....2e.x.....5k......>.....Q

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Camera.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):14167
                                                Entropy (8bit):7.630828869914394
                                                Encrypted:false
                                                SSDEEP:384:PnnnmyGVo1aWBEimLGnVa+RuJirs6cFB/tjbz5:PnERWGGnVaDND/tL5
                                                MD5:0F7ECD4A0F14CE95505E0040842FAE82
                                                SHA1:EA875FB1DAAFB01E835A93E0F45AB4F94A02FE44
                                                SHA-256:6712524CAAF4639A373700FF2CA8BB3476C3DDE377871E39868F2F4C8CD88D30
                                                SHA-512:799FE578BFAD4740C97E28382F31EC755AFC1B6AA81903A65111450C2435998EF891CA964BE7223503E2DB7BE0C1B219AFE291B582B7F60AD3D9F38AB34E343B
                                                Malicious:false
                                                Reputation:low
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...................=..E.....?...1s...+Dz..A.....{.(.....!Jx..b...#Vt......"\......"D.......0h|.1...$@x..iCG. @.(Yr.I..,z Q....!J. i...(i{.Y.$..)G.....6Z.0!a..... ...#K.<.q...(O.....>..Q...-T..)...#?dl.1c..

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Chaos.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):14526
                                                Entropy (8bit):7.7042206403517675
                                                Encrypted:false
                                                SSDEEP:384:PnnnGPhH3vdbhPdueF1f9HvkaSoK8T/TBix:PnGPVvzPge798aU8j1S
                                                MD5:ED768D0A76EFAEA4080B68879DEC36C4
                                                SHA1:EAA0908247891FC1463A6CD320F4F3235AAAF745
                                                SHA-256:FE4D47C8BC0E82A23ED1241D5D83F349645EF6611B888D910CCCFD076EB7A05E
                                                SHA-512:4B0DED923D19A05B34096CBCD1FD915943E2C360DABE8775DE1D6095867376B468E7373C7A9F0B6A039D27D71E5CF61E43CD588B46FE38B97426FA7396293A58
                                                Malicious:false
                                                Reputation:low
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,.............hq.O..[....3..g..9..._.v...*..=x..5;$._7=...#...?v.....(..`...;6j.?p..4Wn..q.....k..Z.....-Z.}.,...I.?z..L....K......_.N..Y..+.?Z\2.k.*.;z.z.S...0P..m..."V....L..Vn.Da....6.......1.....E5.*.T+.q...'

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Diffuse.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):20309
                                                Entropy (8bit):7.773247007975057
                                                Encrypted:false
                                                SSDEEP:384:Pnnnhm+YIC2H2KEhkv++/l7yUI2lw7y1vje9u53Uhfz/cpcdwIp14FDfA0I:PnftNWKGkvx/lhblw7y9joOSY+idjI
                                                MD5:62C7996F27163CE683B7400B0B5DB0FA
                                                SHA1:82FFB0B40E87ABBB46E2C8C73D25F5A616FB5979
                                                SHA-256:187C95CD68A558FE45F8563D2AD342E85E411C38B16B01711ED697A3146BDBC6
                                                SHA-512:F46DDB4AA8360AFF4B3524DE3A795222306C67561037220C895679FFB6CF52819CA257550FF483B3DFBB7CBD4E6E641F4E787C4A17A54DF070347B71B52DBF6C
                                                Malicious:false
                                                Reputation:low
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H.......Px..@...&x.0!.@..!`.....@..`....(..4x..I.-.^.y..@..(.ThsgB....L@4..H..,....4)F.9U.@ @...(rd..&I..ya'...M6Lx.l..rV.X@.C......T..B...y....L.<@..iK.@.......X..81 ..@#...1.......Lp..@...;.. %A.

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Dilution.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):54694
                                                Entropy (8bit):7.835637055707959
                                                Encrypted:false
                                                SSDEEP:768:PnSwtAqhc1hQZuNRg2bxiisedigmaWPudLCjXp/wQZ+OrQ1zr3rpbQbR9qcsdnp5:PSihcg0N9iisema2XpYQZvY7pA9qcAp5
                                                MD5:7B2D184D3F6600959EC767F12D5CD203
                                                SHA1:19D38EB4DAB10D89BEBB343A4C2D049978A8E3EF
                                                SHA-256:BF67C17BA482E6B978558039B9FA673677F90D934368270F0B67D1ED99A19F7F
                                                SHA-512:C337A17219280058A98DBD39587D44DC7B796BBBBDC305EFE3B8CF2EB8A55D16DEE32AAC670E95F4BD625460903B980116B45B6C79A5E29BCF95798FEF2CEC22
                                                Malicious:false
                                                Reputation:low
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,............+Y*e.^.|.......s.e{..Y1l..9..,W+Q..)z.._..9....&T.<.2.(..@~.4.S..../...!C.,Fz...FM F...Z.I../Dh. *....Ba......%m.H.)..T..y3'.W/[.`.VkS'...9.C.O.Ccn.3....Ao..!.2..2j..c...^.l..........:uPK.XY.w...|

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Ellipse.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):3628
                                                Entropy (8bit):7.8610515023705
                                                Encrypted:false
                                                SSDEEP:96:PnvfnvfvH/vHVHW75R5gQ7EzYxk3Sz4ZuaBzs0yaPxnLidwZN:PnnnnnVW75ngQ7EsyeMA0yaPRY4N
                                                MD5:EEB089108A5AC5F796E0F62042DA21F6
                                                SHA1:CD77A7EE4D8DCBA3C73A8168780881FC46B2E95E
                                                SHA-256:17E05299546E479CE1F8FF3E73BE6FB7ED7815EF04B66E7B0E92D1D835FCC859
                                                SHA-512:002DD253202BACAED008C4258BDA76A0A58F3348C0535E314428CD8615515F41FAA8A5C1F385CC9B571516BD4C9C201B257D5BB4C37F408A32C106E3D4FB3B50
                                                Malicious:false
                                                Reputation:low
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J.H....3j.... C..I...(S.\..K.....q.M.I.^..5l./\.DM.........\.T#..`..jF..9v.....+.~..#.Z3T.....[..&..#.W.q......+.q.zI..c...[..../i....L./?t.x.i.a@..%/......S...W.!.@..h.E.S

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Flame.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 240
                                                Category:dropped
                                                Size (bytes):21825
                                                Entropy (8bit):7.770941436248407
                                                Encrypted:false
                                                SSDEEP:384:hnnn7SByGf4Vpv+CDlPK12uJxR1kbxjxnwMNnRvGHSzK5YiHL3oYYZlay2yrg1u+:hn7SYGf4V5nuJxDPeRKMYrXyY
                                                MD5:BC47EC0615AA35448159A7E4708A9286
                                                SHA1:99C57D993B5C29FEF4A5FC8E752D417DD76B52D8
                                                SHA-256:DA32A872E8601B045E18B9738A5E0375DB63A01310DFC8FB0C08B37151E7E551
                                                SHA-512:387B73C4161EA924B6AFC0433C0376E8A46569B6586AD4D2BD8DBDE5DF389B57F10A1782CFC24B15C73EF83D2BFA89B9B36A0813210DB4D4D95482F7BBF58610
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......"...@...2T......2. ."..........?.\... Q..ReH....0P`.I.!...Z.'Q.H}..Y...P...)q..'?..`....... 0.cE../.H.`A..p.0H.`.F.M....w M.... :.).~..e.!......ths+....T..aC...4h.PA..=M"......wE.....

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Fog.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):27651
                                                Entropy (8bit):7.971698764862282
                                                Encrypted:false
                                                SSDEEP:768:Pnl48ckxDMMoTypdK9EXcrWSyAPHWmDOKXQk:PlUkxgMppdXQWSyU1OKH
                                                MD5:9DBA6F40ABC17F2E5ED2A959531D009E
                                                SHA1:5C3965791AB0557038A65551812F762664841CD0
                                                SHA-256:74B4974BBBB195BD894E3F8A0A6C1A66C37B2E172F70174D278FCF243CD83893
                                                SHA-512:95CA03B39BDAA1E684E2E89F83AE474C62960D09F60149EADA774FF199806BAC2359D8D465A0B523FDAD77538C0B2AF7326D695CF81BC9EDAB115E6B171AAB12
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,.................. B..!J....G.">.Hq..F.#F.Qb#F .-Z.(..C(S.2ThP .}....f.<w..Cg...r.....g..s......Q9t....G..>|bb............ .B...<...w......5j.Y.w/.6........3f.!3F../^"w...K.@.....p."F. J..i..G.3B.(.u..b..Y2.JD

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Ink.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):43420
                                                Entropy (8bit):7.899051458415605
                                                Encrypted:false
                                                SSDEEP:768:PnJep1FlBFGnCTXwsbu2meLPUEKuEP7k+O2SLk0+HIOhQl2tcvuhbQRM2T1PZ7RV:PApn0nCTXwsbulrTkuESIOjbQRdZV2Q
                                                MD5:F5AEC6FC40B5575AE0C37319D78ED265
                                                SHA1:689551ED0FB5EF2CC6B9D666527221FFACBF0A43
                                                SHA-256:E9B71270103B58B953050637B07442F2DC5C30CE71F1B183ED9043FF3C359AB9
                                                SHA-512:3B1A8FC7B0851978D748F005E746C5025736B153A1BCBA28316A3562639D9E499C3D85D5D6E5D98EE65D2587342E68F3F91AD734F91E2344695C6D1D0FA3D72C
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,.............9.D.`.>|...3...A..%....%..E.R.j.k.......V.t.V..U.b..w._4p......|>..W.............g..4d.Tej..."..`........CgN..p....t.]..A...O.....q(...C.....N...=R{.-[.M.@.....-.*a......9....n..`.-.5..1z

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Keyhole.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):6390
                                                Entropy (8bit):7.811238332985757
                                                Encrypted:false
                                                SSDEEP:192:PnnnnnMVWENoeogKpZJxh/xAh8N9SRNKjpYUgr1b:PnnnyJQzdcRN751b
                                                MD5:B164D7AEFB6020F67C8A94F518D0DD5B
                                                SHA1:EE400D1C897950B4BAE01FBCD91338C46C6AA0E0
                                                SHA-256:68824AB6E2FBE15FE40FC9E1B8B737E1369A21C52164F402209BE395A0834CD3
                                                SHA-512:814C304DE869886338937A57D4E95092C3C8A684B64AB2ECB89EE95A3066A7332FD51B4D8583DFC7A53ABBB4147422B28A3FE21C3ED76258303A752B09082063
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J.H.....h..#. C..)q......8....-....R.F.8s..90.I..X.x.... H(].T)....>X. ...xj.....+.8...CR.9|.)....2p..%.%J. >r. ..............}. ` ... T....J.2v.I....+Z.l..-...W.4U...N..W........

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Lines.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):12613
                                                Entropy (8bit):7.738930411857962
                                                Encrypted:false
                                                SSDEEP:384:PnnnxFnZmqpF7rqM+/2mgRSzpWBahMn+5u/C:PnxFZlBquRSdWBwr5u6
                                                MD5:63C3C776B66BEEA5032B9563BE583662
                                                SHA1:44710E57C3027AB0C67B38EF42BD23C6826767AD
                                                SHA-256:6F5DA7A859BE97C4B7188341E9CF0A3627A5B50B0E385185D5B3411FFB83AAB6
                                                SHA-512:4626CF5DBF95EB7335235C9D39343D5C0DA4EA6E1225185BCD5C5173B61E043843ECDDBEC2F407C63BE9508E1845400496A81EE570847BFCAA9B22A9F208CB45
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,..............Y.........B.... ...!B.....(.1....$...b...h..C..4l.."4."E..=..s.Q...;v..fH.*m6..|P.J.J...S.....Vx......sh.E[N\45....wM......R.bT.|.......#...I.k.Pnv.9$..0`........>x.A....,..0.B...6dx.....

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Pastels.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):24042
                                                Entropy (8bit):7.820208999549034
                                                Encrypted:false
                                                SSDEEP:384:PnnnpEVnIAbQ6tzxKjIb2q5RMYc3gn/L7EbG+hB3rEXxlMCUIb9dfbq6t4M1EtQd:PnpEVnIAc6tzxnSORfcQ8hB3rEXxtbL9
                                                MD5:49B21AA78C012ABF53CDCEC6CED0E8A1
                                                SHA1:1CF26308F3133EAFB923A27F32F6B065FD076967
                                                SHA-256:A3B7B64A852528235796822F529F0969CCE498957F88C3D2E44C9E107A45811F
                                                SHA-512:C50111425C7226F55A1C6A31B8163BFEED549D89603B97B8D0AE231454CA8860FC15F5DEA1B2A249C3977425CA3B5D5F980A62CAC389AACC8281509EE0770EBE
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H.......0.`a......0p.C..1bL.....nd8r..'A.\..#D... H..A.8s...S.H...R$8.`..4="8...S.M+...Q.S...B}90kH.G..p.....d/..z.`...6.:q..my.]Y. ..#6...fK....@(X.....4H.6/....".Z.B_.:.. ..(......l..#D..H.a..

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Slide.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 203 x 250
                                                Category:dropped
                                                Size (bytes):7118
                                                Entropy (8bit):7.911707842659706
                                                Encrypted:false
                                                SSDEEP:192:knnnnnYQ5mIWNhsHqZwaO6IWpasPs5clWM:UnnnLc7qaO1i5PsCWM
                                                MD5:92130A5774E168C9F365CEF8260365DB
                                                SHA1:FCF520419F3D985B1D19458F7D662CA0ADCA3499
                                                SHA-256:DD774C3905AA45D1258DF89AB7019DC46F433CA3F8F4592B9D71286DD76FB50E
                                                SHA-512:3E562EA2A53949EC68DAA91EA998DCAF32DFDBF85D7888F97BAFD44B85D75B9552EA697248D7DB6BA8E6915D4A7A8A3C9EBE0A998CB757BC663CAC5F388EF2FE
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J.H....3j.... C..I...(S.\........0 ...0i.L..@...l...t&.<.....'.L]2,.......V.@.k...6t.A...$F....-..p?.X;b...j.....Y.(.`........]....}..%.aC...>Df.C....^.p.s...7.v......;w6..

