Windows Analysis Report
WinMerge-2.16.42.1-x64-Setup.exe

Overview

General Information

Sample name: WinMerge-2.16.42.1-x64-Setup.exe
Analysis ID: 1541098
MD5: 694814dfeb6bc886adc91431fa3710f8
SHA1: d4eed6294c367837aa5ad810a79dd807ed2178b5
SHA256: 5771f2a0553f53684b0e74161ed8749c4dda270f166edac253982366aee39bd3
Infos:

Detection

Score: 15
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample file is different than original file name gathered from version info
Sigma detected: Classes Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-2Q494.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-AB4CR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-49D4M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages\is-CS9M3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages\is-96KGB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-10V3S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-JU2MR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-H85BR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-8JE44.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-JVB9Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-VGS3E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-6RILS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-8AOD8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-3Q5AC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-E8V58.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UD6PT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IRL8E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FHELA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8EBB0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RBN1M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KH76E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-K5BUD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-JDFNF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MG6R1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MENC1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P32TC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-DO11C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-01LNJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-N0RHV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQOE0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GIFJG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SPDD7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9JS4V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TEEG1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3UTCI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1OFLI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EUQ5Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GA276.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RKJVB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PU4EF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VJL97.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4K9R7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PKQIJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9F7PJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A4HNU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-S8INT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SCC10.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9UNSO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EDUEO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-E9VD0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5ICPD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3731M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7LQUD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UV5E7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FK0UG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-C4LM4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UFTBK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-07BJA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-ET271.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-718BR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4MOF6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2O7O2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4DLTP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L0DOI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4A1LQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-6KSS7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FD31F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3T0M2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-J1N08.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3DP3G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-J984S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-27I22.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-46539.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-6PJLL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FJHEN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CLMUB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PTD7L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HNAUF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FAEPP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GIMGK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VTBA3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-392DM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-T09KQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-70O2M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-0IRRC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8O0N0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HER2G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-JRH28.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EE207.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IHDI8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q81PM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SBJ13.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-33DHC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LCFR4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TJO52.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQPKU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TI0RK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-79BHC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9AA3C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CPONI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GUMVN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FOVOP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1SB7D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P6A6M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TK9IC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-AU4P3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-FNCNS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-42S43.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-LOMSC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-6N9U1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-FNJFI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-9EULG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-N77QE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-A1JNB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-KMDT6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-GGI4M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-BVLTA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-T4POQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-F6A3H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-8UKVC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-AQH9Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-IO4Q6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-PBBPB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-RSHNB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-PI6OJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-PGCN6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-C129A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-BMD2A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-QH5MF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-56MFI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-ASUI9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-6EJQ2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-ML646.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-78I73.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-SU96U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-MC8SA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-TNEMF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-M0P5H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-EQOE1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-3QJAR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-U9QM3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-A9BMJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-4O62B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-49CBC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-UOVVP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\is-2MFA1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\is-935IJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-PUD7L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-93L49.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-4ACJK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-DIQ1I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-F7TDG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-2MN8C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-O2DB3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-S9C5V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-200EI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-HUG4Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-CCQC7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-U20AJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-PH40M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-QSS6A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-ANPMO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-3RCE5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-BBDTH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-4KGDL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-O9CED.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-8FE3E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-PRA2U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-0P0FI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-1GCQU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-880H6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin\is-0GOII.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-MK4KP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-NUC84.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-K0II3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-97RI7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-RFVQ3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs\is-HQH5N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1\is-D4SL0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3\is-E25BL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7\is-9M5G8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-2TL7E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-VSMSJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-J16CJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq\is-FJVRV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq\is-E7351.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-PKEVK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-BHR6Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-OJLM1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-NQKQ9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-0IU8S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-6OQG1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-OQGB5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-6NH6U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-QBVN2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-6G321.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-DS1S3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-DOAEN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-N05SV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-C59QH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-DIATK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-RBRPC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-TPH1A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\dumpbin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\dumpbin\is-F97RA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\ildasm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\ildasm\is-4B0OG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-NN7IM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-1L4US.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-P08A3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\is-CPJ9E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\unins000.msg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMerge_is1 Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: certificate valid
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreCommentsC.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-4O62B.tmp.1.dr
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: is-ANPMO.tmp.1.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb! source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: f: \.pdb$ ## VC program database file (debugging symbolic information) source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-BVLTA.tmp.1.dr, is-LOMSC.tmp.1.dr, is-KMDT6.tmp.1.dr
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdbGCTL source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\dev\winmerge\Build\x64\Release\WinMergeContextMenu.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-8JE44.tmp.1.dr
Source: Binary string: E:\dev\winmerge\Build\x64\Release\Merge7z\Merge7z.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-VGS3E.tmp.1.dr
Source: Binary string: C:\dev\WinMerge\winmerge-3pane\stable\Plugins\WinMerge32BitPluginProxy\Release\WinMerge32BitPluginProxy.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000000.1928542746.00000000005C3000.00000002.00000001.01000000.00000009.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreColumns.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsTab.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-UOVVP.tmp.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: is-ANPMO.tmp.1.dr
Source: Binary string: E:\dev\winmerge\Externals\winimerge\Build\x64\Release\WinIMerge\WinIMergeLib.pdb source: is-QSS6A.tmp.1.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsComma.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-49CBC.tmp.1.dr
Source: WinMergeU.exe, 00000009.00000000.1960515008.00007FF64B5DE000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: http://192.168.1.101:3703/soap/WinMerge/Program%20Icons/Splash%20and%20About/concept.psd
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-DIQ1I.tmp.1.dr String found in binary or memory: http://bonedaddy.net/pabs3/files/frhed/
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://counter-strike.com.ua/
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0X
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://dev.w3.org/html5/markup/
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://dev.w3.org/html5/spec-author-view
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://dev.w3.org/html5/spec-author-view/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-2MN8C.tmp.1.dr, is-S9C5V.tmp.1.dr, is-200EI.tmp.1.dr String found in binary or memory: http://frhed.sourceforge.net/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://frhed.sourceforge.net/Docs
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://frhed.sourceforge.netN
Source: is-MK4KP.tmp.1.dr String found in binary or memory: http://fsf.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://google.github.io/googletest/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.c2i.net/freewaretips/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g20
Source: is-4KGDL.tmp.1.dr String found in binary or memory: http://opensource.org/licenses/MIT
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-UOVVP.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-QSS6A.tmp.1.dr, is-VGS3E.tmp.1.dr String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-S9C5V.tmp.1.dr String found in binary or memory: http://sourceforge.net/tracker/?
