Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WinMerge-2.16.42.1-x64-Setup.exe

Overview

General Information

Sample name:WinMerge-2.16.42.1-x64-Setup.exe
Analysis ID:1541098
MD5:694814dfeb6bc886adc91431fa3710f8
SHA1:d4eed6294c367837aa5ad810a79dd807ed2178b5
SHA256:5771f2a0553f53684b0e74161ed8749c4dda270f166edac253982366aee39bd3
Infos:

Detection

Score:15
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample file is different than original file name gathered from version info
Sigma detected: Classes Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • WinMerge-2.16.42.1-x64-Setup.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" MD5: 694814DFEB6BC886ADC91431FA3710F8)
    • WinMerge-2.16.42.1-x64-Setup.tmp (PID: 7284 cmdline: "C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$20436,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" MD5: 364B8FA0269A0789DCB7A9673C7757E4)
      • regsvr32.exe (PID: 7664 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
      • WinMerge32BitPluginProxy.exe (PID: 7680 cmdline: "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer MD5: 0BF44140B929D5B80CF5F3A8FBA33767)
      • WinMergeU.exe (PID: 7768 cmdline: "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097 MD5: 4D8808EB623326E39416F884B2DF745B)
      • WinMergeU.exe (PID: 7880 cmdline: "C:\Program Files\WinMerge\WinMergeU.exe" MD5: 4D8808EB623326E39416F884B2DF745B)
  • cleanup
No configs have been found
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: {4E716236-AA30-4C65-B225-D68BBA81E9C2}, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\regsvr32.exe, ProcessId: 7664, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinMerge\(Default)
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePluginsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-2Q494.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-AB4CR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-49D4M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImagesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImages\is-CS9M3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImages\is-96KGB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-10V3S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-JU2MR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-H85BR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-8JE44.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-JVB9Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7zJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-VGS3E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-6RILS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-8AOD8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-3Q5AC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\LangJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-E8V58.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UD6PT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IRL8E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FHELA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8EBB0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RBN1M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KH76E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-K5BUD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-JDFNF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MG6R1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MENC1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P32TC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-DO11C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-01LNJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-N0RHV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQOE0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GIFJG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SPDD7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9JS4V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TEEG1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3UTCI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1OFLI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EUQ5Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GA276.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RKJVB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PU4EF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VJL97.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4K9R7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PKQIJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9F7PJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A4HNU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-S8INT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SCC10.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9UNSO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EDUEO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-E9VD0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5ICPD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3731M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7LQUD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UV5E7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FK0UG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-C4LM4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UFTBK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-07BJA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-ET271.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-718BR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4MOF6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2O7O2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4DLTP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L0DOI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4A1LQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-6KSS7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FD31F.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3T0M2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-J1N08.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3DP3G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-J984S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-27I22.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-46539.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-6PJLL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FJHEN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CLMUB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PTD7L.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HNAUF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FAEPP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GIMGK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VTBA3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-392DM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-T09KQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-70O2M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-0IRRC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8O0N0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HER2G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-JRH28.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EE207.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IHDI8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q81PM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SBJ13.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-33DHC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LCFR4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TJO52.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQPKU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TI0RK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-79BHC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9AA3C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CPONI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GUMVN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FOVOP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1SB7D.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P6A6M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TK9IC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-AU4P3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\FiltersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-FNCNS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-42S43.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-LOMSC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-6N9U1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-FNJFI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-9EULG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-N77QE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-A1JNB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-KMDT6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-GGI4M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-BVLTA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-T4POQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-F6A3H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-8UKVC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-AQH9Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-IO4Q6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-PBBPB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-RSHNB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\DocsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-PI6OJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-PGCN6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-C129A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-BMD2A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-QH5MF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-56MFI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-ASUI9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-6EJQ2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-ML646.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-78I73.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-SU96U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-MC8SA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-TNEMF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-M0P5H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-EQOE1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-3QJAR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-U9QM3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-A9BMJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-4O62B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-49CBC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-UOVVP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\FrhedJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\is-2MFA1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\is-935IJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\DocsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-PUD7L.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-93L49.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-4ACJK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-DIQ1I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-F7TDG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\LanguagesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-2MN8C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-O2DB3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-S9C5V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-200EI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-HUG4Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-CCQC7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-U20AJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-PH40M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-QSS6A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-ANPMO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiffJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-3RCE5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-BBDTH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-4KGDL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-O9CED.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-8FE3E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-PRA2U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\CommandsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usrJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\binJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-0P0FI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-1GCQU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-880H6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\shareJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin\is-0GOII.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\docJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\MsysJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-MK4KP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-NUC84.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-K0II3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\infoJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-97RI7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-RFVQ3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licensesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs\is-HQH5N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\manJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1\is-D4SL0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3\is-E25BL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7\is-9M5G8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-2TL7E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-VSMSJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-J16CJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jqJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jq\is-FJVRV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jq\is-E7351.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4cJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-PKEVK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-BHR6Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-OJLM1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-NQKQ9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-0IU8S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUMLJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-6OQG1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-OQGB5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-6NH6U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-TikaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-QBVN2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-6G321.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-DS1S3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\qJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-DOAEN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-N05SV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-C59QH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yqJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-DIATK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-RBRPC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-TPH1A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\dumpbinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\dumpbin\is-F97RA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\ildasmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\ildasm\is-4B0OG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\JavaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-NN7IM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-1L4US.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-P08A3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\is-CPJ9E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMerge_is1Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: certificate valid
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreCommentsC.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-4O62B.tmp.1.dr
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: is-ANPMO.tmp.1.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb! source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: f: \.pdb$ ## VC program database file (debugging symbolic information) source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-BVLTA.tmp.1.dr, is-LOMSC.tmp.1.dr, is-KMDT6.tmp.1.dr
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdbGCTL source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\dev\winmerge\Build\x64\Release\WinMergeContextMenu.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-8JE44.tmp.1.dr
Source: Binary string: E:\dev\winmerge\Build\x64\Release\Merge7z\Merge7z.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-VGS3E.tmp.1.dr
Source: Binary string: C:\dev\WinMerge\winmerge-3pane\stable\Plugins\WinMerge32BitPluginProxy\Release\WinMerge32BitPluginProxy.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000000.1928542746.00000000005C3000.00000002.00000001.01000000.00000009.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreColumns.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsTab.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-UOVVP.tmp.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: is-ANPMO.tmp.1.dr
Source: Binary string: E:\dev\winmerge\Externals\winimerge\Build\x64\Release\WinIMerge\WinIMergeLib.pdb source: is-QSS6A.tmp.1.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsComma.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-49CBC.tmp.1.dr
Source: WinMergeU.exe, 00000009.00000000.1960515008.00007FF64B5DE000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://192.168.1.101:3703/soap/WinMerge/Program%20Icons/Splash%20and%20About/concept.psd
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-DIQ1I.tmp.1.drString found in binary or memory: http://bonedaddy.net/pabs3/files/frhed/
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://counter-strike.com.ua/
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0X
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://dev.w3.org/html5/markup/
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://dev.w3.org/html5/spec-author-view
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://dev.w3.org/html5/spec-author-view/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-2MN8C.tmp.1.dr, is-S9C5V.tmp.1.dr, is-200EI.tmp.1.drString found in binary or memory: http://frhed.sourceforge.net/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://frhed.sourceforge.net/Docs
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://frhed.sourceforge.netN
Source: is-MK4KP.tmp.1.drString found in binary or memory: http://fsf.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.github.io/googletest/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.c2i.net/freewaretips/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g20
Source: is-4KGDL.tmp.1.drString found in binary or memory: http://opensource.org/licenses/MIT
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-UOVVP.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-QSS6A.tmp.1.dr, is-VGS3E.tmp.1.drString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-S9C5V.tmp.1.drString found in binary or memory: http://sourceforge.net/tracker/?