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Snowflake.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):5977
                                                Entropy (8bit):7.931950333121855
                                                Encrypted:false
                                                SSDEEP:96:PnvfnvfvH/vHgwtbUjr6vkA1f8wHXp73jqDDb3bpdcxazJPTSmvMkgloojspVciq:PnnnnnXuekA1f8w3NzqDD3j2qTSmpiX9
                                                MD5:168604D28F3D7359AE93FB7A414B9B1A
                                                SHA1:1402B9DA6AF4ECD490F598EF5D408459ED25D32B
                                                SHA-256:F80D6C56D905D2474DC9FF2B7CBD0E1C204DBA2E7819812A5EDBE6B5B9F14273
                                                SHA-512:4E0FD7C1B128C2474160F7F504DE5620C9274A3D92F0C5F0C7D91F2DA26DDF474D8E8C13152C4D9E8F913B648DCE5595E912FFFF65250B3C8F2923A75143F7E1
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J.H....3j.... C..I...(S.\...0c.i.?.8s.....<|.t...q.;m......o.J....X....s..<..e...Q.r...[."....{..>r.rI..4..e....\...u...c.T............3k..x3L....G.^..Q.G...{...N.7s

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Sponge.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):48519
                                                Entropy (8bit):7.907261770825288
                                                Encrypted:false
                                                SSDEEP:768:PnASmsE49RGFhDL3CvIJGRzgMpXqZ1FLYJpRORUwulIyOW61UAg22rC38oFtqajq:PtA4yj7MQZLM+1Lg22r6btq0pfI
                                                MD5:C4ABAE588256B48CE04BB05A82DC5BA3
                                                SHA1:73D67D34D285FDCC0AFB68B42B5FC466A835C605
                                                SHA-256:7AE70765DD7153AAA565D3E14B3FAB8053DA1DE898EEEAF1CE0FCA18274BA0AE
                                                SHA-512:E705248B68371B612135CE511F829A1E9D6BAC9568AA4A252C884E73213DFD68768AB4743107CE8388711929894EEFEB4EA434919D8344B2F3F6869B2718AD8D
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,.............U..m.<y....G..<z.....\.y..S...3h...'O]8q...'.\.g.Y.&../W.j....Y5`......K.3..9.$...L...;..X._.j.%..(It.x..%.B.x..%..W.z.#Fm..|......;hu....o.;_.`....V/^.0..r...F.<q.i..._....GQ'V.PuZ..q.R.f..4I.,

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Spray.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):17343
                                                Entropy (8bit):7.758408046725736
                                                Encrypted:false
                                                SSDEEP:384:PnnntFBFlE1EU+2F6L7IRVe6wiAe4e50EdAVpSw9GN1zp:PnthW6L2ote4eNyvSw9I5p
                                                MD5:CCBE330D80DC48D3F98E599BBF43D8D3
                                                SHA1:9878BF9EF8E5EEE5DC9AA2A372DA57FB9D4C703D
                                                SHA-256:C5FFDBBD849F6FC8AF708B4746AD0914E683075BDB3678F1FE013CE33C02DF35
                                                SHA-512:D2FE11209F39FD8C30BCB6D9EBCE16563C79CE354D4A4E55282AB49BD2CE3D829BA82F2E30206EBD7A157FCA86ABC83663BC52A1E518B4C0E99534F0C4FF10BA
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H.@....*T8 @.....X` ...&..."..'if.a!....,.0.`...:B<p.....8$..@.....H0.......hXp......\)0a..+..`....... Xp.l....,.......0t...C....`H.......Xh@....W.+&.5......p.....RTH....4h....$J...(......^...:...

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Star.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):5925
                                                Entropy (8bit):7.875630212634661
                                                Encrypted:false
                                                SSDEEP:96:PnvfnvfvH/vHVWIfy3+veypC/arbH/J0DPCUaIM/u5HZyXf76gcOfkmWn0Khdl41:PnnnnnoIfdvLI/anH/OjjTy3cL103BeY
                                                MD5:272F1D9F48F3736B22427EBA3D2CB269
                                                SHA1:84552CC3626E3DC370E03CD99F9F00CD7D6B732E
                                                SHA-256:63AEF4B0450AB0169F7682C0C2E74DBC595140F7C72FE0C30E881231E2E30269
                                                SHA-512:87F129C4B0EC5025F9696FAD47058126A4846E4E4549096DBE7F968DA5F190290B145383CB5511F809D020801A6017EBA849D3D052870C490DE73A16FD5B7E91
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J.H....3j.... C..I...(S.\...0c..Xe..8U.....O.:...Q....t..S.0......X......?Y..u........I'.....YKw..|.......S.x$"...}....8./NY.p$ ..a..Fq\`....3.N..;.....cc$v....)..4.

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Sun.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):13274
                                                Entropy (8bit):7.750435666118452
                                                Encrypted:false
                                                SSDEEP:384:PnnnhJie5mb12Lhd2OdMik54cAkMiYLiXTNNqn:PnhJ0b12LhoQpkVAliYLiXTNon
                                                MD5:F6B273B302BA18801C6DFF09EED98831
                                                SHA1:1E9D177F8292C7FDFB8F03DBDDD6F9FFD81217E3
                                                SHA-256:1948FE9AF84DE48585A2595B9DAF0B5340A90BE6992E7C8F1359F12528E4390A
                                                SHA-512:9A1D64EDDC8FA3DB7C3F147C88A8677B02479F4E78BAACD4E5C719EED6489C94935565F02F3A1DA9FFBF3566FE6AEE724810FEDCAF85BC238903147AB1E6731B
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\.......pH....3j..Qa....,....(SZ.0 ....X....e...l.............'iv@ .P.......J..B..2...ua..'.(.............U.8p.......,.!H.........H..x.*^\r.."m.`0{U..O...H .`..)..q......|.2......h.R..%.

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Torn.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):7326
                                                Entropy (8bit):7.787739813069681
                                                Encrypted:false
                                                SSDEEP:192:PnnnnnXHGIAabhcMICtiRfbcGOUFlDdd/vHeOlWxnICIk:PnnnXFGNCs9cIlD//vHAxnICp
                                                MD5:D2AFD4D3B1D55D947D7BF16DD22CC86B
                                                SHA1:1983248091EA09841026D400626E0B856F0D8483
                                                SHA-256:536C17A2A93C4F0769C62ECCDC8363A42209468C0C83CFD07533F8BEB263053C
                                                SHA-512:F43389060562E2A942C16D2F628438B64A8937371BE386AD61747709C107AF1071EB5CFEEC82F12A55E6288387424A63BD5F282C2EF7979A60A1B8E5D4B3443A
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H.......T.....#J.(`.......@a.. C.. ...M.\..b.....X.B...=F8h..H..(<.P.`.......@)C.P!.. P..@h@A..R.M.n.A.....Q.]`.."I.b...BA.....H........U[`...3....#D.....w..J.....C.\..O.h...sf-..5d..(.....

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Twirl.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):18827
                                                Entropy (8bit):7.708315605617508
                                                Encrypted:false
                                                SSDEEP:384:PnnnRLyX974NN6vMoWF1Wjx5vhXI65mY5vKJcbmV+vLsvbESRj0ISy6:PnRL4yKxqUR46UYqBvAS6o6
                                                MD5:D143190847724275FE0B501168E267B4
                                                SHA1:DE4E0FA79CE5F4E6292F26CB13A17387C06969D8
                                                SHA-256:36369973749059C6276353A55802D57D090F71E5123401C711C8017869192A0A
                                                SHA-512:CF50A467CC2EE20B7C2D4D4A7D299E7C182C0B1AA5C1E120A2A57000DD525976F4B31E3D7B49E05C2A51935A3C08D3C71339761354FC5D9332444D463B260A15
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J.H....3j...G..>..I..H..0.4...... .`.. #......... .!..")..$...N...0....'..a..T.M...KQ.....h....Lcz.0@f.....0.@...a....@.."5.P.R#F....,(..@....phAAB...P.h@.D........i.+`.P).eH..

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Watercolor.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):9241
                                                Entropy (8bit):7.8198897242412935
                                                Encrypted:false
                                                SSDEEP:192:Pnnnnnrfxgx8xyEKbzlJ/nvZerWXq85eowpWT2W3Oqr9N:PnnnrfxUQy5lpvgrWa89Cw3r9N
                                                MD5:990678929C59EB2054C13576E0F92DD7
                                                SHA1:38C47F95969A5D26CD31A0D8EA4749A58342345A
                                                SHA-256:D5B8C6674DED1E52396FAAD3A9F59101F925B245829159AE2D464E29D3B543F9
                                                SHA-512:919A08B00ABDE62B08E556824DA18FBD947A8A42057E958C343FCB91E0D71C44B07E1733D68AF1CEC1C397345977A61DB9078F7B0CECDDD92B89DF00E784EAC3
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#JL.`...3j...b. !..I....O.\.r$.0c.8...8s.......,l0.....*.P..@....Q.@....,. ...Q...d.......@8a.d..6t..u."......L....B4.!....8.$.#...2f..Y.....J....d?^.K....\.N.!....9..a....4

                                                C:\Program Files (x86)\PhotoFiltre\Masks\Wet.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 89a, 200 x 250
                                                Category:dropped
                                                Size (bytes):23416
                                                Entropy (8bit):7.699749437823869
                                                Encrypted:false
                                                SSDEEP:384:PnnnB5yVIXtj35gpFrDxUrmm0oK4nEnia2SCHeL0OdWII4:PnfVgNDxRm0TD70SH
                                                MD5:079970D805064F6BD754913F0E37D3AE
                                                SHA1:AA03583121E80C2D4847A8D5A184149A580B8355
                                                SHA-256:174E1D24D82644FFAA68C3B39820C9EA8212C4CC4CFEA935799E89AFB840A399
                                                SHA-512:C748C38942230D3188EEB46E0E56CA48C3188D8B0229413430F61B00A87B9FA979FCE91F2D74DA62F4D4BC81C01C61FF03C64637F1107360369EEBAFC313CFB8
                                                Malicious:false
                                                Preview:GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......@.@....'T..!....<z.."....A~......2^.X....#b.$Q...*V.p....5,..c...H..,.#...7l.1c...2b.x..E..`.....k..+.h.C..80b....!E..9.."C...q2%..(^...a....8l....h.......2.P.....$h....."J..q..

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Canvas01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):13229
                                                Entropy (8bit):7.855831801806083
                                                Encrypted:false
                                                SSDEEP:384:DFeoS53qWlCYxGByzbGqkUIje1lbn6ixozhkG:DmqWlJx9vv0UJbxozSG
                                                MD5:42CF51A3E3FBA65AE560641E26E08030
                                                SHA1:92D21475474D774E8DFE73BD8779087FF1207868
                                                SHA-256:D5ADD335B0B423163893DDC09AE775EB6EE327194E0E2A2FC5404969659D221D
                                                SHA-512:EA63FC1624A01E5CE7B0189C647D2A8CA9FB198CF92DA5B6979EF65E8DFEC187D95920CF047537FA4F85611C41B7465E89DF31109F415F04BE84DD36E0FFA298
                                                Malicious:false
                                                Preview:......JFIF.............C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....a....S..Ny..."E.;..z.......dV...)....?^8=..G.U..l....$v;.2@..rz..9..v....%8..~..2....d.r..{.nq..b.r....r....t.....*.P...#.>...H...X.PF&a..8.......P..%..q"M....{........DFdb@;.'..S......Jr...X...0.o.9.w.D...GP6.....O...^...d$..H......<....$...`#...`r8..~.d...$....pz.#.o......qL.R.. `g....-#K$..FdY...#.....o....x....Ce..3.....Np8dA....r.. .....

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Canvas02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):12041
                                                Entropy (8bit):7.938796516415184
                                                Encrypted:false
                                                SSDEEP:192:4vC8J+BkZMcz6gjs2KYcbGMQgJ/fRLAR+dLtrfj4GTSal/nUX6EgmaDUDfBArOU:4vC8fx6gOGbgJ/fhjJSal/c6ETaDuBY
                                                MD5:1BAF1FEA2D5A5C343C0BC3AE5AD04E81
                                                SHA1:216F2006741A380BE8556984B9DF5746DF4DCACB
                                                SHA-256:B75D43CD2C9B9FC654FD91724DC30021BC594E77F45A2350C66EDC9E01567ACE
                                                SHA-512:8F7E1296CEBFDAE02B94B4FFD54266B1921D73EFF901C667100142F54843664B0261B75E2FD7BAA66C4B662F1B156943E5A814635A46C3AECEE62F038853C382
                                                Malicious:false
                                                Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....f..6.e..f.I..v.y...0[.....PN.%..7...1.y).O/a.....L.#t..R.......+".0...$..0.....Z...@...Y.e.z.#....H.p..@<...C..Z...E........G`=(..E......+web;.t.jH\..j1$..?....@Z[..8..m...z.SD..K+.$.;...l\r..:%....j..7......#y...|*.........K.yv.<...\..i.1.o$........}.".w..u>...-9kx.!v..$?...qR..!...bL.c..d............X..5..;. g.23N..&.E...>f....k.N(..E.BX...S.p:)..O.Jo.8vT0.

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Canvas03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):11273
                                                Entropy (8bit):7.942835049888625
                                                Encrypted:false
                                                SSDEEP:192:LSJ6SDkc7PdlYPrdC8ha3woLonQEU9sGL1be7875d42W0lmagK:GV5rkrxg3woLkU9sr7875d42WomaH
                                                MD5:EBF8CACB634CF65D9FAA84F60EE9904E
                                                SHA1:240F2AA42D722D4926BB75F0CF52D97CDF205171
                                                SHA-256:239B530F0387FEE35BE9BEAF9DDFC48039E418EA6DEA3B454FC4199ABD93AACA
                                                SHA-512:0746563063ECC48C7D7A392A9E80CB39A967C507682BBC4A258279280548C713368F05286DE97383962C9870A3B9455993B0D75EBAFD2E348252F18433746957
                                                Malicious:false
                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..$...iM..08r....B...........{..U...35...L....H.p.Wu..0..3+...YSt"..o.Iy.ypI~.-O.....q.(?!..O.*...$......b..<.%.. ......}(..mn..'.*.u.....F...+\..]...Q.i..._..B[........nKIp...#.....j...E....0..RK..j.|B..=.......c.{...t....M.A..m.T.n^.b../h......T...d>m.....s!../.21i.j.H.B1......(.Eb.{..,c.).b.......$8..P...Kh..v..&..K._aN.HZ.G3. X.="...4.Y.F...~d...|t. .2

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Color01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10412
                                                Entropy (8bit):7.162853690785917
                                                Encrypted:false
                                                SSDEEP:192:sUgkdqkYn2apomOYyOm6SuQgH5C0JEY+UkgDFDHYM5O3gkdqkYn2apomOYyOm6SV:so4boKm6VQgLJE3Ujh724boKm6VQScOq
                                                MD5:FD15C184B6E46CA2C17A14686D5FA4A5
                                                SHA1:F12315EAC57C7D3ADDD0CD330FBC8FFE401BE896
                                                SHA-256:9AE5630AE79763477DAB7FEE75E91B27DEE829EB6B17A749A5A954C8BE3C5991
                                                SHA-512:54DB78089B4EF9B13F66B41E76B82DA27B273DB5EFF60DF584C175BB77CAACE4C93234588A75574599704639341DF5F1C041A968751D67A009F6AD75C94D438B
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...._....y..........D.U.........5....m.......k.b............z...9............H...../....U.k_._.:.}#.k_...._....o......I~H.gZ...8........z.WY>......?.....A...U.O.......$../.*......./.'.).'....|...i...Z.?.=d...<S..-?.o._.<#...........~.[c.*~G.\.....O.5.......j..?........?....G....?.}.......?.._.......O....B.};....Z.4...?..+.......g....0.....l?&.........A.....