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-2MN8C.tmp.1.dr, is-200EI.tmp.1.dr String found in binary or memory: http://sourceforge.net/tracker/?group_id=13216&atid=113216
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://subca.ocsp-certum.com01
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://subca.ocsp-certum.com02
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://subca.ocsp-certum.com05
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://validator.w3.org/nu/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://winmerge.org/docs/manual/
Source: is-6G321.tmp.1.dr String found in binary or memory: http://www.apache.org/licenses/
Source: is-6G321.tmp.1.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.appinf.com/features/enable-partial-reads
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-ampl
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.appinf.com/properties/bla-activation-threshold
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.appinf.com/properties/bla-activation-thresholdu
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplification
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplificationR
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: http://www.certum.pl/CPS0
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/unicode.html
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.dk-soft.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000000.1928580436.00000000005CE000.00000002.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.geocities.co.jp/SiliconValley-SanJose/8165/winmerge.htmld
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-3Q5AC.tmp.1.dr String found in binary or memory: http://www.gnu.org/
Source: is-MK4KP.tmp.1.dr String found in binary or memory: http://www.gnu.org/licenses/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000002.1979955099.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-MK4KP.tmp.1.dr String found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://www.html-tidy.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.html-tidy.org/)
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://www.html-tidy.org/Accessibility/
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://www.html-tidy.org/Accessibility/Impossible
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://www.html-tidy.org/accessibility/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1684801592.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1685748904.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000000.1686967562.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.innosetup.com/
Source: WinMerge-2.16.42.1-x64-Setup.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-4ACJK.tmp.1.dr String found in binary or memory: http://www.kibria.de
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.palkornel.hu/innosetup%1
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1684801592.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1685748904.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000000.1686967562.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.remobjects.com/ps
Source: is-2TL7E.tmp.1.dr String found in binary or memory: http://www.unicode.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-DIQ1I.tmp.1.dr String found in binary or memory: http://www.unrealtexture.com/Unreal/Website/Downloads/3DEditing/UnrealEditor/Tools/Info/frhed_v11/fr
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2011-4997.php
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-general-entitiesp
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-parameter-entitieson
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixesnt
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespaces
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/string-interning
Source: WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/string-interning&acQ8
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/validation
Source: WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://7-zip.org/history.txt
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://TamilNeram.github.io
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000023E3000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://WinMerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000B01000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://WinMerge.org/1
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000B01000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://WinMerge.org/q
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://api.openai.com/v1/chat/completions
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.transifex.com/rockytdr/teams/91037/nl/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://bugs.winmerge.org/
Source: is-E7351.tmp.1.dr String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: is-0P0FI.tmp.1.dr String found in binary or memory: https://cygwin.com/.