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-2MN8C.tmp.1.dr, is-200EI.tmp.1.drString found in binary or memory: http://sourceforge.net/tracker/?group_id=13216&atid=113216
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://subca.ocsp-certum.com01
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://subca.ocsp-certum.com02
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://subca.ocsp-certum.com05
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://validator.w3.org/nu/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://winmerge.org/docs/manual/
Source: is-6G321.tmp.1.drString found in binary or memory: http://www.apache.org/licenses/
Source: is-6G321.tmp.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/features/enable-partial-reads
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-ampl
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/properties/bla-activation-threshold
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/properties/bla-activation-thresholdu
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplification
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplificationR
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: http://www.certum.pl/CPS0
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/unicode.html
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000000.1928580436.00000000005CE000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.geocities.co.jp/SiliconValley-SanJose/8165/winmerge.htmld
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-3Q5AC.tmp.1.drString found in binary or memory: http://www.gnu.org/
Source: is-MK4KP.tmp.1.drString found in binary or memory: http://www.gnu.org/licenses/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000002.1979955099.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-MK4KP.tmp.1.drString found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://www.html-tidy.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.html-tidy.org/)
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://www.html-tidy.org/Accessibility/
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://www.html-tidy.org/Accessibility/Impossible
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://www.html-tidy.org/accessibility/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1684801592.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1685748904.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000000.1686967562.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.innosetup.com/
Source: WinMerge-2.16.42.1-x64-Setup.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-4ACJK.tmp.1.drString found in binary or memory: http://www.kibria.de
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.palkornel.hu/innosetup%1
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1684801592.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1685748904.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000000.1686967562.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.remobjects.com/ps
Source: is-2TL7E.tmp.1.drString found in binary or memory: http://www.unicode.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-DIQ1I.tmp.1.drString found in binary or memory: http://www.unrealtexture.com/Unreal/Website/Downloads/3DEditing/UnrealEditor/Tools/Info/frhed_v11/fr
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2011-4997.php
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitiesp
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entitieson
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixesnt
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
Source: WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning&acQ8
Source: WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
Source: WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://7-zip.org/history.txt
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://TamilNeram.github.io
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000023E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://WinMerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000B01000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://WinMerge.org/1
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000B01000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://WinMerge.org/q
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.openai.com/v1/chat/completions
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://app.transifex.com/rockytdr/teams/91037/nl/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.winmerge.org/
Source: is-E7351.tmp.1.drString found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: is-0P0FI.tmp.1.drString found in binary or memory: https://cygwin.com/.
Source: is-0P0FI.tmp.1.drString found in binary or memory: https://cygwin.com/problems.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downzen.com
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-PBBPB.tmp.1.drString found in binary or memory: https://ethanschoonover.com/solarized/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://forums.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://forums.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://forums.winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://freeimage.sourceforge.io/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://frhed.sourceforge.net/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Patriccollu/Lingua_Corsa-Infurmatica/#readme
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/VenusGirl
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/VenusGirl/winmerge
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WinMerge/frhed/graphs/contributors
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WinMerge/winimerge/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WinMerge/winmerge
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WinMerge/winmerge-v2/issues/41
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.ini
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A21000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022DA000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WinMerge/winmerge/discussions
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022DA000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drString found in binary or memory: https://github.com/WinMerge/winmerge/discussions.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WinMerge/winmerge/discussions/1139
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drString found in binary or memory: https://github.com/WinMerge/winmerge/issues
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WinMerge/winwebdiff/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/git/git/tree/master/xdiff)
Source: is-C59QH.tmp.1.drString found in binary or memory: https://github.com/harelba/q/archive/refs/tags/2.0.19.zip
Source: is-DOAEN.tmp.1.dr, is-C59QH.tmp.1.drString found in binary or memory: https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe
Source: is-2TL7E.tmp.1.drString found in binary or memory: https://github.com/htacg/tidy-html5
Source: is-2TL7E.tmp.1.drString found in binary or memory: https://github.com/htacg/tidy-html5/blob/master/README/LOCALIZE.md
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md)
Source: is-2TL7E.tmp.1.drString found in binary or memory: https://github.com/htacg/tidy-html5/issues
Source: is-2TL7E.tmp.1.drString found in binary or memory: https://github.com/htacg/tidy-html5/issues/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-PBBPB.tmp.1.drString found in binary or memory: https://github.com/keeleyt83/winmerge-solarized-dark
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/wil)
Source: is-TPH1A.tmp.1.drString found in binary or memory: https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zip
Source: is-TPH1A.tmp.1.dr, is-DIATK.tmp.1.drString found in binary or memory: https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mity/md4c)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/msys2/MSYS2-packages/tree/master/patch)
Source: is-6NH6U.tmp.1.drString found in binary or memory: https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jar
Source: is-6NH6U.tmp.1.drString found in binary or memory: https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0.jar
Source: is-QSS6A.tmp.1.drString found in binary or memory: https://github.com/winmerge/winimergeB
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wvxwxvw
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gyazo.com/17d8773354d23b5ae51262f28b0f1f80
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gyazo.com/7cbbbd2c1de195fcd214d588b21b21d4
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gyazo.com/b605edb820bc52d0f4f6232eb8ad78aa
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gyazo.com/f5f267546db27f2dc801c00df8cb4251
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.gyazo.com/af18960bd1f121213a2cd9287cae9cf4.gif
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jrsoftware.org/files/is/license.txt)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jrsoftware.org/isinfo.php)
Source: is-2TL7E.tmp.1.drString found in binary or memory: https://lists.w3.org/Archives/Public/public-htacg/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://manual.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://manual.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drString found in binary or memory: https://manual.winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://manual.winmerge.org/Quick_start.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drString found in binary or memory: https://manual.winmerge.org/Quick_start.html.
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022C0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://manual.winmerge.org/en/Quick_start.html.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://manual.winmerge.org/index.htmlDocs/WinMerge%s.chmhttps://winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://platform.openai.com/api-keys
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pocoproject.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://project.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://project.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A21000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022DA000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://project.winmerge.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://rapidjson.org/)
Source: is-DS1S3.tmp.1.drString found in binary or memory: https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0-sources.jar
Source: is-DS1S3.tmp.1.drString found in binary or memory: https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0.jar
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://savannah.gnu.org/projects/patch/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A52000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A81000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000230B000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000232F000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/forum/?group_id=13216
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/tracker/?group_id=13216&atid=113216
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A52000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A81000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000230B000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000232F000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/tracker/?group_id=13216&atid=363216
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stedolan.github.io/jq/)
Source: WinMergeU.exe, WinMerge-2.16.42.1-x64-Setup.exeString found in binary or memory: https://winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022C0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://winmerge.org.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drString found in binary or memory: https://winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://winmerge.org/?lang=ko
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://winmerge.org/translations/http://www.gnu.org/licenses/gpl-2.0.html&amp
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944302366.00007FF64B5B9000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000000.1937850271.00007FF64B5DE000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941697429.0000022F0F4F0000.00000002.00000001.00040000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2942197391.00007FF64B5B9000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960515008.00007FF64B5DE000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://winmerge.org:
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-8JE44.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: https://winmerge.orgn#
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.7-zip.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.boost.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drString found in binary or memory: https://www.certum.pl/CPS0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/06
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A95000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1971640500.00000000032B3000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1979181266.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000234E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972391812.00000000032AB000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.00000000053AE000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gnu.org/licenses/lgpl.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.transifex.com/rockytdr/teams/91037/nl/)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005BECC26_2_005BECC2
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005C10AA6_2_005C10AA
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B815B6_2_005B815B
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005C190F6_2_005C190F
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005BF2346_2_005BF234
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005BFF4E6_2_005BFF4E
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005BF7A66_2_005BF7A6
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: String function: 005B9310 appears 31 times
Source: WinMerge-2.16.42.1-x64-Setup.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: WinMerge-2.16.42.1-x64-Setup.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-2Q494.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-2Q494.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-0P0FI.tmp.1.drStatic PE information: Number of sections : 13 > 10
Source: is-CCQC7.tmp.1.drStatic PE information: No import functions for PE file found
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1685748904.000000007FE32000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs WinMerge-2.16.42.1-x64-Setup.exe