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Color02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):11394
                                                Entropy (8bit):7.9498947122954835
                                                Encrypted:false
                                                SSDEEP:192:G8g7OZoWRro8RRWpGajXias2eOkaPNUbdX45UDsipTvNo:G89oWRro8RRPMyJOkalU5IEsipjNo
                                                MD5:39C5FFDC6ED17BCCEB23D95EDBA8C394
                                                SHA1:6403D9489D42266EFDF26EDD8861FBAE96E026A7
                                                SHA-256:A5FF53A9EC061A8DB17A6B6BB2C1BB40B92D5B653B2695B7D5DF09C50944D063
                                                SHA-512:8609A54F3CF8B772B31B4051A90BC47640B6E26A00BD7AD5F616747F45AE39607EEEBB6D1B8C9314A053007FB998D0D29AF68ED4ED2C0066C5246048C74913B3
                                                Malicious:false
                                                Preview:......JFIF.............C......................"....)$+*($''-2@7-0=0''8L9=CEHIH+6OUNFT@GHE...C.......!..!E.'.EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..,n...|.,.2v..u...[.......n....l.nfI.2.j..?.+PF%.X..1.s.p\...Uw......^;.&...Y...w.&I.....0j;.R...U.V*....5sP.#(?s.(.;.....R..[..,b.g9..6..9Q.......($u..I.D.......[h...S^...4.... g.\.*.qh...%..Lc.eu....9.Wml...%.b>U..j..[|"M...E..:+......U.l..FN.-j.....+.~.....n.!.L2......5........_...2m.x.`....T,TaUR.t&sNjr.I<qo.F..x..M!.H.p...P[.D...6.Z....y$.....A..E.

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Color03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 128x128, components 3
                                                Category:dropped
                                                Size (bytes):7853
                                                Entropy (8bit):7.938358513111566
                                                Encrypted:false
                                                SSDEEP:192:Rhb878m1Q5HQ+wo/nSCGyXLEnEsxcwHaDGr:Rh6j/kSCsxcwHU0
                                                MD5:421923D165C6C9BC2D9F9C46F370F348
                                                SHA1:CD4092EE60E9F4308A8E07A31DB35B1ACC455549
                                                SHA-256:A270883F1063545D4D2609CAFF53BBB6D9883671D54C5000E454ED0E2380B654
                                                SHA-512:D27179C12EC5E68F886219E92BD294D635315CF7E2BFB86D48B32B9FED1E6986DFFCC33AAE864502EBFE9A214D382928030FE429387FFFF40AF5A31A5544F72A
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..<.$.#}.L:....~..\Zj..u....~.0=....a.]_...6...U....v.M...a...3s.<..O5._.m~'Xz...v.N........~..72.........>..w..m..K_..ch...~Tz..rc.D..Q.[..|.<..W.k.......9x#.<..v.....D.....?..Vl.q..>.q.Mg.WIh....`G.....6A...Z....<n....i.m.&.........Uh..5.(N_%.i..+.:+....{..[]..0........i.I9$.$.^....bO..............'N..]j..wz...i...c[..#\.Z.....Hw.d.......x...W.U.-.._.7.^.7^-

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Fabric01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):11846
                                                Entropy (8bit):7.950627470259814
                                                Encrypted:false
                                                SSDEEP:192:43BnDPWK1RU9oWtXo/fpyOU55SvXjEDk3j66AAvwh89GOtDJ5PfgKti5D0o4lxrK:4FDOt9LXoXpPU54XjM6AAx3ociAvK
                                                MD5:C29C33921315A7A314100BD05F7CE952
                                                SHA1:06004CCDBD6E9446441938BA33279B40CE8F16FA
                                                SHA-256:C23286AC4C4BFB4013D7D008B7618BB759400A90C46E60B5C0F3685802A16013
                                                SHA-512:45AF41B8C78AC891B74A1D600377390C32699AC08C9ABBC0AEDE9B13CD75A44E91E619F32B4CA75F689ED9E6847F868627D9BB7AE5A782CDD6CC6D276B4EBA7A
                                                Malicious:false
                                                Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.........pI?L...T4.._..~@...}.....$....>wY....z~5.....I.m).3.....*..0.s..(.....FK.?..F.Pb....<..\......c ....8..<g.....J]..v.........(LN:.m ....a.P/...3..V..q...Nk7..q.h\..p@...Z.....Z.FQ3'.Hp...^.\J:.ni~cE .d.m..z.U..$.....+.....M .Y..s0........1.C..=}.BeJ..K8X.....x...g..z.",~.5...0.....p3I......;d.....Z..SR.S...r....=.$.(i..l.. .....VTV"O-OV~........mw

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Fabric02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):9000
                                                Entropy (8bit):7.941434759932763
                                                Encrypted:false
                                                SSDEEP:192:kRUM9I4miYrdhY8C8Z2rqF7JaUNnNxq6QkrtIeN5uEHGtdE8FkwvKnAm:kevf1C8iia0zTiEilkaQ
                                                MD5:74A5C4F898ECCDAD218C338EB268B7A5
                                                SHA1:915CAC8A25F1B8B89D80D093EF882D79C7CF0D89
                                                SHA-256:D997366DA8B39F4DFF1F1C90988891C76A9BEF708FCAEA94C7C1DB25E3BD379E
                                                SHA-512:8703F05CF127CDF775CDBC16C23F3086E9C3355CA432261BCA2F9948DE895A98EAE041075368A4EE136FB54ABA92F8671E12395584C15DCB93A1C10225E4FA6D
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...V.s..)8..s{.D....E.zd.J..e+.3..+.3G.W[o..I(G>...W...,.+.....V.....;..{x.g<...I.K.T.T.25..P...AK.1...zW.......x..,t.4.v.D.......&....|.R...(.:..E...-*..Q....K...H...t..-.j..s(.q.2..$rIbs.v~...;}N;D_....nXg,:..GJ.W:.{..+.f..{SYt.v...v.>Un..+.y..G.S_.W.7&K..Y.#/Zz=._.dd.s.;.ug..h...Tx...=.l.\....h...,v...m.O..8.P..1X9.8].t..-7X..E.....I....P.r8...4D

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Fabric03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):11520
                                                Entropy (8bit):7.954763761114242
                                                Encrypted:false
                                                SSDEEP:192:LSj2w/i9pTRV5qm5qTNifgDPBT0Pt/ntXq0BOj2ZLWpzCLEP5c25+ptH+qlDmIqR:Gj2wa9thqGqTNifgNE36FC8plPKLptRa
                                                MD5:24993953508AFB10E3E18392EEEDCEBE
                                                SHA1:0A1E5CAB9AEDE7CBFCB35E6C99F77C3D342CA14A
                                                SHA-256:8EC93EB57E2D29B8B7D4B545064BF3E0090FFF4A3C56786A8718A745D640C2FD
                                                SHA-512:A4A50DC69C6BD437D07C6976A26E9C77477947CFAEC495961C66580839F35014F280AC36538A1C1A8A50F066D32441451E3AE15E236C0FC9696320A75E05FAF9
                                                Malicious:false
                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Z...P+.m=.zN...Mu..D.gH.I.U.W\A.]y7p,w....=T.VE...m,do.C....z....S...}Jg.....c..z7...u..0.!..'....]..Y<......W..{Z7v....O...O..\d........-....(.....X.@.IH...l.{.C]j..(..>.Solm&.{y..\`...zU...g..i...]...."...S.A...\..t..@....:U.w....E8N.....Y......Q.sJ..:..MGs..;....q.x.W....AS./c.]Y.m.6V.8a.....).$.BL~g.T.k....qei.]^.6...brP..{S...N.sE...x..l.9.k.0ifK...

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Marble01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):8776
                                                Entropy (8bit):7.928981125645974
                                                Encrypted:false
                                                SSDEEP:192:kyoJ2qYJfvwtn8PfMmXj+VjPUVPOGl0oy0x:khCn5fd8LUVJ6q
                                                MD5:CD5FFEEA5332CB22977AFE232FC3B776
                                                SHA1:E117089B6F0A77E6514EF4BC5C8AFC2F62606839
                                                SHA-256:2F65ABEC962C6CDD839FF6D4A56362809D19B7BE023E3282667ED56B9C02FEDE
                                                SHA-512:8C960CDF3E4E02F0859CE98422F86B6EC3E81675F13B616F6A6BCC97D27F2E37CD4D28D47DC8ED0F1D63927156298E585E20E11F9C76E636082D33D1A81E8E5C
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......eU.<`..V.n....9.Z..t-...`g..*)C.....O..y.....n;.....c...z..6W.q.....({.o...x.jV....B....22=..............&~\s..W.C....I.'.5.~..we.{..2Y.$,..?......~7...'.J..p.[.c..|...H>..U-.....x.'.jo.X..I...G'.T.G.ty....e....>...XJm...$L....5..j0...1.t....^....Ci..Cb5....5.W..kq4..+..I.5Y.X5..p&..=[..6Q.a[.....n..=...&.....l....v....Yz..U.B.3....M..c....q.3.....J

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Marble02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10278
                                                Entropy (8bit):7.94249450587161
                                                Encrypted:false
                                                SSDEEP:192:LSxb9zAwliFmQZc6QigENNv7jPHFy6GXohjGRgVAH4qrb89b7G:GpdAhBZPzlHFySjqgyH4pG
                                                MD5:F2D61F992034014D28780F443DC72DAF
                                                SHA1:4C63BCFD6238D8D85F2874B6C91C3A517A500D7B
                                                SHA-256:9C5513B54E2F88BAE3A6E597AC4752A7DA5D2F9A26EC2AD8E132D62BA6467F77
                                                SHA-512:F689C2799CEA3DB0E9CD3D1DDFB137829DCBD8439FF33EB4F644899C317630B6B636FEA44D834494D9BDCC577F62BFAF712AEFCF96116992151291F4E0A716D4
                                                Malicious:false
                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..?.....ME".o..!.....Y......-..Vm......~l......R|.lA<......>;wx|.#p.9...=*......0pA...1NS.6.(}.0?1..J........BU...9.=._..co..c..J.0E4...1...A...#."m.[...k......v.Y.....2.sYvs..a..u.#.>..k^F...nL.q.\....H.wye...~&.o....\.F.../...g..OW.L1...'...X.p.1......~.w..S9F.W...f..N.<l..F..R=.._..l.ze\..;F.).m$..........~Jg.H.s....7./r.Q2..M,j.N..c..TeYa....G...

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Marble03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10598
                                                Entropy (8bit):7.936259584753156
                                                Encrypted:false
                                                SSDEEP:192:koBFfWWPT2cGodGKBK+QhXM8Ddjf2YYGm0d15tvGDF9gpoOZ:koBFPT2BzHXPcGmUvGDQr
                                                MD5:AF97514081CB6E08BF4ABA198F8C2BF7
                                                SHA1:38E73118F0FA2584F96C1CEBBF29614DB8B37C90
                                                SHA-256:79944EAE8C19429E3286B8BA62B2AB7050895B8CD8D6F51316F153898E4E72B5
                                                SHA-512:E2DAF47BC1651503FEE5DC4F31325F4FB8E9135F6F0859A9625F62DF4A66653991A9591335DAEAB2E136EEC1DF21D3FB6BE707F27604E0CB3505BCA2FA58271E
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....m!9*.%A4.....%."/.s.4.uVgv..r{...af.&......7Z..._C../....{..........".....\2..*.#.......&..26AlF.q......f..k...eY2.s......pF...,.o%..(.0..eO...@..,.A%G..."..m.....p..O...M....U....(.....K.2...C6{R....\)...v...b..j*....u?37L.C..#......:.u...P.s.N.X..%...O.SJ.^.R.-..W...W...r.=x...*....4.\..x.:......&.6P.\.\g..c...s.....r.....'..U/6e8......I.Dx.........o..(.

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Metal01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):9135
                                                Entropy (8bit):7.821519268881885
                                                Encrypted:false
                                                SSDEEP:192:Rh8jAUD+/uKbz5AjtX4RxjQ14xCbH7Dbl7k:RhD2+/uWVetX4vjg4xkl7k
                                                MD5:D01190E6AB15749FCAE035031BE5EF88
                                                SHA1:95A913F7D6CB4C83B895F3B231528EAFCD020AA4
                                                SHA-256:2AE79A0E374FCF6E8BBEDC99FD662AFE96A80696146BED5C5CC240A75E64AA89
                                                SHA-512:F7047FE2EEAB345418AC66F22C88BB6BBF520D435E302074F8CF8B1B0D799C1F9BC0A5EAA29A78536DF28CD41A7D285B66EFDDE6DDD827F156922F5D3E87C93C
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...:.,.......E..I......(....j,.*.1J..J..F..A...GbLc..e..']F.~.~...q..^.n.dz.O..>.".6...l..\/..[.N1..7.........^.j.E....D..,S.9.!U...9.x.J.....g9......i....N.......tm.Q..l...b..'.&|.?.$....Ra.@..#.....].3i.N8,...h.{.D.....hd..B_j....1.$....=......C.......|......I..J.O..c;nN..a....}KOu.n...a..EYc9...I...i.|..B...rJ.9....R]F.$+.r:.o=.j..0;.K5..bI..U..Y......T....K-.s.Rr

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Metal02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):4966
                                                Entropy (8bit):7.465843126452959
                                                Encrypted:false
                                                SSDEEP:96:RhEr9r7Sz1gHG+CB453toxAnuLh/aCClJhkWh2ygl+PU:RhCq1gHG+U41toxA4h/axDhp8
                                                MD5:374153CE99359F3D822D02E57FE4FBE1
                                                SHA1:16EBCDB0D1B6BD009ED6DC9F60A33C6E1AB24CB9
                                                SHA-256:3F58CA5DC5ECE8F1267AA4A2EE3F3DEA18DE484FD5E8EA5EC12AC0DA2F3E58B0
                                                SHA-512:AB7208FCC10CBEAF28F10337FD169CDD682450333AFB569630129110896522748731642D632A56E12C8DEC99CF979EB12CBA26966A97FA22B0F80EC42E167775
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..O.X........h8....i..../..=^.,..g@uX...V!..-......?..........|..V....G..C.Z.=...Z...}.}...9d/...j..x......A.s..lO_.....Z9d?...V/..(....A.s..kO.~.}.?.... .....]w...X....{W?.....G....>I..........j.?.........Z>.....Y..........j.?..........Z>...hQ.|....AG..C.Z.=...Z.....i...Y..t..u.?*?.b...q.\.......kO.~..$?...j..x......A.s..kO.~.}.?.... ....b......X..