Source: is-0P0FI.tmp.1.dr String found in binary or memory: https://cygwin.com/problems.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://downzen.com
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-PBBPB.tmp.1.dr String found in binary or memory: https://ethanschoonover.com/solarized/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://forums.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://forums.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://forums.winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://freeimage.sourceforge.io/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://frhed.sourceforge.net/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Patriccollu/Lingua_Corsa-Infurmatica/#readme
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/VenusGirl
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/VenusGirl/winmerge
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WinMerge/frhed/graphs/contributors
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WinMerge/winimerge/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WinMerge/winmerge
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WinMerge/winmerge-v2/issues/41
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.ini
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A21000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022DA000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WinMerge/winmerge/discussions
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022DA000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.dr String found in binary or memory: https://github.com/WinMerge/winmerge/discussions.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WinMerge/winmerge/discussions/1139
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.dr String found in binary or memory: https://github.com/WinMerge/winmerge/issues
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WinMerge/winwebdiff/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/git/git/tree/master/xdiff)
Source: is-C59QH.tmp.1.dr String found in binary or memory: https://github.com/harelba/q/archive/refs/tags/2.0.19.zip
Source: is-DOAEN.tmp.1.dr, is-C59QH.tmp.1.dr String found in binary or memory: https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe
Source: is-2TL7E.tmp.1.dr String found in binary or memory: https://github.com/htacg/tidy-html5
Source: is-2TL7E.tmp.1.dr String found in binary or memory: https://github.com/htacg/tidy-html5/blob/master/README/LOCALIZE.md
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md)
Source: is-2TL7E.tmp.1.dr String found in binary or memory: https://github.com/htacg/tidy-html5/issues
Source: is-2TL7E.tmp.1.dr String found in binary or memory: https://github.com/htacg/tidy-html5/issues/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-PBBPB.tmp.1.dr String found in binary or memory: https://github.com/keeleyt83/winmerge-solarized-dark
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/microsoft/wil)
Source: is-TPH1A.tmp.1.dr String found in binary or memory: https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zip
Source: is-TPH1A.tmp.1.dr, is-DIATK.tmp.1.dr String found in binary or memory: https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/mity/md4c)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/msys2/MSYS2-packages/tree/master/patch)
Source: is-6NH6U.tmp.1.dr String found in binary or memory: https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jar
Source: is-6NH6U.tmp.1.dr String found in binary or memory: https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0.jar
Source: is-QSS6A.tmp.1.dr String found in binary or memory: https://github.com/winmerge/winimergeB
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/wvxwxvw
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gyazo.com/17d8773354d23b5ae51262f28b0f1f80
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gyazo.com/7cbbbd2c1de195fcd214d588b21b21d4
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gyazo.com/b605edb820bc52d0f4f6232eb8ad78aa
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gyazo.com/f5f267546db27f2dc801c00df8cb4251
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://i.gyazo.com/af18960bd1f121213a2cd9287cae9cf4.gif
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://jrsoftware.org/files/is/license.txt)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://jrsoftware.org/isinfo.php)
Source: is-2TL7E.tmp.1.dr String found in binary or memory: https://lists.w3.org/Archives/Public/public-htacg/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://manual.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://manual.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.dr String found in binary or memory: https://manual.winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://manual.winmerge.org/Quick_start.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.dr String found in binary or memory: https://manual.winmerge.org/Quick_start.html.
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022C0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://manual.winmerge.org/en/Quick_start.html.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: https://manual.winmerge.org/index.htmlDocs/WinMerge%s.chmhttps://winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://platform.openai.com/api-keys
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pocoproject.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://project.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://project.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A21000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022DA000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://project.winmerge.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://rapidjson.org/)
Source: is-DS1S3.tmp.1.dr String found in binary or memory: https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0-sources.jar
Source: is-DS1S3.tmp.1.dr String found in binary or memory: https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0.jar
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://savannah.gnu.org/projects/patch/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A52000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A81000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000230B000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000232F000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/forum/?group_id=13216
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/tracker/?group_id=13216&atid=113216
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A52000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A81000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000230B000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000232F000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/tracker/?group_id=13216&atid=363216
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://stedolan.github.io/jq/)
Source: WinMergeU.exe, WinMerge-2.16.42.1-x64-Setup.exe String found in binary or memory: https://winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022C0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://winmerge.org.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.dr String found in binary or memory: https://winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://winmerge.org/?lang=ko
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: https://winmerge.org/translations/http://www.gnu.org/licenses/gpl-2.0.html&amp
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944302366.00007FF64B5B9000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000000.1937850271.00007FF64B5DE000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941697429.0000022F0F4F0000.00000002.00000001.00040000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2942197391.00007FF64B5B9000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960515008.00007FF64B5DE000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: https://winmerge.org:
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-8JE44.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: https://winmerge.orgn#
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.7-zip.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.boost.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.dr String found in binary or memory: https://www.certum.pl/CPS0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.globalsign.com/repository/0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.globalsign.com/repository/06
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A95000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1971640500.00000000032B3000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1979181266.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000234E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972391812.00000000032AB000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.00000000053AE000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gnu.org/licenses/lgpl.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.transifex.com/rockytdr/teams/91037/nl/)
Detected potential crypto function
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005BECC2 6_2_005BECC2
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005C10AA 6_2_005C10AA