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1684801592.0000000002546000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs WinMerge-2.16.42.1-x64-Setup.exe
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape89
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape88
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape87
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape86
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape85
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape84
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape83
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape82
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape81
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape80
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape14
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape13
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape12
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape11
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape99
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape10
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape98
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape97
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape96
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape95
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape94
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape93
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape92
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape91
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape90
Source: is-0P0FI.tmp.1.drBinary string: a\Device\Null\??\COM1\??\COM2\??\COM3\??\COM4\??\COM5\??\COM6\??\COM7\??\COM8\??\COM9\??\COM10\??\COM11\??\COM12\??\COM13\??\COM14\??\COM15\??\COM16\Device\Floppy0\Device\Floppy1\Device\Floppy2\Device\Floppy3\Device\Floppy4\Device\Floppy5\Device\Floppy6\Device\Floppy7\Device\Floppy8\Device\Floppy9\Device\Floppy10\Device\Floppy11\Device\Floppy12\Device\Floppy13\Device\Floppy14\Device\Floppy15\Device\Tape0\Device\Tape1\Device\Tape2\Device\Tape3\Device\Tape4\Device\Tape5\Device\Tape6\Device\Tape7\Device\Tape8\Device\Tape9\Device\Tape10\Device\Tape11\Device\Tape12\Device\Tape13\Device\Tape14\Device\Tape15\Device\Tape16\Device\Tape17\Device\Tape18\Device\Tape19\Device\Tape20\Device\Tape21\Device\Tape22\Device\Tape23\Device\Tape24\Device\Tape25\Device\Tape26\Device\Tape27\Device\Tape28\Device\Tape29\Device\Tape30\Device\Tape31\Device\Tape32\Device\Tape33\Device\Tape34\Device\Tape35\Device\Tape36\Device\Tape37\Device\Tape38\Device\Tape39\Device\Tape40\Device\Tape41\Device\Tape42\Device\Tape43\Device\Tape44\Device\Tape45\Device\Tape46\Device\Tape47\Device\Tape48\Device\Tape49\Device\Tape50\Device\Tape51\Device\Tape52\Device\Tape53\Device\Tape54\Device\Tape55\Device\Tape56\Device\Tape57\Device\Tape58\Device\Tape59\Device\Tape60\Device\Tape61\Device\Tape62\Device\Tape63\Device\Tape64\Device\Tape65\Device\Tape66\Device\Tape67\Device\Tape68\Device\Tape69\Device\Tape70\Device\Tape71\Device\Tape72\Device\Tape73\Device\Tape74\Device\Tape75\Device\Tape76\Device\Tape77\Device\Tape78\Device\Tape79\Device\Tape80\Device\Tape81\Device\Tape82\Device\Tape83\Device\Tape84\Device\Tape85\Device\Tape86\Device\Tape87\Device\Tape88\Device\Tape89\Device\Tape90\Device\Tape91\Device\Tape92\Device\Tape93\Device\Tape94\Device\Tape95\Device\Tape96\Device\Tape97\Device\Tape98\Device\Tape99\Device\Tape100\Device\Tape101\Device\Tape102\Device\Tape103\Device\Tape104\Device\Tape105\Device\Tape106\Device\Tape107\Device\Tape108\Device\Tape109\Device\Tape110\Device\Tape111\Device\Tape112\Device\Tape113\Device\Tape114\Device\Tape115\Device\Tape116\Device\Tape117\Device\Tape118\Device\Tape119\Device\Tape120\Device\Tape121\Device\Tape122\Device\Tape123\Device\Tape124\Device\Tape125\Device\Tape126\Device\Tape127\Device\CdRom0\Device\CdRom1\Device\CdRom2\Device\CdRom3\Device\CdRom4\Device\CdRom5\Device\CdRom6\Device\CdRom7\Device\CdRom8\Device\CdRom9\Device\CdRom10\Device\CdRom11\Device\CdRom12\Device\CdRom13\Device\CdRom14\Device\CdRom15\??\COM17\??\COM18\??\COM19\??\COM20\??\COM21\??\COM22\??\COM23\??\COM24\??\COM25\??\COM26\??\COM27\??\COM28\??\COM29\??\COM30\??\COM31\??\COM32\??\COM33\??\COM34\??\COM35\??\COM36\??\COM37\??\COM38\??\COM39\??\COM40\??\COM41\??\COM42\??\COM43\??\COM44\??\COM45\??\COM46\??\COM47\??\COM48\??\COM49\??\COM50\??\COM51\??\COM52\??\COM53\??\COM54\??\COM55\??\COM56\??\COM57\??\COM58\??\COM59\??\COM60\??\COM61\??\COM62\??\COM63\??\COM64\??\COM65\??\COM66\??\COM67\??\COM68\??\COM69\??\COM70\??\COM71\??\COM72\??\COM73\??\COM74\??\COM75\??\COM76\??\COM77\??\COM78\??\COM7
Source: is-0P0FI.tmp.1.drBinary string: \Device\WinDfs\Root\\Device\LanmanRedirector\\Device\NamedPipe\\device\\Device\Afd\Device\Nullsome disk file
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape19
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape18
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape17
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape16
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape15
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape25
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape24
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape23
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape120
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape22
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape21
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape122
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape20
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape121
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape124
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape123
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape126
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape125
Source: is-0P0FI.tmp.1.drBinary string: $a\Device\Null
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape127
Source: is-0P0FI.tmp.1.drBinary string: $a%y = NtCreateFile (%p, dir %W)bool mkdirs(PWCHAR, int)%08X%08Xneeded, since last fork loaded %Wvoid dll_list::update_forkables_needs()%016X%y = NtOpenFile (%p, a %xh, sh %xh, o %xh, io %y, by id %llX)static void* dll_list::ntopenfile(PCWCHAR, NTSTATUS*, ULONG, ACCESS_MASK, HANDLE)%y = NtOpenFile (%p, a %xh, sh %xh, o %xh, io %y, '%W')...%y = NtQueryDirectoryFile (%p, io %y, info %d)void rmdirs(WCHAR*)\var\run\sync on %Wvoid rmdirs_synchronized(WCHAR*, int, int, PFILE_DIRECTORY_INFORMATION, ULONG)@%p = CreateMutexW (%W): %Ecleaning up for mutex %W%d = CloseHandle (%p, %W): %EWARNING: %y = NtQueryInformationFile (%p, InternalInfo, io.Status %y)static bool dll_list::read_fii(HANDLE, PFILE_INTERNAL_INFORMATION)WARNING: Unable (ntstatus %y) to open real file %Wbool dll::stat_real_file_once()WARNING: Unable to read real file attributes for %Wtype %d disable %Wvoid dll::nominate_forkable(PCWCHAR)\%y = NtSetInformationFile (%p, FileLink %W, iosb.Status %y)bool dll::create_forkable()<cygroot>%Wenabledsize_t dll_list::forkable_ntnamesize(dll_type, PCWCHAR, PCWCHAR)disabled, missing or not on NTFS %W.localhardlinks createdbool dll_list::create_forkables()%y = NtCreateFile (%p, %W)bool dll_list::update_forkables()WFSO (%p, %W, inf)...%u = WFSO (%p, %W)cannot wait for mutex %W: %E%d = ReleaseMutex (%p, %W)error locking mutex %W: %Ebool dll_list::close_mutex()%u = WFSO (%p, %W, 1)forkables dir %Wvoid dll_list::prepare_forkables_nomination()forkables mutex %Wcygfork<sid><exe><winthr>HOME\?*[]\Device\NamedPipe\$&h
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape29
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape28
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape27
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape26
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape36
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape35
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape34
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape33
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape32
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape111
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape31
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape110
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape30
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape113
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape112
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape115
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape114
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape117
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape116
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape119
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape118
Source: is-0P0FI.tmp.1.drBinary string: aCannot access path %S, status %ybool fs_info::update(PUNICODE_STRING, HANDLE)Cannot get volume attributes (%S), %yunknown\%c:\%s%csrc '%s', dst '%s'int mount_info::cygdrive_win32_path(const char*, char*, int&)/conv_to_win32_path (%s)int mount_info::conv_to_win32_path(const char*, char*, device&, unsigned int*)win32_device_name (%s)isproc (%s)iscygdrive (%s) mount_table->cygdrive %scygdrive_win32_path (%s)mount_table->cygdrive_len > 1 (%s) mount[%d] .. checking %s -> %s attempt to access outside of chroot '%s - %s'src_path %s, dst %s, flags %y, rc %dno-add-slashconv_to_posix_path (%s, 0x%x, %s)int mount_info::conv_to_posix_path(const char*, char*, int)ENAMETOOLONG%s = conv_to_posix_path (%s)%d = conv_to_posix_path(%s)add-slash\\?\invalid fstab option - '%s'bool fstab_read_flags(char**, unsigned int&, bool)int mount_info::write_cygdrive_info(const char*, unsigned int)%s:%d setting errno %dint __set_errno(const char*, int, int)shortest_native_sorted (subdirs before parents)[%d] %12s %12svoid mount_info::sort()longest_posix_sorted[%d] %12s %12s\/%s[%s], %s[%s], %yint mount_info::add_item(const char*, const char*, unsigned int)/bin\040cygdriveusertemp.d\Try to read mounts from %Wbool mount_info::from_fstab(bool, WCHAR*, PWCHAR)*native_root != '\0'void mount_info::create_root_entry(PWCHAR)/d/a/msys2-build32/msys2-build32/r/msys2-runtime/src/msys2-runtime/winsup/cygwin/mount.ccadd_item ("%s", "/", ...) failed, errno %d\etc\fstabroot_idx %d, user_shared magic %y, nmounts %d:\int mount_info::del_item(const char*, unsigned int)int mount(const char*, const char*, unsigned int)\:%R = mount(%s, %s, %y)int umount(const char*)%R = cygwin_umount(%s, %d)int cygwin_umount(const char*, unsigned int)\Device\CdRomFloppyHarddiskLanmanRedirector\MRxNfs\
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape39
Source: is-0P0FI.tmp.1.drBinary string: \Device\Null
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape38
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape37
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape47
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape46
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape45
Source: is-0P0FI.tmp.1.drBinary string: DeviceIoControl (%S, IOCTL_DISK_GET_PARTITION_INFO{_EX}) %EDeviceIoControl(%S, IOCTL_DISK_GET_DRIVE_LAYOUT{_EX}): %E%5d %5d %9U %s\\?\GLOBALROOT\Device\%S\Partition%u\ %Wcwcsdup would have returned NULLexists (%s)virtual virtual_ftype_t fhandler_proc::exists()get_proc_fhandler(%s)static fh_devices fhandler_proc::get_proc_fhandler(const char*)fstat (%s)virtual int fhandler_proc::fstat(stat*)%s:%d setting errno %dint __set_errno(const char*, int, int).virtual int fhandler_proc::open(int, mode_t)%d = fhandler_proc::open(%y, 0%o)
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape44
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape1
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape43
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape100
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape0
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape42
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape3
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape41
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape102
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape2
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape40
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape101
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy14
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape5
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape104
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy13
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape4
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape103
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape7
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape106
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy15
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape6
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape105
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy10
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape9
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape108
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape8
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape107
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy12
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy11
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape109
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy1
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy0
Source: is-0P0FI.tmp.1.drBinary string: @%p = readdir (%p) (%s)virtual int fhandler_cygdrive::readdir(DIR*, dirent*)cwcsdup would have returned NULLvirtual int fhandler_cygdrive::open(int, mode_t)%s:%d setting errno %dint __set_errno(const char*, int, int)\Device\Harddisk%u\Partition%u%S %yvirtual int fhandler_dev::readdir(DIR*, dirent*)returning %dcwcsdup would have returned NULLvirtual int fhandler_dev::rmdir()%s:%d setting errno %dint __set_errno(const char*, int, int)virtual int fhandler_dev::open(int, mode_t)virtual DIR* fhandler_dev::opendir(int)%p = opendir (%s)%y = NtFsControlFile(%S, FSCTL_SET_SPARSE)virtual int fhandler_disk_file::ftruncate(off_t, bool)/d/a/msys2-build32/msys2-build32/r/msys2-runtime/src/msys2-runtime/winsup/cygwin/fhandler_disk_file.cc%d = closedir(%p, %s)virtual int fhandler_disk_file::closedir(DIR*)cwcsdup would have returned NULLvirtual int fhandler_disk_file::rmdir()%s:%d setting errno %dint __set_errno(const char*, int, int)virtual ssize_t fhandler_disk_file::fgetxattr(const char*, void*, size_t)virtual int fhandler_disk_file::fsetxattr(const char*, const void*, size_t, int)virtual int fhandler_disk_file::link(const char*)file '%S' exists?Opening for removing TEMPORARY attrib failed, status = %yRemoving the TEMPORARY attrib failed, status = %yvirtual DIR* fhandler_disk_file::opendir(int)%p = opendir (%s)%y = NtOpenFile(%S)int fhandler_base::fstat_helper(stat*)%y = NtReadFile(%S)0 = fstat (%S, %p) st_size=%D, st_mode=0%o, st_ino=%Dst_atim=%lx.%lx st_ctim=%lx.%lx st_mtim=%lx.%lx st_birthtim=%lx.%lx%y = NtQueryInformationFile(%S, FileAllInformation)int fhandler_base::fstat_by_handle(stat*)int fhandler_base::fstat_by_name(stat*)%y = NtQueryDirectoryFile(%S)%y = NtFsControlFile(%S, FSCTL_GET_NTFS_VOLUME_DATA)int fhandler_base::fstatvfs_by_handle(HANDLE, statvfs*)%y = NtQueryVolumeInformationFile(%S, FileFsSizeInformation)%y = NtQueryVolumeInformationFile(%S, FileFsFullSizeInformation)%d = fstatvfs(%s, %p)virtual int fhandler_disk_file::fstatvfs(statvfs*)%y = NtOpenFile (%p, %y, %S, io, %y, %y)int fhandler_disk_file::prw_open(bool, void*)virtual ssize_t fhandler_disk_file::pread(void*, size_t, off_t, void*)%d = pread(%p, %ld, %D, %p)