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Metal03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):6549
                                                Entropy (8bit):7.69227074713003
                                                Encrypted:false
                                                SSDEEP:96:RhEmCc1DZIw0xj3VQk1YJLhOb8+kWbMcHdJeVsZYljEw5v+FtsGSIK:Rh0WZIxn1YJVckEvo9lH+FtsbIK
                                                MD5:CFD95F64E0F270D057AEB26A9B3BC356
                                                SHA1:B1E6386323672F092C041652AB31A02B212F091F
                                                SHA-256:717E8E6CB889236D60F53A120BC987D4887FF6BE82DEAE8D06C7C98C7A308EA2
                                                SHA-512:B1D0C357FD1F1217A562E80A21ADC374E69F75B9CFA751839039519399194BE980246C3977325680D0513C67AD3F5B9156106D93DFC9B9139E2EAD51D33030C1
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...}............9.B'....ZC5.`.5.N..-...~..\..A_...rF6..@......"..h...6...i.v..?...4..b3..H.......X......~. .P......L3.;#.z....iw}..>..,..}7..?.4..o.e#....e...}R...B.~....E.....;(...Po.#.A..........G."..^z.g.Q`,..`.y...1.#'!...D'...?@.?ZF........`-y...d.\.FN...Yf......u.S?....,..{0......?{...j..%+.g>.Rgq..'.......a......Cs.K...S....J?._.j..G..?\.`...@.d..

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Nature01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10586
                                                Entropy (8bit):7.9218870626069995
                                                Encrypted:false
                                                SSDEEP:192:R0SfPyw0ZG/JDx3nzUG5H0/YtUOP8CcON2fpwTXXa56ChSB:R0SHdfn5CYtUGncC2fp0zCh6
                                                MD5:CA73B80C0493A8E52E035478E7CEE48B
                                                SHA1:6CAC7D655BB0CEEA3EDC4660665FB47A95B80B31
                                                SHA-256:46B549F53FE5CDC59893B417E07F911780B18615F66BC5EC2947B543A5B689F7
                                                SHA-512:B7F7EF033139FDE9943F8DFCFDB8D02B3A7A982F4A10A42DD54080AD1194163403DADBA32C4F2E13EFE6440C24D11F4C62DE76DA64711D5C85300CFD78CF8DAE
                                                Malicious:false
                                                Preview:......JFIF.............C................$....., !.$4.763.22:ASF:=N>22HbINVX]^]8EfmeZlS[]Y...C.......*..*Y;2;YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..r..my.0.O@ON..$P.7......-....I}.V.2.;r`...~=...Q.6..\..^..f....X...6M......+C.....''9f8..z..(....#.bC+.wz......B.X....I..9.)...M...bI..Tc.......&.8..cD-.w#..J.32....8...<..NK7.Qy.~.,{.=.....|..v..G..I&..-.e;./<....+...p.s....M....1.dn?.}.z.;hD..p.8U`.S..Q.x...[xg...To7.|.9..)...2a.."1.n...?.."s....6O9....^..n.G...$;K.p.....I%P..Y@..qN..?(......c..`1M.f.

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Nature02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10383
                                                Entropy (8bit):7.952735003872755
                                                Encrypted:false
                                                SSDEEP:192:D3PV852No7TMD5ZAeQNUfSLmW3swOi7OHwBJimFnvJ4vTLBVxyy9Gts:D3PS5Yo7TSZApNrLCwH7OQBJlhitLy4B
                                                MD5:A6491C29E34CE2FAEBF3E6C5D3678149
                                                SHA1:209CE9531D13310719BC686A26F03ABF973D1E66
                                                SHA-256:B68255687B9921977B48A716EFB1AD062A3C600B3B314234018F884265527EA9
                                                SHA-512:60C40D1C3DB8FB1C59617891CE34D8EBFB4025A5AEC7EBB277A4A1BFB8BA3918E487B8312660AAFA2D58BC1C214DEDD432E7FB1FD33914C95A07608C367965A4
                                                Malicious:false
                                                Preview:......JFIF.............C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Vi........\.ye.^5...09J..[......S.....#..&..gF=6s...K.TB.q..g.O2Y ..<..5.....e.6,H...Z...sy9..\..$r...%..;...)u........-...S...J.+]..kh.Y......xG..;....]...7D_......I.....+.v...$......0.nooj..\}.......N..K=,.r..w<.g.G..{\..m.dF.....[XnEHu-[S.-&....or.....fe.p..(..W9.K.&.K...8.tZ.y.9(_.....v....J.e...rY.3X:..o,.......rkn-*}I....0~.;Qj...........T....0

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Nature03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10469
                                                Entropy (8bit):7.958943078805449
                                                Encrypted:false
                                                SSDEEP:192:GGKjt6l/578H8eXKdSvp6yz1zaC3w4OGxyFXIl9hC9/w+qG:GGwta/KHXSyz1m5EwYA/wlG
                                                MD5:CDD1A8A0AB0E6ED16D5623E948602714
                                                SHA1:77F6B3E67A13F1D67938EFE0897DCE354DAAAAA5
                                                SHA-256:93CEB384BC849D0866FF14AE44B7FEB57DE13CDAF9102C2C2A97D74692144012
                                                SHA-512:BD943D2F1C63C4090DA78C9A9EC6CB987711B0E55C32BCB4B51A758B8428CFDC8EF69AD4DDB410B13CDDDC1E0908773110E2CC696BF3717FF06DFA89B36112B2
                                                Malicious:false
                                                Preview:......JFIF.............C......................"....)$+*($''-2@7-0=0''8L9=CEHIH+6OUNFT@GHE...C.......!..!E.'.EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....y ...s..5.......g....5.n@.K.s.u..Y..r..(........g.o.$..1.N..qV..B...%...'.Yz...ky.9.....l3K....ry;.~...;H.7i?.I.^...#9.7c..rcW.'e.Y7g.....k.]..H..c..w...tT.p...g...j...@m.t..+..<M,.t.:(We?/Pk>.P....X..v.......m.b&#... .\.3qq4.._q..q........T......DY..5..6.....s$..}.?...V..FLg...Wv..'q.".....<..[;...Y..Om)_,...E.$.*..b.$....ygho|b..;..C..4..V..q.....

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Paper01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):9603
                                                Entropy (8bit):7.948575186037468
                                                Encrypted:false
                                                SSDEEP:192:RhYC4y84Q3EqFSaGTwJgBpvxu5BvoohENdKxTwwyW84utl:Rh5wEAzqSgXQ5BxhEzK5wwyWk
                                                MD5:DCD89E56E27ED7E481E20E858AF66B3A
                                                SHA1:79CAC712AAE218E06A7DC5B52CA6363347B7F353
                                                SHA-256:3F9D275E049C656517F9E8070A7269E88A7E014D705EAADFB83D76D00A78909D
                                                SHA-512:A0D373B64A03972D70A1B156D55570951317847B93AD2BD0E289CAAC050C6112B93BA4FEFED9D87F981B076C61E56CDD71C2AEC99053A134EAC2DA954C0E8F88
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Mx...\(.."..v.fw|...V-... .T.Z]...f...'<...;....P...r.d...b..R...Z.z....X.......>u.1...5^...Iy.>...rJAq....?ZM:.GM....r9......v...o..q..~........r.O.Y.+=AOC..N... ..x.j.k....jTr....@..0..v.W.....aFq..$.u$%.....a..w ..x..Ai+...c.9.H..V.=:.S..........-.[.7...Y..._Se.V..>...xR..VDz....e...<2.2zS...kw.....>b....O.F..b..N./...M.T...N`\.c&. .g.....x..f[{

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Paper02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):3234
                                                Entropy (8bit):7.407995074310542
                                                Encrypted:false
                                                SSDEEP:96:wE4aeGvIbt+XAT5vylQAdWDKAZEjsi8b1M:wSjvIbt8k5+jdxjshb1M
                                                MD5:22E1A3C55F0CEA48B967FA880C46B53D
                                                SHA1:3BE4564D026A68AD210091885402679601B114FF
                                                SHA-256:EF14A1EE15DF9FF50BEEEB890EA26E6DA35764E7CDC1111CFD1CB76AE4ABF1ED
                                                SHA-512:5F12E416430B500CBBF61BCFDA604411DF9915C1667654733EDF8EC7AC4ED540D83412EDD7DC1AD07FE03C3D69E5E72625C55D683BD5CEFE32FBBB81D09D1D6D
                                                Malicious:false
                                                Preview:......JFIF.....,.,.....C................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc...C......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....i.8....I9.+.:.....R....JA...P.....R..qJF.)....O.P..Z...I.T..f.03.\..S[..z..A$...c.4.1.r.....p...Hrx...<.B..@.`u.(...h9..H.......F3A8.@........h$c.M..sJFq.....>.(#..Ny...SI..AH.t.@..x..8.....)I...8.h..........2i..=3JO.4.Rrs..1...Q..r...S....4.:..'<.....sM...k7...L..)9>...Td.....I...8..._.Nr;....&O.8.Pp.&....1..O.JNz.)221@.29.J.....A$..1.$.=..`....)....}

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Paper03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):8686
                                                Entropy (8bit):7.9268658687920714
                                                Encrypted:false
                                                SSDEEP:192:k8nGfDCVzTxm/WBgpVN1gn8+2ww16S7jBflm5+9Jdc9rp:k8nGbCVc/9VN1gnQh1Hj5lm5+fwp
                                                MD5:AFDE616E71383D63DC1B5B9587293F17
                                                SHA1:918F7334B509D0FB2F4B07CD443342B40D1A2922
                                                SHA-256:C9A4E221D7AC505020DBA9CC2CE0B0697AB8F83C29540D24D173B9914A4680A4
                                                SHA-512:5E07377411A5D8847578364A1D197142759C4CDA81248AA25A878386440671E3DB9EE8BB563331469927977A61806B25C3F395B8E70D2D13DC91CC0642CCDCD0
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......EFIj....Wp...T...+.....3-..c1.y...i...5.9.{eS.>{v....Y.L.?j...o$e...I.....E......r...o..vIF.T.4)&.=Mf.F..]....^...<..r...+..X.M..zVr.w......XE.8C..=.U..)..P..i.^q..~..P2Tw..^.......-!]..=)5.....|....X8....... ...w:|.G..w..Essg!.HA..k.+......P.j...o...0..z.&.......b.y.k...R..i6..\.....v........$...B..MJ.l*+..<.Ak+J.!FN}i9{.......Fq.-..5...)...M....]...

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Sandstone01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10574
                                                Entropy (8bit):7.8944185877743305
                                                Encrypted:false
                                                SSDEEP:192:4HIYzQLHV67RwsJ096Lf4urzf45W80F+DsAmEmNnLWQaDj:4oQQTAlwsJKifBzA5XG+4tEwLWr
                                                MD5:210F0A9F5ACB814C90A8E326BCB21123
                                                SHA1:4824010FA6533088220FDF89228A9121A44A6553
                                                SHA-256:5AE994010C923505C1340D09BCC7AC586D3C606A4B8C59ABCCE4C3B8A4B0B579
                                                SHA-512:457451D2B5CD43C8C16E06AE43870D4E5FF5DB80102322F83B4739A7E6ADC20D3FF87C5276951D5A1AB4FD9E71300BB56E14B951C2C85E6E20EA494FE3F1E505
                                                Malicious:false
                                                Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..h.1-.m..0.o|v.Z.c...l....B.?3.S.@....V..H.z........,0...T..._J.P.Q..4p..$&x..x.>..c......H.~.g...T..I..'.l...._jp....y*8.o.S@..A#......?.6@..X2.v..=......+6...`.....G.AL.......G.V(:~,x.4.....';B.U^....V..`.S,...$....=MG........B..}\...TI......I..^O&.-}.......>.....J.3..)...3o.>P6m..A...CK..W..;.^8.@..Q.....J.\{...(....9..[[|aP......~t..............W..a3]<

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Sandstone02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):12310
                                                Entropy (8bit):7.941157336383485
                                                Encrypted:false
                                                SSDEEP:192:3aOzBz/UZP2zw6gieuAmUNMud3Q5855cXsm0jsPnZDI9Vw6sGjnu:3lBzcZ+zwdsRIMuhr50rPBXGju
                                                MD5:A0774E3DCF6E607101FCAF41B928A8A7
                                                SHA1:880C0B3084257A6F38C7A4C9413B608DEEBF9BE5
                                                SHA-256:DEAC85C0F1AA17B5F0401A5C89D89BED58E9766E05C5C53497083A90FC8AA5BE
                                                SHA-512:6613C8C56DEAEF961DE3AF6DF60A5D073A24559A59DF103567B4CA6E9EC244C519282FD0B888851AB96A742EA8FE50FE5B1AD96447FC2F882E2ED3C1C2E086DE
                                                Malicious:false
                                                Preview:......JFIF.............C................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc...C......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..I#.s...3&U..6A...L...C.2...R7..<q...o*i.E._,..['..;w.RW..<.f..'...4.".......O$.|.U.9.....cs...zc=.;...+...H........\...&.=:r.I..VV.........Ru..`.4..T...O.n.rk...F%C!!......n..g].#.)...N....8.O....x....A.1...+....p`.d...V..5d.B.1..Fw..........YJ .*..U...\1.z.+.T.u.dDG.+.;|..d~t.b...8.....9....._.V.8Q..........E.X..,.)0.pX....<w.Z..5..........."X`.w.W..2

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Sandstone03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10750
                                                Entropy (8bit):7.935136741925796
                                                Encrypted:false
                                                SSDEEP:192:H7H5KSeJxPBVxRnodygON2fbK0Ib0GgSRotnoFcOBGA5a6TH2lxtwBtcVt:H7ZKSyJxW3ONqbK0spyuMi/THS3AGt
                                                MD5:6A4642287A13F4A03715010E030453A2
                                                SHA1:FD36FE7F9391F1075D61FBB2164BFBE5DC1FE8D0
                                                SHA-256:66345AA614352B14BB025DA46A88DA705D9999EAE4FC9399E0D11D2803102374
                                                SHA-512:C90C01D176BD95F63EDCF65AB2D453FCB0D2489DA219A48708353A438AC129C631834746460E68506BA2C0BBB72B5F13F72235A1E7F90B345BA634E9946DCABC
                                                Malicious:false
                                                Preview:......JFIF.............C..............................................!........."$".$.......C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....\N.<.9>......s...Fo...rC...]..v.l...(.wc.f".....n...rTI...y..\U.f..........e..TA.>.U.FK.,.m .j....l.,x,q..z.u?....J['.{.F-4.c%....B....|...p:...5.v|.0r21.~.H.@9.ia..=....w....M.i$.ei.... .O.1..h..._=..FSb.9........$....6.r.w..ze.+..)...p...WO..c..W..P..X.2..;q.=...h-!..6..$q.v.@.I$...5bE.E.6K.`.[..A..`..q..*..a.....2I....p:T.....ob.+<JV'.U..v....R.!0.B.