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B815B 6_2_005B815B
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005C190F 6_2_005C190F
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005BF234 6_2_005BF234
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005BFF4E 6_2_005BFF4E
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005BF7A6 6_2_005BF7A6
Found potential string decryption / allocating functions
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: String function: 005B9310 appears 31 times
PE file contains executable resources (Code or Archives)
Source: WinMerge-2.16.42.1-x64-Setup.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: WinMerge-2.16.42.1-x64-Setup.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-2Q494.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-2Q494.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
PE file contains more sections than normal
Source: is-0P0FI.tmp.1.dr Static PE information: Number of sections : 13 > 10
PE file does not import any functions
Source: is-CCQC7.tmp.1.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1685748904.000000007FE32000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs WinMerge-2.16.42.1-x64-Setup.exe
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1684801592.0000000002546000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs WinMerge-2.16.42.1-x64-Setup.exe
Uses 32bit PE files
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape89
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape88
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape87
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape86
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape85
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape84
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape83
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape82
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape81
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape80
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape14
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape13
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape12
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape11
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape99
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape10
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape98
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape97
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape96
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape95
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape94
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape93
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape92
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape91
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape90
Source: is-0P0FI.tmp.1.dr Binary string: a\Device\Null\??\COM1\??\COM2\??\COM3\??\COM4\??\COM5\??\COM6\??\COM7\??\COM8\??\COM9\??\COM10\??\COM11\??\COM12\??\COM13\??\COM14\??\COM15\??\COM16\Device\Floppy0\Device\Floppy1\Device\Floppy2\Device\Floppy3\Device\Floppy4\Device\Floppy5\Device\Floppy6\Device\Floppy7\Device\Floppy8\Device\Floppy9\Device\Floppy10\Device\Floppy11\Device\Floppy12\Device\Floppy13\Device\Floppy14\Device\Floppy15\Device\Tape0\Device\Tape1\Device\Tape2\Device\Tape3\Device\Tape4\Device\Tape5\Device\Tape6\Device\Tape7\Device\Tape8\Device\Tape9\Device\Tape10\Device\Tape11\Device\Tape12\Device\Tape13\Device\Tape14\Device\Tape15\Device\Tape16\Device\Tape17\Device\Tape18\Device\Tape19\Device\Tape20\Device\Tape21\Device\Tape22\Device\Tape23\Device\Tape24\Device\Tape25\Device\Tape26\Device\Tape27\Device\Tape28\Device\Tape29\Device\Tape30\Device\Tape31\Device\Tape32\Device\Tape33\Device\Tape34\Device\Tape35\Device\Tape36\Device\Tape37\Device\Tape38\Device\Tape39\Device\Tape40\Device\Tape41\Device\Tape42\Device\Tape43\Device\Tape44\Device\Tape45\Device\Tape46\Device\Tape47\Device\Tape48\Device\Tape49\Device\Tape50\Device\Tape51\Device\Tape52\Device\Tape53\Device\Tape54\Device\Tape55\Device\Tape56\Device\Tape57\Device\Tape58\Device\Tape59\Device\Tape60\Device\Tape61\Device\Tape62\Device\Tape63\Device\Tape64\Device\Tape65\Device\Tape66\Device\Tape67\Device\Tape68\Device\Tape69\Device\Tape70\Device\Tape71\Device\Tape72\Device\Tape73\Device\Tape74\Device\Tape75\Device\Tape76\Device\Tape77\Device\Tape78\Device\Tape79\Device\Tape80\Device\Tape81\Device\Tape82\Device\Tape83\Device\Tape84\Device\Tape85\Device\Tape86\Device\Tape87\Device\Tape88\Device\Tape89\Device\Tape90\Device\Tape91\Device\Tape92\Device\Tape93\Device\Tape94\Device\Tape95\Device\Tape96\Device\Tape97\Device\Tape98\Device\Tape99\Device\Tape100\Device\Tape101\Device\Tape102\Device\Tape103\Device\Tape104\Device\Tape105\Device\Tape106\Device\Tape107\Device\Tape108\Device\Tape109\Device\Tape110\Device\Tape111\Device\Tape112\Device\Tape113\Device\Tape114\Device\Tape115\Device\Tape116\Device\Tape117\Device\Tape118\Device\Tape119\Device\Tape120\Device\Tape121\Device\Tape122\Device\Tape123\Device\Tape124\Device\Tape125\Device\Tape126\Device\Tape127\Device\CdRom0\Device\CdRom1\Device\CdRom2\Device\CdRom3\Device\CdRom4\Device\CdRom5\Device\CdRom6\Device\CdRom7\Device\CdRom8\Device\CdRom9\Device\CdRom10\Device\CdRom11\Device\CdRom12\Device\CdRom13\Device\CdRom14\Device\CdRom15\??\COM17\??\COM18\??\COM19\??\COM20\??\COM21\??\COM22\??\COM23\??\COM24\??\COM25\??\COM26\??\COM27\??\COM28\??\COM29\??\COM30\??\COM31\??\COM32\??\COM33\??\COM34\??\COM35\??\COM36\??\COM37\??\COM38\??\COM39\??\COM40\??\COM41\??\COM42\??\COM43\??\COM44\??\COM45\??\COM46\??\COM47\??\COM48\??\COM49\??\COM50\??\COM51\??\COM52\??\COM53\??\COM54\??\COM55\??\COM56\??\COM57\??\COM58\??\COM59\??\COM60\??\COM61\??\COM62\??\COM63\??\COM64\??\COM65\??\COM66\??\COM67\??\COM68\??\COM69\??\COM70\??\COM71\??\COM72\??\COM73\??\COM74\??\COM75\??\COM76\??\COM77\??\COM78\??\COM7
Source: is-0P0FI.tmp.1.dr Binary string: \Device\WinDfs\Root\\Device\LanmanRedirector\\Device\NamedPipe\\device\\Device\Afd\Device\Nullsome disk file
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape19
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape18
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape17
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape16
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape15
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape25
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape24
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape23
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape120
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape22
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape21
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape122
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape20
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape121
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape124
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape123
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape126
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape125
Source: is-0P0FI.tmp.1.dr Binary string: $a\Device\Null
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape127
Source: is-0P0FI.tmp.1.dr Binary string: $a%y = NtCreateFile (%p, dir %W)bool mkdirs(PWCHAR, int)%08X%08Xneeded, since last fork loaded %Wvoid dll_list::update_forkables_needs()%016X%y = NtOpenFile (%p, a %xh, sh %xh, o %xh, io %y, by id %llX)static void* dll_list::ntopenfile(PCWCHAR, NTSTATUS*, ULONG, ACCESS_MASK, HANDLE)%y = NtOpenFile (%p, a %xh, sh %xh, o %xh, io %y, '%W')...%y = NtQueryDirectoryFile (%p, io %y, info %d)void rmdirs(WCHAR*)\var\run\sync on %Wvoid rmdirs_synchronized(WCHAR*, int, int, PFILE_DIRECTORY_INFORMATION, ULONG)@%p = CreateMutexW (%W): %Ecleaning up for mutex %W%d = CloseHandle (%p, %W): %EWARNING: %y = NtQueryInformationFile (%p, InternalInfo, io.Status %y)static bool dll_list::read_fii(HANDLE, PFILE_INTERNAL_INFORMATION)WARNING: Unable (ntstatus %y) to open real file %Wbool dll::stat_real_file_once()WARNING: Unable to read real file attributes for %Wtype %d disable %Wvoid dll::nominate_forkable(PCWCHAR)\%y = NtSetInformationFile (%p, FileLink %W, iosb.Status %y)bool dll::create_forkable()<cygroot>%Wenabledsize_t dll_list::forkable_ntnamesize(dll_type, PCWCHAR, PCWCHAR)disabled, missing or not on NTFS %W.localhardlinks createdbool dll_list::create_forkables()%y = NtCreateFile (%p, %W)bool dll_list::update_forkables()WFSO (%p, %W, inf)...%u = WFSO (%p, %W)cannot wait for mutex %W: %E%d = ReleaseMutex (%p, %W)error locking mutex %W: %Ebool dll_list::close_mutex()%u = WFSO (%p, %W, 1)forkables dir %Wvoid dll_list::prepare_forkables_nomination()forkables mutex %Wcygfork<sid><exe><winthr>HOME\?*[]\Device\NamedPipe\$&h
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape29
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape28
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape27
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape26
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape36
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape35
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape34
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape33
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape32