Source: is-0P0FI.tmp.1.drBinary string: aA:B:%s%c%s%c%s%c%sFindFirstVolumeW, %Edos_drive_mappings::dos_drive_mappings()Unable to determine the native mapping for %ls (error %u)\Device\Mup\fsi_locknonevfatexfatntfsrefssmbfsnfsnetappiso9660udfcsc-cacheunixfsmvfscifsnwfsncfsdafsprlfsaclautobinarybindcygexecdosexecihashnoaclnosuidnotexecnouseroverrideposix=0posix=1sparsetextuserethtokloatmwlanslpppptun%s%u:%u%s%up
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy9
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy8
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy7
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy6
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy5
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy4
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy3
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape49
Source: is-0P0FI.tmp.1.drBinary string: \Device\Floppy2
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape48
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape58
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape57
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape56
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape55
Source: is-0P0FI.tmp.1.drBinary string: \Device\Harddisk%u\Partition%u
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape54
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape53
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape52
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape51
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape50
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape59
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape69
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape68
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape67
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape66
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape65
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape64
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape63
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape62
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape61
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape60
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape79
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape78
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom0
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape77
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape76
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom2
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape75
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom1
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape74
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom4
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape73
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom3
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape72
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape71
Source: is-0P0FI.tmp.1.drBinary string: \Device\Tape70
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom11
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom10
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom13
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom12
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom6
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom5
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom8
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom7
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom15
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom9
Source: is-0P0FI.tmp.1.drBinary string: \Device\CdRom14
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: f: \.vbproj$
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: for (var it = new Enumerator(prs.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-78I73.tmp.1.drBinary or memory string: return (wbk.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: f: \.csproj$
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-SU96U.tmp.1.drBinary or memory string: return (doc.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return (prs.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: <li>BugFix:ALL.vs2019.sln cl : command line warning D9035: option &#39;Gm&#39;
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-78I73.tmp.1.drBinary or memory string: for (var it = new Enumerator(wbk.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: <li>BugFix: Plugins\src_VCPP\VCPPPlugins.vs2017.sln can&#39;t open projects
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-SU96U.tmp.1.drBinary or memory string: for (var it = new Enumerator(doc.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: f: \.sln$
Source: classification engineClassification label: clean15.winEXE@11/426@0/0
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B14B0 CLSIDFromProgID,CoCreateInstance,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathIsContentTypeW,PathMatchSpecW,CoGetObject,CoGetObject,ShellExecuteExW,CoGetObject,LoadTypeLib,StrCmpIW,SysFreeString,PathMatchSpecW,FormatMessageW,FormatMessageW,FormatMessageW,LocalFree,LocalFree,LocalFree,MessageBoxW,LocalFree,6_2_005B14B0
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B42B0 LoadLibraryExW,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,6_2_005B42B0
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeMutant created: \Sessions\1\BaseNamedObjects\WinMergeWindowClassW-Default
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\is-HF95R.tmpJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCommand line argument: :\6_2_005B66D0
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile read: C:\Program Files\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeFile read: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe "C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp "C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$20436,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp "C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$20436,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe"Jump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: icu.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: mlang.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: cdp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: icu.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: mlang.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: WinMerge.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files\WinMerge\WinMergeU.exe
Source: User's Guide.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files\WinMerge\Docs\WinMerge.chm
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePluginsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-2Q494.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-AB4CR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-49D4M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImagesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImages\is-CS9M3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImages\is-96KGB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-10V3S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-JU2MR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-H85BR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-8JE44.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-JVB9Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7zJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-VGS3E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-6RILS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-8AOD8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-3Q5AC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\LangJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-E8V58.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UD6PT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IRL8E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FHELA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8EBB0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RBN1M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KH76E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-K5BUD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-JDFNF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MG6R1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MENC1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P32TC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-DO11C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-01LNJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-N0RHV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQOE0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GIFJG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SPDD7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9JS4V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TEEG1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3UTCI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1OFLI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EUQ5Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GA276.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RKJVB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PU4EF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VJL97.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4K9R7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PKQIJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9F7PJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A4HNU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-S8INT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SCC10.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9UNSO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EDUEO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-E9VD0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5ICPD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3731M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7LQUD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UV5E7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FK0UG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-C4LM4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UFTBK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-07BJA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-ET271.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-718BR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4MOF6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2O7O2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4DLTP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L0DOI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-4A1LQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-6KSS7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FD31F.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3T0M2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-J1N08.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3DP3G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-J984S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-27I22.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-46539.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-6PJLL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FJHEN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CLMUB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PTD7L.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HNAUF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FAEPP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GIMGK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VTBA3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-392DM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-T09KQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-70O2M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-0IRRC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8O0N0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HER2G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-JRH28.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EE207.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IHDI8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q81PM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SBJ13.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-33DHC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LCFR4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TJO52.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQPKU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TI0RK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-79BHC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-9AA3C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CPONI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GUMVN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-FOVOP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1SB7D.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P6A6M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TK9IC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-AU4P3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\FiltersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-FNCNS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-42S43.