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Scanlines01.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 87a, 200 x 200
                                                Category:dropped
                                                Size (bytes):1443
                                                Entropy (8bit):4.4771215233774875
                                                Encrypted:false
                                                SSDEEP:12:Y+BalJNTYe1RXl+/jT0NuU6Xf/hWZwT++ncXMOU6vq83y1IbrH9J2fzcjUGRKEmk:vB4JNP1H+/X0SgZw7OrvqqKIbb31p
                                                MD5:853624EA3D1D57D0129C4834F5F0812A
                                                SHA1:CB83E3E955AF8D71E40220E339BBC8DAD0A998C2
                                                SHA-256:207087A4F0FD65A3F1F48ACE2757AF161E2936ED7CB5DE0FD4A225F44032C18A
                                                SHA-512:BC28B552125EBD22F22E6405E1A193FC9E108A3E03F79C1D78A8851F1176A28D02E410FF0D8C3C4DF3146016E7450A1ED7FFC666D19F64129371ABD3AE4986C1
                                                Malicious:false
                                                Preview:GIF87a..........>>..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J......3j.... C..I....).\...0...I...8s.....@#..J...%.*].)E.P.J....X.R....`.]..4.].. .p.jlK..X.x...R...C.K..K....4..P.#.tL.2B.3s.....;.v.......^.8.k..c.~M....

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Scanlines02.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 87a, 200 x 200
                                                Category:dropped
                                                Size (bytes):1443
                                                Entropy (8bit):4.482585682513579
                                                Encrypted:false
                                                SSDEEP:12:YE8BalJNTYe1RXl+/jT0NuU6Xf/hWZwT++ncXMOU6vq83y1IbrH9J2fzcjUGRKE1:d8B4JNP1H+/X0SgZw7OrvqqKIbb31p
                                                MD5:27C8DDFEEBC9B0EC1A9CACD311B5F869
                                                SHA1:F219FE842F41A9C4769421FECA39596BFB41E5DC
                                                SHA-256:182B1B945E0F889C10D211BD4E04EE45DF9276746B19D45075DF1A202721D235
                                                SHA-512:B7D8C9BA1F334335AFE24B6B7B10591B7599D0545F70362BB7AAFD43B7CC3CEFB1CE71974B70417F52AE105E697A935DF6D0A537A9C824622E3B66C472A2AD4B
                                                Malicious:false
                                                Preview:GIF87a.........s.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J......3j.... C..I....).\...0...I...8s.....@#..J...%.*].)E.P.J....X.R....`.]..4.].. .p.jlK..X.x...R...C.K..K....4..P.#.tL.2B.3s.....;.v.......^.8.k..c.~M....

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Scanlines03.gif

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:GIF image data, version 87a, 200 x 200
                                                Category:dropped
                                                Size (bytes):1443
                                                Entropy (8bit):4.48785916863585
                                                Encrypted:false
                                                SSDEEP:12:YiUBalJNTYe1RXl+/jT0NuU6Xf/hWZwT++ncXMOU6vq83y1IbrH9J2fzcjUGRKE1:YB4JNP1H+/X0SgZw7OrvqqKIbb31p
                                                MD5:EC6435AFD52BF8B18F91839636132073
                                                SHA1:141FD614D0C8B79E7CE09AEA8AA0A6AE269B81F3
                                                SHA-256:A1933370F5DF2D91673635FEF32C6BB490FA0B3B2547CF76FAEF2BBBB0B6E235
                                                SHA-512:571C2607F54729BFDB705D0DF7FE4684965514028FE04E87898A6046AD08998FF462861B79D4BD71274C2DF0D8CD7E1E6E48B972A59864EC511D74744A522DAD
                                                Malicious:false
                                                Preview:GIF87a........77.$$..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J......3j.... C..I....).\...0...I...8s.....@#..J...%.*].)E.P.J....X.R....`.]..4.].. .p.jlK..X.x...R...C.K..K....4..P.#.tL.2B.3s.....;.v.......^.8.k..c.~M....

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Wall01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10787
                                                Entropy (8bit):7.961365220706138
                                                Encrypted:false
                                                SSDEEP:192:HeDmVhvNYZkVsg+2ASkxZu63SzgHJx+y77uNL190s52OJIP:Hess0jnAS6b3xuNr0TzP
                                                MD5:24761AC0CED9ACA943777C1A8A472894
                                                SHA1:E664E9AB5A85BBD54ECE0125113258878FB4C5A9
                                                SHA-256:315E241E8B9802A449965D7E71BF4AF8112B981C79ABAFCBF0450743482F2918
                                                SHA-512:21023D491CEAA71A3809F2A05F6B1A46A0E24E60029CD7A9563EA16F9AC9A5D7BA336D21227FBFA973854FF244F596F14644598D38DCFB22CCAB3E50F31520D2
                                                Malicious:false
                                                Preview:......JFIF.............C..............................................!........."$".$.......C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....=Q!"k.iX...d.~Ec....E]=...\.=;..........n..?.V4....m.n71....z.T.uH........n2.h..K...U..9.....@bu,H.1V.z..d4..a..I.P....5..c......Z.U.....wFq......x.H.m..!)..q&...O.;I....T..3(.,.......K..,..Bm..."......?..z.....r.>.WX..<.l...o..k........'E.&.bN.Ly .......E.+\.g..........o.eI. ......T)..8#.......j.:..W...P>...8 .zW#.;5.7i.4..e..v.A...(M......

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Wall02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10981
                                                Entropy (8bit):7.946054780931727
                                                Encrypted:false
                                                SSDEEP:192:LSCNvzmRsPEQF0mxAHKOgQuv1yhX96j3vRnMCy6Sab7wYeCLea4ytFri6T3pCRcR:GCNbmRsPEzmG17uv1vnMCy6S6wR2lF+A
                                                MD5:3DC4A9A02A29B2EE362C25C6C4A4A8DD
                                                SHA1:DCA627D368B5A71C9A4540706BACB6AB40651AA7
                                                SHA-256:4258A70727A1B3EDBFC1172EDE507A40D0C725C28D5BAE3866342B3D1E9DE4F1
                                                SHA-512:184EF1116BFE4F4482B368DD180CE01B8F4A27E3E7D552DFFCB754AA6C41FBF418D12107E0B45F7F0D7663125E511FF45446853357F0F3B555817A2DA9CFB467
                                                Malicious:false
                                                Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..f.n..O,...~OOn.......FX....O.R.Y..C....e.....1o..Y3..E.UJ....kC.j;...kl.p..E.$.+D.C...6..1!o..#..+.......q....Z%..0......<..Z...s..;XH..n..~...8...t..E....8Rrp}..Eom.M+.....9'..M.D..5d..F......i..z.......+.v.*D.x..F...0z.L..B""....#.Z.S.M..r.0...U..+.p.nk..WI-.....]........Fn.o..+.pJ....s..9%..........e...[.... ...C..|...g.bO%T.`.\...T.|..@Rc.n.u.o:=.....

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Wall03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):10687
                                                Entropy (8bit):7.904167218343594
                                                Encrypted:false
                                                SSDEEP:192:4jzS9K9G+SvCqJ7PUeUBItC+bLSe/qjwqX14ULhScum40tpRKrEq4xZ:4nR9HSvCA7P3UitCBrwqldL7umHpRKru
                                                MD5:0AF39B541D6560B033BC54E7D2AEB62E
                                                SHA1:B2C6CFD74A498788F67FAF20901252E96D8BE5AF
                                                SHA-256:A8CF5CF4D782B1A64AE134370DAED73F5ADB4A3B55775212AD6CE291E4DF73F1
                                                SHA-512:686D8D2F1017F27517976A1713B945211491434CECD39EC45D24F07E0D240B499F2C754E64FB19B3839B1BDDA24D809B9C893F93896E91CC6EBFFFA4792C5613
                                                Malicious:false
                                                Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...B... ...y....P9.N.ObOo.<.....).......O.5v.F.VG...v#.....L.v.Ua...XN......W#U.>.l....N8...f.XY...#,v....8$rz....d..D.-...v.3..+..a...#.......... lV..k?.....Z.+.2i.X....vk.0e/....(..K..p.s..{..."@f...rIa.}Oq....9D.......=.=zR."....N.Ld.t..z.P...'z..d.On=...M.d.P..:...L~.Uq...F]..........<.W.D.x.q.g.....].....z...>.....dI.......>..%!.2.c`.~2;T..Hb...M..I.*...z....$.

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Wood01.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):9773
                                                Entropy (8bit):7.941169215270185
                                                Encrypted:false
                                                SSDEEP:192:kyNd60uZNnxUd1qexGdelGvUtGEiA0EVEONs5uUySOa981U5eEzqAxRGPpk:ky3BuZJxcZHYiGEifONQySOamlAahk
                                                MD5:3683F7E561639CD779D5CC67E84D48EA
                                                SHA1:961AC9F94B5ADE96BFFBD968B3D088DE85FCE7C3
                                                SHA-256:FDB943A61C79CFEAA96D1B479337439D699DAD07A4212037F98E0DCE01D17420
                                                SHA-512:0AF401E505F653B6B5D434A7EED2F3F22FABCEE4A484098034EFF1C9162793ABE78B9E5C1F5114F033D08FC5A13F43CE2A33A9DE40742B65CACFDBCCE6F15474
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....y...6<. ....b.c.[36...*-.FO.xt.nD....5...`\..H5...Kc..F'......+...I.`.]......\....o..+.^...8.../.z.G..[..L...WQm.n<._8.c..,.5.`F....g.u..I....b...Z..&_.eH....r...#Y....!......[z00.c..B.}2..~...o?.??..c.H..'y<|K....O..[.&0...f....Y`<q6...2...?.....@...y....WSx-..a.%.....h.>?:..T..W..`...+..1.r..w.s.V.:.[..H......%.?v..-..w..Z....d............L...sD

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Wood02.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):12183
                                                Entropy (8bit):7.924696942339354
                                                Encrypted:false
                                                SSDEEP:192:kuqoYd/lLpMji5njFLXJV2eFbrbLOpkgMnyBNEPdYLcj4FiWQgoq/TQBCIwTz8O5:ku0/Rv2qbnLAkgMybEP+cCcBC3TzV/z
                                                MD5:B5A624C7EDFB82E55AB647C80495B6BF
                                                SHA1:22F1495D1762B47AC9FD7166FCE0F2A397EC97A1
                                                SHA-256:0193FC44E889F712403A718E0DC226B5DBC08E701C9AA139307D2A3F1E198D43
                                                SHA-512:50611EB1BC1B1303BBFFB18AE90157F6BF5E5D4A51DB213557F9CD0A58A16128C062A6BB540D41DE9E5C1722245EAA56A604DCF522CCDF7AFBCFEF0EE5762866
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..|<.l.C........j..H.a...Z..A:.MR)..|..............W...]/..F>.._F..r'.....9........QN...2oC...Z....f..../Z.Q.........J..........+}.0.....d<...`..f0.nbq...G.+_..2#.......@..8...............O..8.+..T.......jFn...........;.%...p...k@ZF..*z.q..I.o.$K.e.nv.*9..~O.e.o...u."...9U.h....#C.i.i.\. ..V#..W$~..".lo15.....~l..<.r[ ..n......*>.N;;~.{..Z...6. ..[..|.p

                                                C:\Program Files (x86)\PhotoFiltre\Patterns\Wood03.jpg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3
                                                Category:dropped
                                                Size (bytes):11396
                                                Entropy (8bit):7.958765710920577
                                                Encrypted:false
                                                SSDEEP:192:keOCLCYRgDVmBYiPKVULj7+tabyGzME3gEmITEGghYCwQfsLFUBKda:kJYRgDK1PE++taTYWyhY9QG4Kk
                                                MD5:B27A89440007AD2B3B53908061E0FDCA
                                                SHA1:2B8151DA8C1B650B927155DE308E7DA9269C22F8
                                                SHA-256:C1B14C50B3409C7D2E269DD81E5DDD581E89855E8AB850954BF176DCF1240CD0
                                                SHA-512:02E7B5A96385D33B9CEBC0F73677F4751C07A8933E6AB8FC770D135F4B99BB577A856EE1770EB57941237135343AAC33E07CDC23195A3B57020B46E7C17E176B
                                                Malicious:false
                                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...6.Is..r.....K#.j1m.....U..9&.a.x../.6...L.a..1..w.~&..}.T..m.....3?.._.x..w.)..;).....g..J..bX^O.mR?.p...>_....Q...I.....[..a_........j..3x./.."E..b.M...v.........o..N[..N.Uek.!E...6.>e..Kh...G.oI......H...,....R{...R.%.s....\..K.X.W.c_.4R.\~`.......m.^F.0._.e.......>Y'p.....*...c.y.;.1..IJ.l~7......$zqZM...+j2..82.ip....++LO=S...h...?._.O..9......

                                                C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):2823168
                                                Entropy (8bit):6.466958181962174
                                                Encrypted:false
                                                SSDEEP:49152:Lt0LzfDhMq4SA4fmHMNp9+uDZu3THT/O8uplt:Lt0LzbhMTYmsANb
                                                MD5:F549FEA1507C1FE8788E13AE1888C4FC
                                                SHA1:02E6A56AB3BC513FA1A3720CEE60EDF5F7D52D78
                                                SHA-256:6D8C5431368C4C821D910571FEA7E26DE3C3B64E48729E711519BA5DCC726863
                                                SHA-512:4EE256753EE715F549770E9F639E862DA5B44AB3A6FC5D5B2A995D4F4BE78DC0F7BE7D204DF06E96A371A77611D11532F4A3D033E6C9F14A70CF904C5CA6D662
                                                Malicious:false
                                                Yara Hits:
                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe, Author: Joe Security
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................l......,.............@...........................,..................@........................... ".f-...@$..:...................p".@............................`".....................................................CODE....t........................... ..`DATA.....1.......2..................@...BSS.....-.....!....... ..................idata..f-... "....... .............@....tls.........P".......!..................rdata.......`".......!.............@..P.reloc..@....p".......!.............@..P.rsrc....:...@$..:....".............@..P..............,.......+.............@..P........................................................................................................................................