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape111
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape31
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape110
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape30
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape113
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape112
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape115
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape114
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape117
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape116
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape119
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape118
Source: is-0P0FI.tmp.1.dr Binary string: aCannot access path %S, status %ybool fs_info::update(PUNICODE_STRING, HANDLE)Cannot get volume attributes (%S), %yunknown\%c:\%s%csrc '%s', dst '%s'int mount_info::cygdrive_win32_path(const char*, char*, int&)/conv_to_win32_path (%s)int mount_info::conv_to_win32_path(const char*, char*, device&, unsigned int*)win32_device_name (%s)isproc (%s)iscygdrive (%s) mount_table->cygdrive %scygdrive_win32_path (%s)mount_table->cygdrive_len > 1 (%s) mount[%d] .. checking %s -> %s attempt to access outside of chroot '%s - %s'src_path %s, dst %s, flags %y, rc %dno-add-slashconv_to_posix_path (%s, 0x%x, %s)int mount_info::conv_to_posix_path(const char*, char*, int)ENAMETOOLONG%s = conv_to_posix_path (%s)%d = conv_to_posix_path(%s)add-slash\\?\invalid fstab option - '%s'bool fstab_read_flags(char**, unsigned int&, bool)int mount_info::write_cygdrive_info(const char*, unsigned int)%s:%d setting errno %dint __set_errno(const char*, int, int)shortest_native_sorted (subdirs before parents)[%d] %12s %12svoid mount_info::sort()longest_posix_sorted[%d] %12s %12s\/%s[%s], %s[%s], %yint mount_info::add_item(const char*, const char*, unsigned int)/bin\040cygdriveusertemp.d\Try to read mounts from %Wbool mount_info::from_fstab(bool, WCHAR*, PWCHAR)*native_root != '\0'void mount_info::create_root_entry(PWCHAR)/d/a/msys2-build32/msys2-build32/r/msys2-runtime/src/msys2-runtime/winsup/cygwin/mount.ccadd_item ("%s", "/", ...) failed, errno %d\etc\fstabroot_idx %d, user_shared magic %y, nmounts %d:\int mount_info::del_item(const char*, unsigned int)int mount(const char*, const char*, unsigned int)\:%R = mount(%s, %s, %y)int umount(const char*)%R = cygwin_umount(%s, %d)int cygwin_umount(const char*, unsigned int)\Device\CdRomFloppyHarddiskLanmanRedirector\MRxNfs\
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape39
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Null
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape38
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape37
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape47
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape46
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape45
Source: is-0P0FI.tmp.1.dr Binary string: DeviceIoControl (%S, IOCTL_DISK_GET_PARTITION_INFO{_EX}) %EDeviceIoControl(%S, IOCTL_DISK_GET_DRIVE_LAYOUT{_EX}): %E%5d %5d %9U %s\\?\GLOBALROOT\Device\%S\Partition%u\ %Wcwcsdup would have returned NULLexists (%s)virtual virtual_ftype_t fhandler_proc::exists()get_proc_fhandler(%s)static fh_devices fhandler_proc::get_proc_fhandler(const char*)fstat (%s)virtual int fhandler_proc::fstat(stat*)%s:%d setting errno %dint __set_errno(const char*, int, int).virtual int fhandler_proc::open(int, mode_t)%d = fhandler_proc::open(%y, 0%o)
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape44
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape1
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape43
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape100
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape0
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape42
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape3
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape41
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape102
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape2
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape40
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape101
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy14
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape5
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape104
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy13
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape4
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape103
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape7
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape106
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy15
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape6
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape105
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy10
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape9
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape108
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape8
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape107
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy12
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy11
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape109
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy1
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy0
Source: is-0P0FI.tmp.1.dr Binary string: @%p = readdir (%p) (%s)virtual int fhandler_cygdrive::readdir(DIR*, dirent*)cwcsdup would have returned NULLvirtual int fhandler_cygdrive::open(int, mode_t)%s:%d setting errno %dint __set_errno(const char*, int, int)\Device\Harddisk%u\Partition%u%S %yvirtual int fhandler_dev::readdir(DIR*, dirent*)returning %dcwcsdup would have returned NULLvirtual int fhandler_dev::rmdir()%s:%d setting errno %dint __set_errno(const char*, int, int)virtual int fhandler_dev::open(int, mode_t)virtual DIR* fhandler_dev::opendir(int)%p = opendir (%s)%y = NtFsControlFile(%S, FSCTL_SET_SPARSE)virtual int fhandler_disk_file::ftruncate(off_t, bool)/d/a/msys2-build32/msys2-build32/r/msys2-runtime/src/msys2-runtime/winsup/cygwin/fhandler_disk_file.cc%d = closedir(%p, %s)virtual int fhandler_disk_file::closedir(DIR*)cwcsdup would have returned NULLvirtual int fhandler_disk_file::rmdir()%s:%d setting errno %dint __set_errno(const char*, int, int)virtual ssize_t fhandler_disk_file::fgetxattr(const char*, void*, size_t)virtual int fhandler_disk_file::fsetxattr(const char*, const void*, size_t, int)virtual int fhandler_disk_file::link(const char*)file '%S' exists?Opening for removing TEMPORARY attrib failed, status = %yRemoving the TEMPORARY attrib failed, status = %yvirtual DIR* fhandler_disk_file::opendir(int)%p = opendir (%s)%y = NtOpenFile(%S)int fhandler_base::fstat_helper(stat*)%y = NtReadFile(%S)0 = fstat (%S, %p) st_size=%D, st_mode=0%o, st_ino=%Dst_atim=%lx.%lx st_ctim=%lx.%lx st_mtim=%lx.%lx st_birthtim=%lx.%lx%y = NtQueryInformationFile(%S, FileAllInformation)int fhandler_base::fstat_by_handle(stat*)int fhandler_base::fstat_by_name(stat*)%y = NtQueryDirectoryFile(%S)%y = NtFsControlFile(%S, FSCTL_GET_NTFS_VOLUME_DATA)int fhandler_base::fstatvfs_by_handle(HANDLE, statvfs*)%y = NtQueryVolumeInformationFile(%S, FileFsSizeInformation)%y = NtQueryVolumeInformationFile(%S, FileFsFullSizeInformation)%d = fstatvfs(%s, %p)virtual int fhandler_disk_file::fstatvfs(statvfs*)%y = NtOpenFile (%p, %y, %S, io, %y, %y)int fhandler_disk_file::prw_open(bool, void*)virtual ssize_t fhandler_disk_file::pread(void*, size_t, off_t, void*)%d = pread(%p, %ld, %D, %p)
Source: is-0P0FI.tmp.1.dr Binary string: aA:B:%s%c%s%c%s%c%sFindFirstVolumeW, %Edos_drive_mappings::dos_drive_mappings()Unable to determine the native mapping for %ls (error %u)\Device\Mup\fsi_locknonevfatexfatntfsrefssmbfsnfsnetappiso9660udfcsc-cacheunixfsmvfscifsnwfsncfsdafsprlfsaclautobinarybindcygexecdosexecihashnoaclnosuidnotexecnouseroverrideposix=0posix=1sparsetextuserethtokloatmwlanslpppptun%s%u:%u%s%up
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy9
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy8
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy7
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy6
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy5
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy4
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy3
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape49
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Floppy2
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape48
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape58
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape57
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape56
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape55
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Harddisk%u\Partition%u
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape54
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape53
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape52
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape51
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape50
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape59
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape69
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape68