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-LOMSC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-6N9U1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-FNJFI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-9EULG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-N77QE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-A1JNB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-KMDT6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-GGI4M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-BVLTA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-T4POQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-F6A3H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-8UKVC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-AQH9Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-IO4Q6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-PBBPB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-RSHNB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\DocsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-PI6OJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-PGCN6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-C129A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-BMD2A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-QH5MF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-56MFI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-ASUI9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-6EJQ2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-ML646.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-78I73.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-SU96U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-MC8SA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-TNEMF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-M0P5H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-EQOE1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-3QJAR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-U9QM3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-A9BMJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-4O62B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-49CBC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-UOVVP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\FrhedJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\is-2MFA1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\is-935IJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\DocsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-PUD7L.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-93L49.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-4ACJK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-DIQ1I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-F7TDG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\LanguagesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-2MN8C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-O2DB3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-S9C5V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-200EI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-HUG4Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-CCQC7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-U20AJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-PH40M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-QSS6A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-ANPMO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiffJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-3RCE5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-BBDTH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-4KGDL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-O9CED.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-8FE3E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-PRA2U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\CommandsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usrJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\binJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-0P0FI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-1GCQU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-880H6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\shareJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin\is-0GOII.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\docJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\MsysJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-MK4KP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-NUC84.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-K0II3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\infoJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-97RI7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-RFVQ3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licensesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs\is-HQH5N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\manJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1\is-D4SL0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3\is-E25BL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7\is-9M5G8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-2TL7E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-VSMSJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-J16CJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jqJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jq\is-FJVRV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jq\is-E7351.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4cJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-PKEVK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-BHR6Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-OJLM1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-NQKQ9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-0IU8S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUMLJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-6OQG1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-OQGB5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-6NH6U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-TikaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-QBVN2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-6G321.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-DS1S3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\qJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-DOAEN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-N05SV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-C59QH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yqJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-DIATK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-RBRPC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-TPH1A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\dumpbinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\dumpbin\is-F97RA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\ildasmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\ildasm\is-4B0OG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\JavaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-NN7IM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-1L4US.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-P08A3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\is-CPJ9E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMerge_is1Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: certificate valid
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic file information: File size 9992352 > 1048576
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreCommentsC.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-4O62B.tmp.1.dr
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: is-ANPMO.tmp.1.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb! source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: f: \.pdb$ ## VC program database file (debugging symbolic information) source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-BVLTA.tmp.1.dr, is-LOMSC.tmp.1.dr, is-KMDT6.tmp.1.dr
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdbGCTL source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\dev\winmerge\Build\x64\Release\WinMergeContextMenu.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-8JE44.tmp.1.dr
Source: Binary string: E:\dev\winmerge\Build\x64\Release\Merge7z\Merge7z.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-VGS3E.tmp.1.dr
Source: Binary string: C:\dev\WinMerge\winmerge-3pane\stable\Plugins\WinMerge32BitPluginProxy\Release\WinMerge32BitPluginProxy.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000000.1928542746.00000000005C3000.00000002.00000001.01000000.00000009.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreColumns.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsTab.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-UOVVP.tmp.1.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: is-ANPMO.tmp.1.dr
Source: Binary string: E:\dev\winmerge\Externals\winimerge\Build\x64\Release\WinIMerge\WinIMergeLib.pdb source: is-QSS6A.tmp.1.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsComma.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-49CBC.tmp.1.dr
Source: is-AB4CR.tmp.1.drStatic PE information: section name: .didat
Source: is-QSS6A.tmp.1.drStatic PE information: section name: _RDATA
Source: is-PRA2U.tmp.1.drStatic PE information: section name: _RDATA
Source: is-0P0FI.tmp.1.drStatic PE information: section name: /4
Source: is-0P0FI.tmp.1.drStatic PE information: section name: .buildid
Source: is-0P0FI.tmp.1.drStatic PE information: section name: /19
Source: is-0P0FI.tmp.1.drStatic PE information: section name: /38
Source: is-0P0FI.tmp.1.drStatic PE information: section name: .cygheap
Source: is-1GCQU.tmp.1.drStatic PE information: section name: .buildid
Source: is-1GCQU.tmp.1.drStatic PE information: section name: /4
Source: is-880H6.tmp.1.drStatic PE information: section name: .buildid
Source: is-880H6.tmp.1.drStatic PE information: section name: /4
Source: is-FJVRV.tmp.1.drStatic PE information: section name: .eh_fram
Source: is-PKEVK.tmp.1.drStatic PE information: section name: /4
Source: is-BHR6Q.tmp.1.drStatic PE information: section name: /4
Source: is-OJLM1.tmp.1.drStatic PE information: section name: /4
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B9355 push ecx; ret 6_2_005B9368
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B9B64 push ecx; ret 6_2_005B9B77
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\is-PKEVK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Merge7z\is-VGS3E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-JU2MR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Merge7z\7z.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-1GCQU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-10V3S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-2Q494.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Frhed\Languages\is-CCQC7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinWebDiff\is-PRA2U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\tidy-html5\is-VSMSJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\vcomp140.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\is-UOVVP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-880H6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Users\user\AppData\Local\Temp\is-57SIR.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\jq\is-FJVRV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-ANPMO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\is-BHR6Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\is-4O62B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinMergeU.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\ShellExtensionU.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\tidy-html5\is-2TL7E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-H85BR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\is-OJLM1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-8JE44.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\ShellExtensionX64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-AB4CR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-0P0FI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\is-A9BMJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinIMerge\is-QSS6A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\is-49CBC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Frhed\is-935IJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Merge7z\is-6RILS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\jq\jq.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy)Jump to dropped file

Boot Survival

barindex
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow found: window name: progmanJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\WinMerge.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\User's Guide.lnkJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B815B EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_005B815B
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-57SIR.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\jq\is-FJVRV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\is-ANPMO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-BHR6Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-PKEVK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\is-VGS3E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-4O62B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\is-JU2MR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\ShellExtensionU.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\7z.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\is-2TL7E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\is-H85BR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-OJLM1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\is-8JE44.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\ShellExtensionX64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-0P0FI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-1GCQU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-A9BMJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinIMerge\is-QSS6A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-49CBC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinWebDiff\is-PRA2U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\Languages\is-CCQC7.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\is-935IJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\is-6RILS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\is-VSMSJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\vcomp140.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-UOVVP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\jq\jq.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-880H6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: WinMergeU.exe, 00000008.00000003.1942585276.00000213702A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: is-0P0FI.tmp.1.drBinary or memory string: prlfs
Source: is-0P0FI.tmp.1.drBinary or memory string: _ro_u_prlfs
Source: is-0P0FI.tmp.1.drBinary or memory string: aA:B:%s%c%s%c%s%c%sFindFirstVolumeW, %Edos_drive_mappings::dos_drive_mappings()Unable to determine the native mapping for %ls (error %u)\Device\Mup\fsi_locknonevfatexfatntfsrefssmbfsnfsnetappiso9660udfcsc-cacheunixfsmvfscifsnwfsncfsdafsprlfsaclautobinarybindcygexecdosexecihashnoaclnosuidnotexecnouseroverrideposix=0posix=1sparsetextuserethtokloatmwlanslpppptun%s%u:%u%s%up
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B706D IsDebuggerPresent,6_2_005B706D