                                                C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.htm

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):31567
                                                Entropy (8bit):4.8915704689240025
                                                Encrypted:false
                                                SSDEEP:384:EjGUR29xzqtWy36dl8hIyIYhPKN/lGFbz:EjE9V06dmhqYNSlE
                                                MD5:9DEC885AA9FD43D2D2F864FE52314602
                                                SHA1:AD7BD617ED1D66EAC3ECA8F189FB76BC7B48B3B5
                                                SHA-256:508D8B68AFDC0E0093D95F34BCB7CC9CB959BC024775430EE2AA19B16E254502
                                                SHA-512:05A5FD906B415F872A53343D3FD3C7C9A31FAAFBAF05B7957B48405960CBF07BE6D6BD0EA455DF5098B2F8C864B07D79CE5BD73F405655B2E5F8944918912E84
                                                Malicious:false
                                                Preview:<html>..<head>..<title>PhotoFiltre</title>......<style TYPE="TEXT/CSS">..a {color:#000000}..a:hover {color:#FF0000}..</style>....</head>....<body bgcolor="#FFFFFF">..<table border="1" cellspacing="0" cellpadding="2" width="600">.. <tr align="center"> .. <td><b><font size="5" face="Arial, Helvetica, sans-serif">PhotoFiltre</font></b><font face="Arial, Helvetica, sans-serif"></font></td>.. </tr>..</table>..<p><font face="Arial, Helvetica, sans-serif" size="2"><br>.. <br>.. <br>.. <b><u><a href="PhotoFiltre.htm#A">Availability of filters and menus</a></u></b><br>.. <u><b><a href="PhotoFiltre.htm#B">Image adjustment</a></b></u><br>.. <u><b><a href="PhotoFiltre.htm#C">Selection tools</a></b></u> <br>.. <u><b><a href="PhotoFiltre.htm#D">Tool pallet</a></b></u><br>.. <u><b><a href="PhotoFiltre.htm#E">Text insertion </a><br>.. <a href="PhotoFiltre.htm#F">Merging images</a> </b></u> <br>.. <b><u><a href="PhotoFiltre.htm#G">Image dissolves </a></u></b><br>.. <u><b><a href="PhotoFi

                                                C:\Program Files (x86)\PhotoFiltre\PhotoMasque.htm

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):7270
                                                Entropy (8bit):4.91843393804763
                                                Encrypted:false
                                                SSDEEP:192:6qjDCVnU7qwuz8N/zpnjLqto8XAcspkTVNhh/cSSb:60uoxzZawcspE7zE
                                                MD5:384B69F73288123000C0F38F8D05A8CF
                                                SHA1:BE8CDB4F69270C53C68E37EBAB431D7E07012300
                                                SHA-256:7A7B4128926B2ECCBB852F79509994708A3B7C63714E333348DC9DB71428846F
                                                SHA-512:664B677DB0279ACEB3B3DEED5A45EF459639EBBB083E004CD1A3C5FA063481DE431331C277FA7CC345C5B74809135DC3DF09EEDF22CDA56801061027D50B895E
                                                Malicious:false
                                                Preview:<html>..<head>..<title>PhotoMasque</title>....<style TYPE="TEXT/CSS">..a {color:#000000}..a:hover {color:#FF0000}..</style>....</head>....<body bgcolor="#FFFFFF">..<font face="Arial, Helvetica, sans-serif" size="3" color="#000000"> ..<table border="1" cellspacing="0" cellpadding="2" width="600">.. <tr align="center"> .. <td><b><font size="5" face="Arial, Helvetica, sans-serif">PhotoMasque</font></b><font face="Arial, Helvetica, sans-serif"></font></td>.. </tr>..</table>..<p><font face="Arial, Helvetica, sans-serif" size="2"><b><u><br>.. <br>.. <br>.. </u></b></font><font face="Arial, Helvetica, sans-serif" size="2" color="#000000"><b><u><a href="PhotoMasque.htm#A">Introduction</a></u></b></font><br>.. <font face="Arial, Helvetica, sans-serif" size="2" color="#000000"><b><u><a href="PhotoMasque.htm#B">Choosing .. the mask</a></u></b></font><br>.. <font face="Arial, Helvetica, sans-serif" size="2" color="#000000"><b><u><a href="PhotoMasque.htm#C">Parameters</a></u></b></font>

                                                C:\Program Files (x86)\PhotoFiltre\Plugins\Read-me.txt

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):129
                                                Entropy (8bit):4.476070461780053
                                                Encrypted:false
                                                SSDEEP:3:q5UAxEtLrePXtJxFDKfRXtLycFFLOo6FBA/FMv:qKAxE5cJfml5yOOpgFMv
                                                MD5:F37C5D9500356D18F72F600327C47F69
                                                SHA1:85A3F8B82922A344537FF7EF98A96838ED221185
                                                SHA-256:E9903E53FC553FAE896D0EF7B9A82643184999CE29BE5A26B488D6A24603D8E8
                                                SHA-512:4609B87F2890C39913AC5C841685D99EE14FEAF1B09A4033DDDB460CF10321FC4A59E1E86804BCE04BE4D4F962EAA0391BA13C9D15BD2BCA18235FC2737FCADA
                                                Malicious:false
                                                Preview:Install the PhotoFilre plug-ins in this directory...(You can find some plug-ins in my web site)....You can delete this file !....

                                                C:\Program Files (x86)\PhotoFiltre\Selections\Arrow01.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):53
                                                Entropy (8bit):2.8424747599547695
                                                Encrypted:false
                                                SSDEEP:3:h1vUT1RyFpigRk0eX:hlFCIzW
                                                MD5:9FBDE031B5F667B733110960D8112522
                                                SHA1:B3FDECB83739DA6840B7BB6FC9EB1106385F0CB1
                                                SHA-256:25DBF871BD0B5B45016DE6915699BCA2DE44B2D1BEBAADFF6B59845FEA35B7BB
                                                SHA-512:6972012661C0DF03DC0BBB51E221C451F5D914C523527C0EAF70FC95796E509D95B9D39CBCF8619F83D51CB2AB50B88F16117D04AE34024C5DE3D995F7A1111B
                                                Malicious:false
                                                Preview:7..0;20..150;20..150;0..200;50..150;100..150;80..0;80

                                                C:\Program Files (x86)\PhotoFiltre\Selections\Arrow02.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):2.8454265871243134
                                                Encrypted:false
                                                SSDEEP:3:UaovUT1RyFpigRk0e4vRVeA:UayFCIz3RVeA
                                                MD5:27C0CBA7EBDC409F766793545B8ABCD6
                                                SHA1:9DFF862B249CC454672D7919E3AD8847F11F828B
                                                SHA-256:F010C7788DF09D9DA01310009B343709820CDCE69226567B2AE7780BCE7DECEC
                                                SHA-512:3C61CC03395022A2DA0C99DE8DD6D95FCD4D38204E4E65BF56ACC810BD08CABD33A3E53D912FE95562F443379D25F23D18C2BA873E26658B71C6D02C5EDECD99
                                                Malicious:false
                                                Preview:8..0;20..150;20..150;0..200;50..150;100..150;80..0;80..40;50

                                                C:\Program Files (x86)\PhotoFiltre\Selections\Arrow03.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):37
                                                Entropy (8bit):2.5355442370034194
                                                Encrypted:false
                                                SSDEEP:3:NQyFpigV/n:NNCCn
                                                MD5:5BE4AA0E079396ED5F6F4464EA2D1745
                                                SHA1:1C7D03B4A52D6159CDCC06911A57AEBE858B669E
                                                SHA-256:9324C10DA8C9BC8D64060672E32CDB39D4C08F5901CF7D7C0BFDBFB2872E6FDC
                                                SHA-512:63E672B875F17C98BF4E24CDDE0B0E4EA3EEBFD9C2F2E5D6972298C0C55BD1562C113394BEFA0A34A791159D7F8E6F0EDB90ABCACD4E5824DB61673C0A352A09
                                                Malicious:false
                                                Preview:5..0;0..150;0..200;50..150;100..0;100

                                                C:\Program Files (x86)\PhotoFiltre\Selections\Balloon01.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):54
                                                Entropy (8bit):2.5540615077937114
                                                Encrypted:false
                                                SSDEEP:3:hhsottgUV0UerLVU/n:hWoUrhUn
                                                MD5:2950DB631ED8D9E2C90961406E68F493
                                                SHA1:7C3C9F8C867C825476D3B05350F408D007BE0231
                                                SHA-256:5B0D45DD01E27FC0858AF89D50F214B4E43920965E17FCE8A732BA0FCA11CB96
                                                SHA-512:193789D02EB580CA4BB77C2F9F70986FA31BE1600290C4B53B5407ABBBABBDF38C8361C196C3035699EB62503247B6E1FB93495ED08BD6F5C7EF2FC5E58401B3
                                                Malicious:false
                                                Preview:7..0;0..200;0..200;100..100;100..10;150..30;100..0;100

                                                C:\Program Files (x86)\PhotoFiltre\Selections\Balloon02.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):54
                                                Entropy (8bit):2.543286077166607
                                                Encrypted:false
                                                SSDEEP:3:hhsottgUV06IgVV/n:hWoAgbn
                                                MD5:614E2DB079C6783CB161575F592148E3
                                                SHA1:F6AF70074919B18FFC7656A6307C73CDA5CF048C
                                                SHA-256:DCC528592BF47B930FECFAF8AA74E8EC226C8CAB6AAC06BC9C40D99D9CF2CB15
                                                SHA-512:897B69AFB82DFAA09F38DF990401D65C396AB7E369B95E4348076DDC737B85BA91695A0B3A49F68B4C33F7A067640507DD02FF2B1E5D95468BF4BA752F796DDC
                                                Malicious:false
                                                Preview:7..0;0..200;0..200;100..100;100..30;200..50;100..0;100

                                                C:\Program Files (x86)\PhotoFiltre\Selections\Cross.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):94
                                                Entropy (8bit):3.042299928255784
                                                Encrypted:false
                                                SSDEEP:3:OoveMUmv6Y6SEEQENNUvnHov6AM:OojrvV3EqNN2qM
                                                MD5:4D929D09A4ECDB7E4B6409C47C1C7521
                                                SHA1:427B7CD7A0ECF4C5469619A81D41DC72027E0324
                                                SHA-256:9A5E8C0EED04E0CA1E6B976992723B6921D151E91730507CE45A8A2BDE6EEF23
                                                SHA-512:5F2B3BA8ED99DB070F7C3A1499BD8017805CFD0C9E2043DE9C6E0F9F159D56FCA8E68B25DE54CEF6147D04C401307E226CE82D897B6DD48056C5FE5641763293
                                                Malicious:false
                                                Preview:12..0;70..0;115..70;115..70;185..120;185..120;115..185;115..185;70..120;70..120;0..70;0..70;70

                                                C:\Program Files (x86)\PhotoFiltre\Selections\Hexagon.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):47
                                                Entropy (8bit):2.9972096623502424
                                                Encrypted:false
                                                SSDEEP:3:h04vQ0Q0US03yVy:h0iP90CVy
                                                MD5:DC063872CDDCE91E6B76817EF0E2AF76
                                                SHA1:F7E25C97D3BA71D248B86697CB29A86A5392F8DA
                                                SHA-256:083261A0F65209A8972237C5DBD77CD7ED403828B755306CF0D51BF3D5D627B9
                                                SHA-512:906438E5D6DB2A36C29E99AAE919D88680759C0BFB0725AC4DF82A10510005589168ED49B1DA8E56D17413EFBF56A594F5CAED6A9FDAD83C361E7262B387AC7E
                                                Malicious:false
                                                Preview:6..50;0..0;80..50;160..140;160..190;80..140;0..

                                                C:\Program Files (x86)\PhotoFiltre\Selections\RightAngledTriangle.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):20
                                                Entropy (8bit):2.308694969562842
                                                Encrypted:false
                                                SSDEEP:3:EVJvotVKn:Svotsn
                                                MD5:068BA72D126171FEA84B681731C479C1
                                                SHA1:EB2577A06C5CCE41226E1705FB6591C3BA929502
                                                SHA-256:AFB382AF6B2CD1FC4936F1BAF857F1BA6FB4A82AD8F4FA5E244E0D9149E0E616
                                                SHA-512:00A791410CC252F4723AAA57D1A0D0F214FF03D287135B61564E39326C31758DACC1319DCAC9BBFEEDD7DDAB8AB770F2D0AE16C5CE9546BBA35F672952C8599B
                                                Malicious:false
                                                Preview:3..0;0..0;200..200;0

                                                C:\Program Files (x86)\PhotoFiltre\Selections\Star01.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):99
                                                Entropy (8bit):3.1462171853644616
                                                Encrypted:false
                                                SSDEEP:3:OovWUmv0LCxsBoMyUmuUfvNNEqVo7TGyn:Oo80LAshydLEn7Tnn
                                                MD5:6766D10864B19B9CD18742682434FA73
                                                SHA1:546FD6CA0454E75A04110172F3F0E773661C74FA
                                                SHA-256:7604F989AA0EB891A309819F1C72DE765F9F9EBC5D954B9217C594E2A7B6D95F
                                                SHA-512:F01526E168B448D5E020C1FB631861B525DCE39BC6EB33C69450BCFC053DB626A6AC37B3688EC163E7308166D85D3C7903CB6DB90F646B4E3D3035D9DA78DE50
                                                Malicious:false
                                                Preview:12..0;60..35;115..0;170..70;170..105;230..140;170..210;170..175;115..210;60..140;60..105;0..70;60..

                                                C:\Program Files (x86)\PhotoFiltre\Selections\Star02.pfs

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):83
                                                Entropy (8bit):3.217598813781081
                                                Encrypted:false
                                                SSDEEP:3:MoTVytcXfSNPVCyMLENQovEovMXsRfoUQeJVov:MoZam6W1O9coEgfoUgv
                                                MD5:B607F9C5911DF1C861795DBC733C7761
                                                SHA1:13E274EBC416C1AB3E5A0E8ACCBE48D49DE00798
                                                SHA-256:6020F336B1ADB75641B9CAFB79545B58CD01C1BAFDD71607FFE8715A9A67B3B0
                                                SHA-512:1EBA9DC743820D6D6598ABAE0F54667C8D849C22FC004C40EE4022F09B24CE3D1B7677B97CDD939B739C8C7671B80E2F451CCEA9266D71959FDCA1EA14F6E8EB
                                                Malicious:false
                                                Preview:10..170;195..150;120..210;75..130;75..105;0..80;75..0;75..65;120..40;195..105;150..

                                                C:\Program Files (x86)\PhotoFiltre\TranslationEN.plg

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):97792
                                                Entropy (8bit):6.143261391237109
                                                Encrypted:false
                                                SSDEEP:1536:bCqMzsn98t4a/iMhHVvcYMeLfF0bcVSHCmD9JKPOFWBfk1LiNXKib/i:Gzdt4aaMxlcYMoqsUD9JwOFWpk1CXva
                                                MD5:D391ED200B86FB3455854E7CD00C3F8A
                                                SHA1:5B5DC28C9EEFA295A34812E7F2B4F0A8ACDD60D8
                                                SHA-256:44C22916472D7D6858529CAEA34CE3B3741A5E5FCF16AB6EB1F13280D25503A5
                                                SHA-512:E6CE9E8C2B6F0818288FD5118AD30D68079BC9ED89073BE0FCC16D558808F862C6404C021ED5AF87E44FF88CA3664A2D1867B6D03E68871E4EB76F9E4B1CA519
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 4%
                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................~....................@..................................................................@...O...0..................................`...................................................................................CODE.... ........................... ..`DATA................................@...BSS.....M.... ...........................idata.......0......................@....edata...O...@...P..................@..P.reloc..`............\..............@..P.rsrc................n..............@..P.....................~..............@..P................................................................................................................................................................................