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape67
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape66
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape65
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape64
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape63
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape62
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape61
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape60
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape79
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape78
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom0
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape77
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape76
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom2
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape75
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom1
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape74
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom4
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape73
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom3
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape72
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape71
Source: is-0P0FI.tmp.1.dr Binary string: \Device\Tape70
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom11
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom10
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom13
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom12
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom6
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom5
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom8
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom7
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom15
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom9
Source: is-0P0FI.tmp.1.dr Binary string: \Device\CdRom14
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: f: \.vbproj$
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: for (var it = new Enumerator(prs.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-78I73.tmp.1.dr Binary or memory string: return (wbk.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: f: \.csproj$
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-SU96U.tmp.1.dr Binary or memory string: return (doc.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: return (prs.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: <li>BugFix:ALL.vs2019.sln cl : command line warning D9035: option &#39;Gm&#39;
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-78I73.tmp.1.dr Binary or memory string: for (var it = new Enumerator(wbk.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: <li>BugFix: Plugins\src_VCPP\VCPPPlugins.vs2017.sln can&#39;t open projects
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-SU96U.tmp.1.dr Binary or memory string: for (var it = new Enumerator(doc.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: f: \.sln$
Source: classification engine Classification label: clean15.winEXE@11/426@0/0
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B14B0 CLSIDFromProgID,CoCreateInstance,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathIsContentTypeW,PathMatchSpecW,CoGetObject,CoGetObject,ShellExecuteExW,CoGetObject,LoadTypeLib,StrCmpIW,SysFreeString,PathMatchSpecW,FormatMessageW,FormatMessageW,FormatMessageW,LocalFree,LocalFree,LocalFree,MessageBoxW,LocalFree, 6_2_005B14B0
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B42B0 LoadLibraryExW,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary, 6_2_005B42B0
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Mutant created: \Sessions\1\BaseNamedObjects\WinMergeWindowClassW-Default
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe File created: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Command line argument: :\ 6_2_005B66D0
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File read: C:\Program Files\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe File read: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe "C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp "C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$20436,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp "C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$20436,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" Jump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: icu.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: taskflowdataengine.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: cdp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: icu.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: WinMerge.lnk.1.dr LNK file: ..\..\..\..\..\..\Program Files\WinMerge\WinMergeU.exe
Source: User's Guide.lnk.1.dr LNK file: ..\..\..\..\..\..\Program Files\WinMerge\Docs\WinMerge.chm
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-2Q494.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-AB4CR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-49D4M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages\is-CS9M3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages\is-96KGB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-10V3S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-JU2MR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-H85BR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-8JE44.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-JVB9Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-VGS3E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-6RILS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-8AOD8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-3Q5AC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-E8V58.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UD6PT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IRL8E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FHELA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8EBB0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RBN1M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KH76E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-K5BUD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-JDFNF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MG6R1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MENC1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P32TC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-DO11C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-01LNJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-N0RHV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQOE0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GIFJG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SPDD7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9JS4V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TEEG1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3UTCI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1OFLI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EUQ5Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GA276.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RKJVB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PU4EF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VJL97.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4K9R7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PKQIJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9F7PJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A4HNU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-S8INT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SCC10.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9UNSO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EDUEO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-E9VD0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5ICPD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3731M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7LQUD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UV5E7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FK0UG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-C4LM4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UFTBK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-07BJA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-ET271.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-718BR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4MOF6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2O7O2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4DLTP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L0DOI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4A1LQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-6KSS7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FD31F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3T0M2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-J1N08.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3DP3G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-J984S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-27I22.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-46539.