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005BC624 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,6_2_005BC624
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B7FF7 GetProcessHeap,6_2_005B7FF7
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B99D6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_005B99D6
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B99A5 SetUnhandledExceptionFilter,6_2_005B99A5
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000235A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: progmanQ
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000023A9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: progmanq
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A81000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.00000000053BE000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: progman
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005BB810 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,6_2_005BB810
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 6_2_005B22B0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,6_2_005B22B0
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter
1
Windows Service
1
Windows Service
3
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
2
Process Injection
2
Process Injection
LSASS Memory131
Security Software Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading
1
Registry Run Keys / Startup Folder
1
Deobfuscate/Decode Files or Information
Security Account Manager2
Process Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading
2
Obfuscated Files or Information
NTDS2
System Owner/User Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Regsvr32
LSA Secrets1
File and Directory Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials22
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1541098 Sample: WinMerge-2.16.42.1-x64-Setup.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 15 6 WinMerge-2.16.42.1-x64-Setup.exe 2 2->6         started        file3 21 C:\Users\...\WinMerge-2.16.42.1-x64-Setup.tmp, PE32 6->21 dropped 9 WinMerge-2.16.42.1-x64-Setup.tmp 50 263 6->9         started        process4 file5 23 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 9->23 dropped 25 C:\Program Files\...\vcomp140.dll (copy), PE32+ 9->25 dropped 27 C:\Program Files\...\unins000.exe (copy), PE32 9->27 dropped 29 50 other files (none is malicious) 9->29 dropped 31 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 9->31 13 regsvr32.exe 43 9->13         started        15 WinMergeU.exe 1 9->15         started        17 WinMergeU.exe 9 6 9->17         started        19 WinMerge32BitPluginProxy.exe 23 9->19         started        signatures6 process7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
WinMerge-2.16.42.1-x64-Setup.exe3%ReversingLabs
SourceDetectionScannerLabelLink
C:\Program Files\WinMerge\Commands\jq\is-FJVRV.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\jq\jq.exe (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\is-BHR6Q.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\is-OJLM1.tmp3%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\is-PKEVK.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy)3%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-0P0FI.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-1GCQU.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-880H6.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\tidy-html5\is-2TL7E.tmp3%ReversingLabs
C:\Program Files\WinMerge\Commands\tidy-html5\is-VSMSJ.tmp7%ReversingLabs
C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy)3%ReversingLabs
C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy)7%ReversingLabs
C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy)0%ReversingLabs
C:\Program Files\WinMerge\Frhed\Languages\is-CCQC7.tmp0%ReversingLabs
C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Frhed\is-935IJ.tmp0%ReversingLabs
C:\Program Files\WinMerge\Merge7z\7z.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Merge7z\is-6RILS.tmp0%ReversingLabs
C:\Program Files\WinMerge\Merge7z\is-VGS3E.tmp0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\is-49CBC.tmp0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\is-4O62B.tmp0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\is-A9BMJ.tmp0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\is-UOVVP.tmp0%ReversingLabs
C:\Program Files\WinMerge\ShellExtensionU.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\ShellExtensionX64.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinIMerge\is-QSS6A.tmp0%ReversingLabs
C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe (copy)2%ReversingLabs
C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinMergeU.exe (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinWebDiff\is-PRA2U.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-10V3S.tmp2%ReversingLabs
C:\Program Files\WinMerge\is-2Q494.tmp4%ReversingLabs
C:\Program Files\WinMerge\is-8JE44.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-AB4CR.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-ANPMO.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-H85BR.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-JU2MR.tmp0%ReversingLabs
C:\Program Files\WinMerge\unins000.exe (copy)4%ReversingLabs
C:\Program Files\WinMerge\vcomp140.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-57SIR.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp4%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://www.certum.pl/CPS00%URL Reputationsafe
http://www.innosetup.com/0%URL Reputationsafe
http://crl.certum.pl/ctnca.crl0k0%URL Reputationsafe
http://subca.ocsp-certum.com020%URL Reputationsafe
http://subca.ocsp-certum.com010%URL Reputationsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.gnu.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-3Q5AC.tmp.1.drfalse
    unknown
    http://www.cl.cam.ac.uk/~mgk25/unicode.htmlis-2TL7E.tmp.1.drfalse
      unknown
      https://github.com/htacg/tidy-html5/blob/master/README/LOCALIZE.mdis-2TL7E.tmp.1.drfalse
        unknown
        https://github.com/wvxwxvwWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
          unknown
          https://sourceforge.net/tracker/?group_id=13216&atid=363216WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A52000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A81000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000230B000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000232F000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
            unknown
            http://www.appinf.com/properties/bla-activation-thresholdWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
              unknown
              https://github.com/WinMerge/winmerge-v2/issues/41WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                unknown
                https://stedolan.github.io/jq/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                  unknown
                  https://freeimage.sourceforge.io/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                    unknown
                    https://github.com/WinMerge/winmerge/discussions.WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022DA000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drfalse
                      unknown
                      https://winmerge.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                        unknown
                        https://www.transifex.com/rockytdr/teams/91037/nl/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                          unknown
                          https://github.com/WinMerge/winmergeWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                            unknown
                            https://winmerge.org.WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022C0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                              unknown
                              http://www.html-tidy.org/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                unknown
                                http://dev.w3.org/html5/spec-author-viewis-2TL7E.tmp.1.drfalse
                                  unknown
                                  http://xml.org/sax/features/namespace-prefixesWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
                                    unknown
                                    https://winmerge.org/.WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drfalse
                                      unknown
                                      http://bonedaddy.net/pabs3/files/frhed/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-DIQ1I.tmp.1.drfalse
                                        unknown
                                        http://xml.org/sax/features/string-interningWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
                                          unknown
                                          https://winmerge.orgWinMergeU.exe, WinMerge-2.16.42.1-x64-Setup.exefalse
                                            unknown
                                            http://repository.certum.pl/ccsca2021.cer0WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                              unknown
                                              https://sourceforge.net/tracker/?group_id=13216&atid=113216WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                unknown
                                                https://winmerge.org:WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944302366.00007FF64B5B9000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000000.1937850271.00007FF64B5DE000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941697429.0000022F0F4F0000.00000002.00000001.00040000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2942197391.00007FF64B5B9000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960515008.00007FF64B5DE000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                  unknown
                                                  http://192.168.1.101:3703/soap/WinMerge/Program%20Icons/Splash%20and%20About/concept.psdWinMergeU.exe, 00000009.00000000.1960515008.00007FF64B5DE000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                    unknown
                                                    http://sourceforge.net/tracker/?group_id=13216&atid=113216WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-2MN8C.tmp.1.dr, is-200EI.tmp.1.drfalse
                                                      unknown
                                                      https://jrsoftware.org/isinfo.php)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://github.com/msys2/MSYS2-packages/tree/master/patch)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          unknown
                                                          http://repository.certum.pl/ctsca2021.cer0WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-UOVVP.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                            unknown
                                                            https://ethanschoonover.com/solarized/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-PBBPB.tmp.1.drfalse
                                                              unknown
                                                              https://manual.winmerge.orgWinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://github.com/Patriccollu/Lingua_Corsa-Infurmatica/#readmeWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  https://downzen.comWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    http://www.appinf.com/properties/bla-maximum-amplificationWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://7-zip.org/history.txtWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        http://ccsca2021.ocsp-certum.com05WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                                          unknown
                                                                          https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jaris-6NH6U.tmp.1.drfalse
                                                                            unknown
                                                                            http://www.palkornel.hu/innosetup%1WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zipis-TPH1A.tmp.1.drfalse
                                                                                unknown
                                                                                http://www.certum.pl/CPS0WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://google.github.io/googletest/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  http://www.innosetup.com/WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1684801592.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1685748904.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000000.1686967562.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://WinMerge.org/1WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000B01000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    unknown
                                                                                    https://manual.winmerge.org/index.htmlDocs/WinMerge%s.chmhttps://winmerge.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                      unknown
                                                                                      http://winmerge.org/docs/manual/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        http://www.gnu.org/philosophy/why-not-lgpl.htmlWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000002.1979955099.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-MK4KP.tmp.1.drfalse
                                                                                          unknown
                                                                                          http://crl.certum.pl/ctnca.crl0kWinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://validator.w3.org/nu/is-2TL7E.tmp.1.drfalse
                                                                                            unknown
                                                                                            https://github.com/git/git/tree/master/xdiff)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://cygwin.com/problems.htmlis-0P0FI.tmp.1.drfalse
                                                                                                unknown