                                                C:\Program Files (x86)\PhotoFiltre\Uninst.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Category:dropped
                                                Size (bytes):85657
                                                Entropy (8bit):7.256905241640158
                                                Encrypted:false
                                                SSDEEP:1536:BLXB65939tY6HBg4sXJPXxkJ2/QrLWUV8kkcsI:BLk395hYXJYKQriUVVh
                                                MD5:3C322338017F881919A8437A583D8E2A
                                                SHA1:100826FED399B2B5B3A3C9C795A7B20264017F2D
                                                SHA-256:0BAF87B037446E4E42B1CB827D2C62D2C041804CFD09FEC34DE70D1867F50F73
                                                SHA-512:1ECD685F2C2CB2E2CB611065F17010F8D0E03E011BACB3FDA545A2CE7B5CA72AD61D880DC880960DEE5E83EA49EAAA7F91B75A7476A7A9F8D21ECB18A3EAA0DA
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L.....*J.................Z...........0.......p....@..........................................................................s.......................................................................................p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...x............p..............@....ndata.......@...........................rsrc................t..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):248664
                                                Entropy (8bit):6.729739251342463
                                                Encrypted:false
                                                SSDEEP:3072:L9Sc/cBP7ZyFQyNGhwPjVr88LkkPl5qcV21BSA5mffoL6xB3UCWT4zeNpdrhUu5g:L9+B9AHKyjVrTLkkP7qcXvxZzchm
                                                MD5:8F9B5F4F87207BE1CF810DDC95124F92
                                                SHA1:F5CEC54C9AAC59167BA95EC8077438BE381FBA3D
                                                SHA-256:4501E3F8F41966D403E76D3B1D04525098F0B6D41B65741A8351F3B0D3E4397E
                                                SHA-512:DAC421D8132E474DDFC9BA5954928B40D952AF17C4C2085C30F5F3DC631962C2F05DB52CB487371108B6B61E6FBC0A82D68CED48E9075A1FBC5A214D5D201097
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 18%
                                                Joe Sandbox View:
                                                • Filename: 7zip.exe, Detection: malicious, Browse
                                                • Filename: DPSetup.exe, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......eT..!5..!5..!5..?g?.%5..(M..95..(M?..5..(M8..5......05..!5...5..(M1.&5..?g/. 5..(M*. 5..Rich!5..........................PE..L...$W.K............................f........0....@.......................................@.............................................<...............X...........P2...............................k..@............0...............................text............................... ..`.rdata..:h...0...j..................@..@.data....7..........................@....rsrc...<...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\InstallOptions.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):14848
                                                Entropy (8bit):5.550073716458996
                                                Encrypted:false
                                                SSDEEP:192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
                                                MD5:0DC0CC7A6D9DB685BF05A7E5F3EA4781
                                                SHA1:5D8B6268EEEC9D8D904BC9D988A4B588B392213F
                                                SHA-256:8E287326F1CDD5EF2DCD7A72537C68CBE4299CEB1F820707C5820F3AA6D8206C
                                                SHA-512:814DD17EBB434F4A3356F716C783AB7F569F9EE34CE5274FA50392526925F044798F8006198AC7AFE3D1C2CA83A2CA8C472CA53FEC5F12BBFBBE0707ABACD6B0
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: , Detection: malicious, Browse
                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                • Filename: RangerForCanonCR135iCR190i-4.6.4.1-1.8.0.1.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.W32.AIDetect.malware2.2661.exe, Detection: malicious, Browse
                                                • Filename: lPowYwPvuQ.exe, Detection: malicious, Browse
                                                • Filename: 8Rc1CnrlKH.exe, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.p..q.,.q.,.q.,.q.,@q.,.~C,.q.,\R.,.q.,\R/,.q.,.w.,.q.,.Q.,.q.,Rich.q.,........................PE..L.....*J...........!.........<.......).......0.......................................................................8..p...81.......p..........................@....................................................0..8............................text...@........................... ..`.rdata.......0....... ..............@..@.data... (...@.......*..............@....rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\StartMenu.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):7680
                                                Entropy (8bit):4.5778941117632055
                                                Encrypted:false
                                                SSDEEP:96:IiqA7bDe2xHkR1C41EhvSE+6nNtMn0iGd8CqRLqtJ1trRhElfL:IiqA7/ZH0uQMtcfCqo/tdgf
                                                MD5:4E96F412A8CC653053D5D918DF6B0836
                                                SHA1:A3C7D59043FEECB1603874B27C23D4166B341F2D
                                                SHA-256:E4A54BFC327986A89165BDEF361069810AAA985C3ABECD442C786725FABAF977
                                                SHA-512:2FEC61B4AD31250BDBDBBFD551D831801790B96902C67200661E8F4F2753378BBF6C0C88B12E1BE9173A29597827C1C4809511B6D52666DC3324BD7031C8229D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I.&.(.u.(.u.(.u.(.u.(.u<'.u.(.u...u.(.u8..u.(.u...u.(.uRich.(.u........PE..L.....*J...........!........."............... ...............................p.......................................$..e.... ..x....P..(....................`..p.................................................... ...............................text...p........................... ..`.rdata..E.... ......................@..@.data........0......................@....rsrc...(....P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\ioSpecial.ini

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:Generic INItialization configuration [Field 1]
                                                Category:dropped
                                                Size (bytes):663
                                                Entropy (8bit):5.327926438747832
                                                Encrypted:false
                                                SSDEEP:12:lOHf9VTsAgQRvAYfhEhh4gNhB5xKfqp4gNg5Al8s3Nbev5OFgNCzq:WTdRvAYfhEhh1Voa1S5A1hO5OqIzq
                                                MD5:A1188153329B9BD408FCC1921B17BE21
                                                SHA1:DE04E2C10BB500CA7D99FEC9C90981AB3E6F03C2
                                                SHA-256:623F25E96F51AC8EB948D6BA8CF27E10BAC53F59B1022B851618932DC56B4D35
                                                SHA-512:3D23B7A9ADF1AB1133C78F64AB7F8721598BEFE27A2ED3DF3DF88FFB9C1FBDE147A4ECAC9934EB671430157DD0B063D8A39616CC9ABFCA04C863426CA39A4FC3
                                                Malicious:false
                                                Preview:[Settings]..Rect=1044..NumFields=4..RTL=0..NextButtonText=&Finish..CancelEnabled=..State=0..[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..Text=C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\modern-wizard.bmp..HWND=263254..[Field 2]..Type=label..Left=120..Right=315..Top=10..Text=Completing the PhotoFiltre Setup Wizard..Bottom=38..HWND=393890..[Field 3]..Type=label..Left=120..Right=315..Top=45..Bottom=85..Text=PhotoFiltre has been installed on your computer.\r\n\r\nClick Finish to close this wizard...HWND=459550..[Field 4]..Type=CheckBox..Text=&Run PhotoFiltre..Left=120..Right=315..Top=90..Bottom=100..State=1..HWND=328352..

                                                C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\modern-wizard.bmp

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154488, resolution 2834 x 2834 px/m, cbSize 154542, bits offset 54
                                                Category:dropped
                                                Size (bytes):154542
                                                Entropy (8bit):5.31288276928635
                                                Encrypted:false
                                                SSDEEP:1536:j33KuHyaV+HkEOlvjiTKfzoVzyOe3ZyCq7Ny3BbLg:j3vyXUoKqylpoQG
                                                MD5:BA85017593F85BCFE2C6E8881169952C
                                                SHA1:B40087A92C7D7802561CF717EE13F8C29430AAC8
                                                SHA-256:C5F344EF5CBB39E358A9FE9DC5BDA0D1C0A005524FE8EFD30FA4B7BEAF339F97
                                                SHA-512:98D8167DB2ACF33ED275BD430A305F5F25F1C5D9B05DAF636685B9B51C8CA8C7B89D6C965E3AFC0F9F8FB670B40E057DDED1983FF2582E49FD772B125669F74D
                                                Malicious:false
                                                Preview:BM.[......6...(.......:...........x[..................DHLJJQJIKDHLDHLDJQ=HK=HKJPM-;B................................. .$SZbJRZ<BSCCQHEQCCICCQ=BICCICCQCCICCICCIB>JCCICCICCICCI=BI=BIBBD;;C;;C;;C;;C;;C;;C;;C;;C;;C;;C5AD5AD;;C;;C5AD5AD;;C;;C;;C;;C;;C;;C;;C=AD;;C=AD;;C=BI=AD;;C=BI=BI=BI=BI=BI=BI=BI=BI=BI=BI=BI=BI=BI=BI=BICCI=BIB>TCCI;;CCCIB>JCCIB>JB>J;;C;;CB>JB>J;;CCCICCICCI=BICCICCICCQCCICCQCCICCQCCICCICCICCICCICCICCI=BICCI;;CBBD;;C;;C;;C;;C;;C;;C957957957957957957957=AD=ADV`]Z[b .$................................ 3HXJXdDJQJIKRKKJIKJIKJIKJIKJIKJIKJJQJIKDJQCCIDHL=HK=HKDPS-;B....................................SSbJRZ;;CCCQIEKCCICCICCICCICCICCQCCICCICCI=BI=BIB>J=BI;;C;;C;;C;;C=AD;;C;;C;;C;;C5AD;;C;;C5AD;;C;;C;;C;;C5AD;;C;;C;;C;;C;;C;;C;;C;;C=AD;;C=AD;;C=AD;;C=AD=AD=BI=AD=AD=BI=BI=BI=BI=BI=ADCCI=BIBBD=BICCI=BI=BICCICCICCICCI=BICCI=BI=BICCIB>JCCI=BIB>JCCI=ADCCI=BICCICCICCICCICCICCICCICCICCICCICCICCIBBD;;C=AD=AD;;C;;C;;C;;C;;C957;;C>@=957957957957957957957;;C=ADZ[bZ[b .$.........................

                                                C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\nsDialogs.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):9728
                                                Entropy (8bit):5.053567809320424
                                                Encrypted:false
                                                SSDEEP:96:EBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4MndY7ndS27gA:E6n+0SAfRE+/8ZYxldqn420
                                                MD5:AB73C0C2A23F913EABDC4CB24B75CBAD
                                                SHA1:6569D2863D54C88DCF57C843FC310F6D9571A41E
                                                SHA-256:3D0060C5C9400A487DBEFE4AC132DD96B07D3A4BA3BADAB46A7410A667C93457
                                                SHA-512:99D287B5152944F64EDC7CE8F3EBCD294699E54A5B42AC7A88E27DFF8A68278A5429F4D299802EE7DDBE290F1E3B6A372A5F3BB4ECB1A3C32E384BCA3CCDB2B8
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L.....*J...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoFiltre Information.lnk

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Nov 12 08:41:08 2009, mtime=Mon Nov 25 09:33:16 2024, atime=Thu Nov 12 08:41:08 2009, length=31567, window=hide
                                                Category:dropped
                                                Size (bytes):1152
                                                Entropy (8bit):4.5485523118149915
                                                Encrypted:false
                                                SSDEEP:24:8mPPZOE7udOEcA70FG5QAeOjwdzdO/oUUEnqyFm:8m3ZB7udOO70GeVdzdO/9cyF
                                                MD5:6B1282F1057F46FDC6C7CA344EF589EB
                                                SHA1:957F7BEC114072E006EFEAE520FE249778C801C5
                                                SHA-256:5B1B52AD1B68F17C08B27F017AE0DABEA23A2BE7E2DFABD458684BBDD2ADBD3E
                                                SHA-512:1E739F5825EB47BD64E58EA5C5CCE99357D906381A2FC5DEB3297AA8B5319BE0A6A14B66B8A40062B981B4C7F613DE9E3D966379921492BFDAB246C3D46C16F7
                                                Malicious:false
                                                Preview:L..................F.... ......B|c..2S[p%?.....B|c..O{...........................P.O. .:i.....+00.../C:\.....................1.....yY)T..PROGRA~2.........O.IyY)T....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....`.1.....yY+T..PHOTOF~1..H......yY)TyY,T...........................V..P.h.o.t.o.F.i.l.t.r.e.....l.2.O{..l;$M .PHOTOF~1.HTM..P......l;$MyY)T.............................P.h.o.t.o.F.i.l.t.r.e...h.t.m.......a...............-.......`...........l.......C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.htm..J.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.\.P.h.o.t.o.F.i.l.t.r.e...h.t.m.".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.........*................@Z|...K.J.........`.......X.......045012...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoFiltre.lnk

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Jun 29 12:47:42 2010, mtime=Mon Nov 25 09:33:16 2024, atime=Tue Jun 29 12:47:42 2010, length=2823168, window=hide
                                                Category:dropped
                                                Size (bytes):1152
                                                Entropy (8bit):4.56994234912584
                                                Encrypted:false
                                                SSDEEP:24:8mMb/eQOE7udOE95ADPLQ40zqQAeOjLdKxdO/oUUEPqyFm:8memQB7udOe+3HteKdKxdO/9kyF
                                                MD5:8250DF19BF6D197289E78AE595117C36
                                                SHA1:38A66AE2C0EEE07D6EB09F39D5D32A3183B83AC1
                                                SHA-256:40FA02297B6F68F714FFAFEF13441B409C7E1427EDB2ACD7624FD1B4B680A06B
                                                SHA-512:BA4C398202485D001557D812029CAEFCCC346688F744A5836E4CC50CC861968D7F841BDC02E6177008A5D4E786C3AA6A82329F2B7C3F2BC9CB6B684C549EAABC
                                                Malicious:false
                                                Preview:L..................F.... .....;.......Ep%?....;.......+..........................P.O. .:i.....+00.../C:\.....................1.....yY)T..PROGRA~2.........O.IyY)T....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....`.1.....yY*T..PHOTOF~1..H......yY)TyY*T............................S.P.h.o.t.o.F.i.l.t.r.e.....l.2...+..<.m .PHOTOF~1.EXE..P.......<.myY)T.............................P.h.o.t.o.F.i.l.t.r.e...e.x.e.......a...............-.......`...........l.......C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe..J.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.\.P.h.o.t.o.F.i.l.t.r.e...e.x.e.".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.........*................@Z|...K.J.........`.......X.......045012...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoMasque Information.lnk