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-6PJLL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FJHEN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CLMUB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PTD7L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HNAUF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FAEPP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GIMGK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VTBA3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-392DM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-T09KQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-70O2M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-0IRRC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8O0N0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HER2G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-JRH28.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EE207.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IHDI8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q81PM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SBJ13.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-33DHC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LCFR4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TJO52.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQPKU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TI0RK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-79BHC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9AA3C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CPONI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GUMVN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FOVOP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1SB7D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P6A6M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TK9IC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-AU4P3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-FNCNS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-42S43.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-LOMSC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-6N9U1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-FNJFI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-9EULG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-N77QE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-A1JNB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-KMDT6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-GGI4M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-BVLTA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-T4POQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-F6A3H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-8UKVC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-AQH9Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-IO4Q6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-PBBPB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-RSHNB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-PI6OJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-PGCN6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-C129A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-BMD2A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-QH5MF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-56MFI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-ASUI9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-6EJQ2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-ML646.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-78I73.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-SU96U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-MC8SA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-TNEMF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-M0P5H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-EQOE1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-3QJAR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-U9QM3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-A9BMJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-4O62B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-49CBC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-UOVVP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\is-2MFA1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\is-935IJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-PUD7L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-93L49.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-4ACJK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-DIQ1I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-F7TDG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-2MN8C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-O2DB3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-S9C5V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-200EI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-HUG4Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-CCQC7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-U20AJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-PH40M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-QSS6A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-ANPMO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-3RCE5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-BBDTH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-4KGDL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-O9CED.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-8FE3E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-PRA2U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-0P0FI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-1GCQU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-880H6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin\is-0GOII.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-MK4KP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-NUC84.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-K0II3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-97RI7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-RFVQ3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs\is-HQH5N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1\is-D4SL0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3\is-E25BL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7\is-9M5G8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-2TL7E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-VSMSJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-J16CJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq\is-FJVRV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq\is-E7351.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-PKEVK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-BHR6Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-OJLM1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-NQKQ9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-0IU8S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-6OQG1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-OQGB5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-6NH6U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-QBVN2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-6G321.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-DS1S3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-DOAEN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-N05SV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-C59QH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-DIATK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-RBRPC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-TPH1A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\dumpbin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\dumpbin\is-F97RA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\ildasm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\ildasm\is-4B0OG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-NN7IM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-1L4US.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-P08A3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\is-CPJ9E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\unins000.msg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMerge_is1 Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: certificate valid
Source: WinMerge-2.16.42.1-x64-Setup.exe Static file information: File size 9992352 > 1048576
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreCommentsC.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-4O62B.tmp.1.dr
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: is-ANPMO.tmp.1.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb! source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: f: \.pdb$ ## VC program database file (debugging symbolic information) source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-BVLTA.tmp.1.dr, is-LOMSC.tmp.1.dr, is-KMDT6.tmp.1.dr
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdbGCTL source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\dev\winmerge\Build\x64\Release\WinMergeContextMenu.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-8JE44.tmp.1.dr
Source: Binary string: E:\dev\winmerge\Build\x64\Release\Merge7z\Merge7z.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-VGS3E.tmp.1.dr