                                                                                                https://bugs.winmerge.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  http://frhed.sourceforge.netNWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://github.com/WinMerge/winwebdiff/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://sourceforge.net/forum/?group_id=13216WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A52000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1981836247.0000000004520000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A81000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000230B000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.000000000232F000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://github.com/winmerge/winimergeBis-QSS6A.tmp.1.drfalse
                                                                                                          unknown
                                                                                                          https://manual.winmerge.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.iniWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://forums.winmerge.org/.WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://pocoproject.org/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2011-4997.phpWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0.jaris-DS1S3.tmp.1.drfalse
                                                                                                                      unknown
                                                                                                                      http://www.html-tidy.org/is-2TL7E.tmp.1.drfalse
                                                                                                                        unknown
                                                                                                                        http://frhed.sourceforge.net/DocsWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          http://xml.org/sax/features/validationWinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            http://frhed.sourceforge.net/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-2MN8C.tmp.1.dr, is-S9C5V.tmp.1.dr, is-200EI.tmp.1.drfalse
                                                                                                                              unknown
                                                                                                                              https://github.com/harelba/q/archive/refs/tags/2.0.19.zipis-C59QH.tmp.1.drfalse
                                                                                                                                unknown
                                                                                                                                https://manual.winmerge.org/Quick_start.html.WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drfalse
                                                                                                                                  unknown
                                                                                                                                  https://savannah.gnu.org/projects/patch/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    unknown
                                                                                                                                    http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-amplWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                                                      unknown
                                                                                                                                      https://github.com/htacg/tidy-html5/issues/is-2TL7E.tmp.1.drfalse
                                                                                                                                        unknown
                                                                                                                                        http://www.html-tidy.org/Accessibility/is-2TL7E.tmp.1.drfalse
                                                                                                                                          unknown
                                                                                                                                          https://manual.winmerge.org/.WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drfalse
                                                                                                                                            unknown
                                                                                                                                            http://xml.org/sax/properties/lexical-handlerWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              unknown
                                                                                                                                              http://xml.org/sax/features/string-interning&acQ8WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                http://repository.certum.pl/ctsca2021.cer0AWinMerge-2.16.42.1-x64-Setup.exe, is-QSS6A.tmp.1.dr, is-VGS3E.tmp.1.drfalse
                                                                                                                                                  unknown
                                                                                                                                                  http://www.appinf.com/features/enable-partial-readsWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    unknown
                                                                                                                                                    https://winmerge.orgn#WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, is-8JE44.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                                                                                                                      unknown
                                                                                                                                                      http://crl.certum.pl/ctsca2021.crl0oWinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                                                                                                                        unknown
                                                                                                                                                        https://WinMerge.org/qWinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000B01000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          unknown
                                                                                                                                                          http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUWinMerge-2.16.42.1-x64-Setup.exefalse
                                                                                                                                                            unknown
                                                                                                                                                            https://winmerge.org/translations/http://www.gnu.org/licenses/gpl-2.0.html&ampWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exeis-DOAEN.tmp.1.dr, is-C59QH.tmp.1.drfalse
                                                                                                                                                                unknown
                                                                                                                                                                http://ccsca2021.crl.certum.pl/ccsca2021.crl0sWinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                                                                                                                                  unknown
                                                                                                                                                                  https://github.com/microsoft/wil)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    http://www.geocities.co.jp/SiliconValley-SanJose/8165/winmerge.htmldWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 00000006.00000000.1928580436.00000000005CE000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                                                                      unknown
                                                                                                                                                                      https://github.com/keeleyt83/winmerge-solarized-darkWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, is-PBBPB.tmp.1.drfalse
                                                                                                                                                                        unknown
                                                                                                                                                                        http://xml.org/sax/features/external-parameter-entitiesWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000000.1960338869.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          https://www.boost.org/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            unknown
                                                                                                                                                                            https://frhed.sourceforge.net/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              unknown
                                                                                                                                                                              https://forums.winmerge.orgWinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                unknown
                                                                                                                                                                                https://jrsoftware.org/files/is/license.txt)WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  unknown
                                                                                                                                                                                  https://TamilNeram.github.ioWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    unknown
                                                                                                                                                                                    https://github.com/WinMerge/winmerge/issuesWinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972990968.0000000005421000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1972435555.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, is-PI6OJ.tmp.1.drfalse
                                                                                                                                                                                      unknown
                                                                                                                                                                                      http://subca.ocsp-certum.com05WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                                                                                                                                                        unknown
                                                                                                                                                                                        https://gyazo.com/f5f267546db27f2dc801c00df8cb4251WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006F60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          unknown
                                                                                                                                                                                          http://subca.ocsp-certum.com02WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                          unknown
                                                                                                                                                                                          https://github.com/WinMerge/winmerge/discussionsWinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1683218864.0000000002430000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.00000000009D0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1982611131.0000000000A21000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1974215412.0000000005295000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1688024923.00000000031F0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1977828930.00000000022DA000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            unknown
                                                                                                                                                                                            http://subca.ocsp-certum.com01WinMerge-2.16.42.1-x64-Setup.exe, is-UOVVP.tmp.1.dr, is-QSS6A.tmp.1.dr, is-8JE44.tmp.1.dr, is-4O62B.tmp.1.dr, is-VGS3E.tmp.1.dr, is-49CBC.tmp.1.dr, is-JU2MR.tmp.1.drfalse
                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                            unknown
                                                                                                                                                                                            http://home.c2i.net/freewaretips/WinMerge-2.16.42.1-x64-Setup.tmp, 00000001.00000003.1961541983.0000000006560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              http://xml.org/sax/features/external-parameter-entitiesonWinMergeU.exe, 00000008.00000002.1943280790.0000021370240000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 00000009.00000002.2941495451.0000022F0F269000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                unknown
                                                                                                                                                                                                No contacted IP infos
                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                Analysis ID:1541098
                                                                                                                                                                                                Start date and time:2024-10-24 12:19:05 +02:00
                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                Overall analysis duration:0h 7m 5s
                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                Number of analysed new started processes analysed:12