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 1 17:09:48 2006, mtime=Mon Nov 25 09:33:16 2024, atime=Sun Oct 1 17:09:48 2006, length=7270, window=hide
                                                Category:dropped
                                                Size (bytes):1152
                                                Entropy (8bit):4.580455017884987
                                                Encrypted:false
                                                SSDEEP:24:8mc/nOE7udOEcA70dOugqQAeOYdVdO/oUUE/qyFm:8mc/B7udOO70dOuLeFdVdO/90yF
                                                MD5:E27BF14F0647B30A5F7311716ADBEAAD
                                                SHA1:41ACFBB2EA07AC61FE0DD36A6134D776A29DD887
                                                SHA-256:6D0101FF7706F4CB34A69185DB95AC50CDDEE31416A81DBC16C28816DFF67536
                                                SHA-512:1A8C260CFA82FB224331C55988C884DF0E3A99A7502C855C2ACE6EA5ED0AE4780A18810DF42CB4669A175C5FC2AB189593430832EA66B4EF9A87EA7C1A108524
                                                Malicious:false
                                                Preview:L..................F.... ............dp%?.........f............................P.O. .:i.....+00.../C:\.....................1.....yY)T..PROGRA~2.........O.IyY)T....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....`.1.....yY+T..PHOTOF~1..H......yY)TyY,T...........................V..P.h.o.t.o.F.i.l.t.r.e.....l.2.f...A58. .PHOTOM~1.HTM..P......A58.yY)T.............................P.h.o.t.o.M.a.s.q.u.e...h.t.m.......a...............-.......`...........l.......C:\Program Files (x86)\PhotoFiltre\PhotoMasque.htm..J.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.\.P.h.o.t.o.M.a.s.q.u.e...h.t.m.".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.........*................@Z|...K.J.........`.......X.......045012...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\Uninstall PhotoFiltre.lnk

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Nov 25 09:33:21 2024, mtime=Mon Nov 25 09:33:22 2024, atime=Mon Nov 25 09:33:22 2024, length=85657, window=hide
                                                Category:dropped
                                                Size (bytes):1125
                                                Entropy (8bit):4.607327548638951
                                                Encrypted:false
                                                SSDEEP:24:8mbxOE7udOEcA70kiwD4xh+AjOQ4dfhVxdO/oUUE3qyFm:8mdB7udOO70y4xhFjf4dfhVxdO/9MyF
                                                MD5:CF36F8FA644BBBFD599B12CD3095B627
                                                SHA1:5D616C0DAEB2DA3DD45461BCB544243ED10DFFD1
                                                SHA-256:3606B4F5FD18D7008008F5C22E3790FE5392D1883953179DCE06425C7FDE31C8
                                                SHA-512:389CCE22B4526A53BDB6DC4B09246AD4CD27601A2977CD96966FBF75C5D0C98580E79371A82F0B04BD84207859D7A6C6BDAD3C81CBD8BF668D2D1DB9729C8A56
                                                Malicious:false
                                                Preview:L..................F.... .....bs%?...Vis%?...Vis%?...N...........................P.O. .:i.....+00.../C:\.....................1.....yY)T..PROGRA~2.........O.IyY)T....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....`.1.....yY+T..PHOTOF~1..H......yY)TyY,T...........................V..P.h.o.t.o.F.i.l.t.r.e.....`.2..N..yY,T .Uninst.exe..F......yY+TyY,T....j......................[..U.n.i.n.s.t...e.x.e.......\...............-.......[...........l.......C:\Program Files (x86)\PhotoFiltre\Uninst.exe..E.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.\.U.n.i.n.s.t...e.x.e.".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.........*................@Z|...K.J.........`.......X.......045012...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.

                                                C:\Users\user\Desktop\PhotoFiltre.lnk

                                                Download File
                                                Process:C:\Users\user\Desktop\pf-setup-en.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Jun 29 12:47:42 2010, mtime=Mon Nov 25 09:33:22 2024, atime=Tue Jun 29 12:47:42 2010, length=2823168, window=hide
                                                Category:dropped
                                                Size (bytes):1116
                                                Entropy (8bit):4.601984419483323
                                                Encrypted:false
                                                SSDEEP:24:8mMoQOE7udOEcA70Q40zqQAeOjpdKxdO/oUUEPqyFm:8mtQB7udOO70HteodKxdO/9kyF
                                                MD5:F882AC721169D66C9D81089B3F50E828
                                                SHA1:DC117D4DFC55DF4D9CA8EDDA4D98EF1953A4B59B
                                                SHA-256:55338AC7D75CA250D7DBB939DEA406CB633F7A993FEC30D2D9AA42A3CDBE43D5
                                                SHA-512:AE252C9971C2CBD2A135F39800965890D185EAFB335DF2BF9E0F882B007FDFFC1C0001EC6C1308298E55E34651761D22F1A11D3CAABEE37D72556677219F7690
                                                Malicious:false
                                                Preview:L..................F.... .....;.......ns%?....;.......+..........................P.O. .:i.....+00.../C:\.....................1.....yY)T..PROGRA~2.........O.IyY)T....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....`.1.....yY+T..PHOTOF~1..H......yY)TyY,T...........................V..P.h.o.t.o.F.i.l.t.r.e.....l.2...+..<.m .PHOTOF~1.EXE..P.......<.myY)T.............................P.h.o.t.o.F.i.l.t.r.e...e.x.e.......a...............-.......`...........l.......C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe..8.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.\.P.h.o.t.o.F.i.l.t.r.e...e.x.e.".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.h.o.t.o.F.i.l.t.r.e.........*................@Z|...K.J.........`.......X.......045012...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Entropy (8bit):7.998618173512719
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 92.16%
                                                • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:pf-setup-en.exe
                                                File size:4'118'294 bytes
                                                MD5:a00d7a76edf06b1b0376c49a429c61fc
                                                SHA1:2f8608b7760be958200e77631cb777a66d479d21
                                                SHA256:d3ef92dff42514142428c4e20012bb399a38a415abfe6f4ddc18f91ed16b2a12
                                                SHA512:690128e5864eb5067ab65b52897be787b5fc2782c7dd414efbce1ce5fa63777a03e9c64c25f2a4c3c88336323b34161080328fb82bbbf30c5d39fa37c6fcc44d
                                                SSDEEP:98304:U3y6W5hisw0I6TAipUtX3QwcSQbc2XGN7miK6bbe:0y1gkI66J2WHfe
                                                TLSH:001633E907488E7AEFCC49707427C9B101A3293D63154E1B53A3BF4C09E779BB72685A
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L.....*J.................Z.........

                                                File Icon

                                                Icon Hash:41e0f0f8fefefe41

                                                Static PE Info

                                                General

                                                Entrypoint:0x4030cb
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                Time Stamp:0x4A2AE29C [Sat Jun 6 21:41:48 2009 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:7fa974366048f9c551ef45714595665e

                                                Entrypoint Preview

                                                Instruction
                                                sub esp, 00000180h
                                                push ebx
                                                push ebp
                                                push esi
                                                xor ebx, ebx
                                                push edi
                                                mov dword ptr [esp+18h], ebx
                                                mov dword ptr [esp+10h], 00409160h
                                                xor esi, esi
                                                mov byte ptr [esp+14h], 00000020h
                                                call dword ptr [00407030h]
                                                push 00008001h
                                                call dword ptr [004070B0h]
                                                push ebx
                                                call dword ptr [0040727Ch]
                                                push 00000008h
                                                mov dword ptr [00423F38h], eax
                                                call 00007F4EA0C128C6h
                                                mov dword ptr [00423E84h], eax
                                                push ebx
                                                lea eax, dword ptr [esp+34h]
                                                push 00000160h
                                                push eax
                                                push ebx
                                                push 0041F430h
                                                call dword ptr [00407158h]
                                                push 00409154h
                                                push 00423680h
                                                call 00007F4EA0C12579h
                                                call dword ptr [004070ACh]
                                                mov edi, 00429000h
                                                push eax
                                                push edi
                                                call 00007F4EA0C12567h
                                                push ebx
                                                call dword ptr [0040710Ch]
                                                cmp byte ptr [00429000h], 00000022h
                                                mov dword ptr [00423E80h], eax
                                                mov eax, edi
                                                jne 00007F4EA0C0FCDCh
                                                mov byte ptr [esp+14h], 00000022h
                                                mov eax, 00429001h
                                                push dword ptr [esp+14h]
                                                push eax
                                                call 00007F4EA0C1205Ah
                                                push eax
                                                call dword ptr [0040721Ch]
                                                mov dword ptr [esp+1Ch], eax
                                                jmp 00007F4EA0C0FD35h
                                                cmp cl, 00000020h
                                                jne 00007F4EA0C0FCD8h
                                                inc eax
                                                cmp byte ptr [eax], 00000020h
                                                je 00007F4EA0C0FCCCh
                                                cmp byte ptr [eax], 00000022h
                                                mov byte ptr [eax+eax+00h], 00000000h

                                                Rich Headers

                                                Programming Language:
                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000xaf80.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x58d20x5a00c69726ed422d3dcfdec9731986daa752False0.665234375data6.4331003482809646IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x70000x11900x1200a2c7710fa66fcbb43c7ef0ab9eea5e9aFalse0.4453125data5.179763757809345IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x90000x1af780x400e59cdcb732e4bfbc84cc61dd68354f78False0.55078125data4.617802320695973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .ndata0x240000xc0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x300000xaf800xb000e4c6fdb30dbd2bb147fb4480ce9a8de7False0.8151633522727273data7.407771883068749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x302b00x7614PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9739645361916104
                                                RT_ICON0x378c80x1ca8Device independent bitmap graphic, 48 x 96 x 24, image size 0EnglishUnited States0.46469465648854963
                                                RT_ICON0x395700xca8Device independent bitmap graphic, 32 x 64 x 24, image size 0EnglishUnited States0.6175925925925926
                                                RT_ICON0x3a2180x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.46099290780141844
                                                RT_DIALOG0x3a6800x120dataEnglishUnited States0.5138888888888888
                                                RT_DIALOG0x3a7a00x202dataEnglishUnited States0.4085603112840467
                                                RT_DIALOG0x3a9a80xf8dataEnglishUnited States0.6290322580645161
                                                RT_DIALOG0x3aaa00xa0dataEnglishUnited States0.60625
                                                RT_DIALOG0x3ab400xf4dataEnglishUnited States0.5450819672131147
                                                RT_DIALOG0x3ac380xeedataEnglishUnited States0.6260504201680672
                                                RT_GROUP_ICON0x3ad280x3edataEnglishUnited States0.8548387096774194
                                                RT_MANIFEST0x3ad680x215XML 1.0 document, ASCII text, with very long lines (533), with no line terminatorsEnglishUnited States0.575984990619137

                                                Imports

                                                DLLImport
                                                KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
                                                USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishUnited States

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2024-11-25T11:32:57.227732+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44973034.117.224.11280TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 25, 2024 11:32:55.918286085 CET4973080192.168.2.434.117.224.112
                                                Nov 25, 2024 11:32:56.037883997 CET804973034.117.224.112192.168.2.4
                                                Nov 25, 2024 11:32:56.038130999 CET4973080192.168.2.434.117.224.112
                                                Nov 25, 2024 11:32:56.038487911 CET4973080192.168.2.434.117.224.112
                                                Nov 25, 2024 11:32:56.158221006 CET804973034.117.224.112192.168.2.4
                                                Nov 25, 2024 11:32:57.227586985 CET804973034.117.224.112192.168.2.4
                                                Nov 25, 2024 11:32:57.227731943 CET4973080192.168.2.434.117.224.112
                                                Nov 25, 2024 11:32:57.298656940 CET4973080192.168.2.434.117.224.112

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 25, 2024 11:32:55.357311964 CET6222553192.168.2.41.1.1.1
                                                Nov 25, 2024 11:32:55.566097021 CET53622251.1.1.1192.168.2.4
                                                Nov 25, 2024 11:32:55.579159021 CET5146253192.168.2.41.1.1.1
                                                Nov 25, 2024 11:32:55.912395954 CET53514621.1.1.1192.168.2.4

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Nov 25, 2024 11:32:55.357311964 CET192.168.2.41.1.1.10x36bStandard query (0)websearch.ask.comA (IP address)IN (0x0001)false
                                                Nov 25, 2024 11:32:55.579159021 CET192.168.2.41.1.1.10x962eStandard query (0)img.apnanalytics.comA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Nov 25, 2024 11:32:55.566097021 CET1.1.1.1192.168.2.40x36bName error (3)websearch.ask.comnonenoneA (IP address)IN (0x0001)false
                                                Nov 25, 2024 11:32:55.912395954 CET1.1.1.1192.168.2.40x962eNo error (0)img.apnanalytics.com34.117.224.112A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • img.apnanalytics.com

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.44973034.117.224.112807304C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe
                                                TimestampBytes transferredDirectionData
                                                Nov 25, 2024 11:32:56.038487911 CET146OUTGET /images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid= HTTP/1.1
                                                User-Agent: AskInstallChecker
                                                Host: img.apnanalytics.com
                                                Nov 25, 2024 11:32:57.227586985 CET340INHTTP/1.1 200 OK
                                                Date: Mon, 25 Nov 2024 10:32:57 GMT
                                                Server: Apache
                                                Last-Modified: Wed, 10 Feb 2010 18:26:16 GMT
                                                ETag: "2e-47f432b7d2200"
                                                Accept-Ranges: bytes
                                                Content-Length: 46
                                                Cache-Control: max-age=0
                                                Expires: Mon, 25 Nov 2024 10:32:57 GMT
                                                Content-Type: image/gif
                                                Via: 1.1 google
                                                Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 40 02 02 44 01 00 3b 69 66 0d
                                                Data Ascii: GIF89a!,@D;if


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:05:32:53
                                                Start date:25/11/2024
                                                Path:C:\Users\user\Desktop\pf-setup-en.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\pf-setup-en.exe"
                                                Imagebase:0x400000
                                                File size:4'118'294 bytes
                                                MD5 hash:A00D7A76EDF06B1B0376C49A429C61FC
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:1
                                                Start time:05:32:54
                                                Start date:25/11/2024
                                                Path:C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe" PTF
                                                Imagebase:0x5c0000
                                                File size:248'664 bytes
                                                MD5 hash:8F9B5F4F87207BE1CF810DDC95124F92
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 18%, ReversingLabs
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:6
                                                Start time:05:33:24
                                                Start date:25/11/2024
                                                Path:C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe"
                                                Imagebase:0x400000
                                                File size:2'823'168 bytes
                                                MD5 hash:F549FEA1507C1FE8788E13AE1888C4FC
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:Borland Delphi
                                                Yara matches:
                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe, Author: Joe Security
                                                Antivirus matches:
                                                • Detection: 0%, ReversingLabs
                                                Reputation:low
                                                Has exited:false

                                                Disassembly

                                                No disassembly