Source: Binary string: C:\dev\WinMerge\winmerge-3pane\stable\Plugins\WinMerge32BitPluginProxy\Release\WinMerge32BitPluginProxy.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000000.1928542746.00000000005C3000.00000002.00000001.01000000.00000009.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreColumns.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsTab.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-UOVVP.tmp.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: is-ANPMO.tmp.1.dr
Source: Binary string: E:\dev\winmerge\Externals\winimerge\Build\x64\Release\WinIMerge\WinIMergeLib.pdb source: is-QSS6A.tmp.1.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsComma.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-49CBC.tmp.1.dr
PE file contains sections with non-standard names
Source: is-AB4CR.tmp.1.dr Static PE information: section name: .didat
Source: is-QSS6A.tmp.1.dr Static PE information: section name: _RDATA
Source: is-PRA2U.tmp.1.dr Static PE information: section name: _RDATA
Source: is-0P0FI.tmp.1.dr Static PE information: section name: /4
Source: is-0P0FI.tmp.1.dr Static PE information: section name: .buildid
Source: is-0P0FI.tmp.1.dr Static PE information: section name: /19
Source: is-0P0FI.tmp.1.dr Static PE information: section name: /38
Source: is-0P0FI.tmp.1.dr Static PE information: section name: .cygheap
Source: is-1GCQU.tmp.1.dr Static PE information: section name: .buildid
Source: is-1GCQU.tmp.1.dr Static PE information: section name: /4
Source: is-880H6.tmp.1.dr Static PE information: section name: .buildid
Source: is-880H6.tmp.1.dr Static PE information: section name: /4
Source: is-FJVRV.tmp.1.dr Static PE information: section name: .eh_fram
Source: is-PKEVK.tmp.1.dr Static PE information: section name: /4
Source: is-BHR6Q.tmp.1.dr Static PE information: section name: /4
Source: is-OJLM1.tmp.1.dr Static PE information: section name: /4
Registers a DLL
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B9355 push ecx; ret 6_2_005B9368
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B9B64 push ecx; ret 6_2_005B9B77
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\is-PKEVK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Merge7z\is-VGS3E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-JU2MR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Merge7z\7z.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-1GCQU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-10V3S.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-2Q494.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Frhed\Languages\is-CCQC7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinWebDiff\is-PRA2U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\tidy-html5\is-VSMSJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\vcomp140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\is-UOVVP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-880H6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Users\user\AppData\Local\Temp\is-57SIR.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\jq\is-FJVRV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-ANPMO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\is-BHR6Q.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\is-4O62B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinMergeU.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\ShellExtensionU.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\tidy-html5\is-2TL7E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-H85BR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\is-OJLM1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-8JE44.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\ShellExtensionX64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-AB4CR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-0P0FI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\is-A9BMJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinIMerge\is-QSS6A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\is-49CBC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe File created: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Frhed\is-935IJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Merge7z\is-6RILS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\jq\jq.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy) Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window found: window name: progman Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\WinMerge.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\User's Guide.lnk Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B815B EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 6_2_005B815B
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-57SIR.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\jq\is-FJVRV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\is-ANPMO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-BHR6Q.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-PKEVK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\is-VGS3E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-4O62B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\is-JU2MR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\ShellExtensionU.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\7z.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\is-2TL7E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\is-H85BR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-OJLM1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\is-8JE44.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\ShellExtensionX64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-0P0FI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-1GCQU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-A9BMJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinIMerge\is-QSS6A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-49CBC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinWebDiff\is-PRA2U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\Languages\is-CCQC7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\is-935IJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\is-6RILS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\is-VSMSJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\vcomp140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-UOVVP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\jq\jq.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-880H6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy) Jump to dropped file
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: WinMergeU.exe, 00000008.00000003.1942585276.00000213702A5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: is-0P0FI.tmp.1.dr Binary or memory string: prlfs
Source: is-0P0FI.tmp.1.dr Binary or memory string: _ro_u_prlfs
Source: is-0P0FI.tmp.1.dr Binary or memory string: aA:B:%s%c%s%c%s%c%sFindFirstVolumeW, %Edos_drive_mappings::dos_drive_mappings()Unable to determine the native mapping for %ls (error %u)\Device\Mup\fsi_locknonevfatexfatntfsrefssmbfsnfsnetappiso9660udfcsc-cacheunixfsmvfscifsnwfsncfsdafsprlfsaclautobinarybindcygexecdosexecihashnoaclnosuidnotexecnouseroverrideposix=0posix=1sparsetextuserethtokloatmwlanslpppptun%s%u:%u%s%up
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B706D IsDebuggerPresent, 6_2_005B706D
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005BC624 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 6_2_005BC624
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B7FF7 GetProcessHeap, 6_2_005B7FF7
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B99D6 SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_005B99D6
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B99A5 SetUnhandledExceptionFilter, 6_2_005B99A5
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000235A000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: progmanQ
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000023A9000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: progmanq
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A81000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.00000000053BE000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: progman
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005BB810 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 6_2_005BB810
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 6_2_005B22B0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ, 6_2_005B22B0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1541098 Sample: WinMerge-2.16.42.1-x64-Setup.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 15 6 WinMerge-2.16.42.1-x64-Setup.exe 2 2->6         started        file3 21 C:\Users\...\WinMerge-2.16.42.1-x64-Setup.tmp, PE32 6->21 dropped 9 WinMerge-2.16.42.1-x64-Setup.tmp 50 263 6->9         started        process4 file5 23 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 9->23 dropped 25 C:\Program Files\...\vcomp140.dll (copy), PE32+ 9->25 dropped 27 C:\Program Files\...\unins000.exe (copy), PE32 9->27 dropped 29 50 other files (none is malicious) 9->29 dropped 31 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 9->31 13 regsvr32.exe 43 9->13         started        15 WinMergeU.exe 1 9->15         started        17 WinMergeU.exe 9 6 9->17         started        19 WinMerge32BitPluginProxy.exe 23 9->19         started        signatures6 process7
No contacted IP infos