                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                Sample name:WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                Detection:CLEAN
                                                                                                                                                                                                Classification:clean15.winEXE@11/426@0/0
                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                • Successful, ratio: 33.3%
                                                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                • Execution Graph export aborted for target WinMergeU.exe, PID 7768 because there are no executed function
                                                                                                                                                                                                • Execution Graph export aborted for target WinMergeU.exe, PID 7880 because there are no executed function
                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                • VT rate limit hit for: WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                No simulations
                                                                                                                                                                                                No context
                                                                                                                                                                                                No context
                                                                                                                                                                                                No context
                                                                                                                                                                                                No context
                                                                                                                                                                                                No context
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3296
                                                                                                                                                                                                Entropy (8bit):4.953606607027543
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:14rrsrKsmS1D8WHtoDs0h52ruartw0C2kVbP8:oyKs5D8WHtks0+w0NUP8
                                                                                                                                                                                                MD5:F3F3BE2EF194CD2B9F88B966C175ECB1
                                                                                                                                                                                                SHA1:A03AFB14C404E7DA1789A351A82E16BFF9A55B9D
                                                                                                                                                                                                SHA-256:42B6C2B3B6A7732A70B203A183FCAA67D49C6ACF9200E2990153CFDB6087729A
                                                                                                                                                                                                SHA-512:12627A31A495801B3924D722B85A6AA7A5C3F3B961D29EEA69E03DD48DE35CD0E83FCAAAE5D09EF2A81E111750AC4E1C602CF88CD755402E9C90F8C5312FBED4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:; Default color scheme..[WinMerge]..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=1..DefaultSyntaxColors/Bold08=0..DefaultSyntaxColors/Bold09=0..DefaultSyntaxColors/Bold10=0..DefaultSyntaxColors/Bold11=0..DefaultSyntaxColors/Bold12=0..DefaultSyntaxColors/Bold13=0..DefaultSyntaxColors/Bold14=0..DefaultSyntaxColors/Bold15=0..DefaultSyntaxColors/Bold16=0..DefaultSyntaxColors/Bold17=0..DefaultSyntaxColors/Bold18=0..DefaultSyntaxColors/Bold19=0..DefaultSyntaxColors/Bold20=0..DefaultSyntaxColors/Bold21=0..DefaultSyntaxColors/Bold22=0..DefaultSyntaxColors/Bold23=0..DefaultSyntaxColors/Bold24=0..DefaultSyntaxColors/Bold25=0..DefaultSyntaxColors/Color00=128..DefaultSyntaxColors/Color01=16777215..DefaultSyntaxColors/Color02=16777215..DefaultSyntaxColors/Color03=0..DefaultSyntaxColors/Color04=15790320..Defaul
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4443
                                                                                                                                                                                                Entropy (8bit):5.027589992711696
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:sJfqYanBS4wrsr7rDZ4YCJ5PAyworJQpv0y4YWvEesY1u:sJSY5y7rFNWqywoJQpv0pu
                                                                                                                                                                                                MD5:D115601A8E7DD986773093AAB2A4EA5D
                                                                                                                                                                                                SHA1:E95902DDFCFCC682342B69B062098B41291F503F
                                                                                                                                                                                                SHA-256:A92AB161604C755B5F0843B1D236D9F61415805009EFCF3714D2F150885F2B7C
                                                                                                                                                                                                SHA-512:72B0432A695692EF027AF363B79ECA7063FDDD6BB698D195F53B2BE5FBEE3ADF498EFE9329D128C66CDD270AC64A42069165E25CA74B804C723A5EDD793FF327
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:; Midnight color scheme for WinMerge..; based on https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.ini..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=0..Default
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3292
                                                                                                                                                                                                Entropy (8bit):4.970618597996134
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:T4rrsrKsmS15d5toDsyChiX2ouarnw0i2kVT6ARw:CyKs55d5tksyCMZw0ti60w
                                                                                                                                                                                                MD5:8C7DE2E14FE99A29AD82641A284B98D3
                                                                                                                                                                                                SHA1:13227E1CF6DF8B3B9D4E781878C5D95AC4547A9E
                                                                                                                                                                                                SHA-256:414B866B3842C81CDB69BF6122290EAAD1B9B92C808C74C9D2594CA434414B2A
                                                                                                                                                                                                SHA-512:B46DCAEB5B6AC0BFE50982B536BD9366B817571ED9B68F28D99A15A9D3D2FDC3DB108E691A1A2588C91F3BF1219C33640CE172C46FF6FCC712B1D299AAE68F73
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Modern color scheme..[WinMerge]..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=1..DefaultSyntaxColors/Bold08=0..DefaultSyntaxColors/Bold09=0..DefaultSyntaxColors/Bold10=0..DefaultSyntaxColors/Bold11=0..DefaultSyntaxColors/Bold12=0..DefaultSyntaxColors/Bold13=0..DefaultSyntaxColors/Bold14=0..DefaultSyntaxColors/Bold15=0..DefaultSyntaxColors/Bold16=0..DefaultSyntaxColors/Bold17=0..DefaultSyntaxColors/Bold18=0..DefaultSyntaxColors/Bold19=0..DefaultSyntaxColors/Bold20=0..DefaultSyntaxColors/Bold21=0..DefaultSyntaxColors/Bold22=0..DefaultSyntaxColors/Bold23=0..DefaultSyntaxColors/Bold24=0..DefaultSyntaxColors/Bold25=0..DefaultSyntaxColors/Color00=128..DefaultSyntaxColors/Color01=16777215..DefaultSyntaxColors/Color02=16777215..DefaultSyntaxColors/Color03=0..DefaultSyntaxColors/Color04=15790320..Default
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4462
                                                                                                                                                                                                Entropy (8bit):5.047327965780355
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:tZ/87qYanBS4wrsr7loaJ6Z4YCJ5PANOorJg/24YWvEesY1Z:f/nY5y7NJqNWq0oJS1Z
                                                                                                                                                                                                MD5:86DA96C31DE45378C6B54AA540CB3AE8
                                                                                                                                                                                                SHA1:F2385877CECDD6EB0C67717B2907E173BC9BB9F1
                                                                                                                                                                                                SHA-256:33E15871C1FF8A916E19A98F98A462CBCA30AF742FE9F25AF27E4B06C589BD89
                                                                                                                                                                                                SHA-512:C333637BFF4CAA0225C166EBC1D2A8111F4196D7290B8FF2C72E79C5461B282DC293DB992DB98C17D288C904A17CBD4E8377456DAA1C19DBB1B90867754E2499
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Solarized Dark color scheme for WinMerge..; based on https://ethanschoonover.com/solarized/ and https://github.com/keeleyt83/winmerge-solarized-dark..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColor
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4455
                                                                                                                                                                                                Entropy (8bit):5.016370079593731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:rZ/87qYanBS4wrsrZ59T4YCJFPATPonDldbSsHYD+cSJ1Xd:N/nY5yZ59TNWGTP0DlFHXd
                                                                                                                                                                                                MD5:25F27428EAA350C782C498D38B4826DC
                                                                                                                                                                                                SHA1:A249BE6F8BB34031D25A5941985D682DDAC7037F
                                                                                                                                                                                                SHA-256:572536317AC754013F3B0F291082E68397B1569A2EE75878697E2D7D26FD3ABA
                                                                                                                                                                                                SHA-512:E2504D6F741E0A4D47A6AC53B4F95A40F4B25B39ABAB3EEC67FBDE6838A89C1CE844B9993239C5B666EA7CEFE693C94020EFB84D0999ACCB1B75FDE99D59E720
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Solarized Light color scheme for WinMerge..; based on https://ethanschoonover.com/solarized/ and https://github.com/keeleyt83/winmerge-solarized-dark..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColo
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3296
                                                                                                                                                                                                Entropy (8bit):4.953606607027543
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:14rrsrKsmS1D8WHtoDs0h52ruartw0C2kVbP8:oyKs5D8WHtks0+w0NUP8
                                                                                                                                                                                                MD5:F3F3BE2EF194CD2B9F88B966C175ECB1
                                                                                                                                                                                                SHA1:A03AFB14C404E7DA1789A351A82E16BFF9A55B9D
                                                                                                                                                                                                SHA-256:42B6C2B3B6A7732A70B203A183FCAA67D49C6ACF9200E2990153CFDB6087729A
                                                                                                                                                                                                SHA-512:12627A31A495801B3924D722B85A6AA7A5C3F3B961D29EEA69E03DD48DE35CD0E83FCAAAE5D09EF2A81E111750AC4E1C602CF88CD755402E9C90F8C5312FBED4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Default color scheme..[WinMerge]..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=1..DefaultSyntaxColors/Bold08=0..DefaultSyntaxColors/Bold09=0..DefaultSyntaxColors/Bold10=0..DefaultSyntaxColors/Bold11=0..DefaultSyntaxColors/Bold12=0..DefaultSyntaxColors/Bold13=0..DefaultSyntaxColors/Bold14=0..DefaultSyntaxColors/Bold15=0..DefaultSyntaxColors/Bold16=0..DefaultSyntaxColors/Bold17=0..DefaultSyntaxColors/Bold18=0..DefaultSyntaxColors/Bold19=0..DefaultSyntaxColors/Bold20=0..DefaultSyntaxColors/Bold21=0..DefaultSyntaxColors/Bold22=0..DefaultSyntaxColors/Bold23=0..DefaultSyntaxColors/Bold24=0..DefaultSyntaxColors/Bold25=0..DefaultSyntaxColors/Color00=128..DefaultSyntaxColors/Color01=16777215..DefaultSyntaxColors/Color02=16777215..DefaultSyntaxColors/Color03=0..DefaultSyntaxColors/Color04=15790320..Defaul
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4443
                                                                                                                                                                                                Entropy (8bit):5.027589992711696
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:sJfqYanBS4wrsr7rDZ4YCJ5PAyworJQpv0y4YWvEesY1u:sJSY5y7rFNWqywoJQpv0pu
                                                                                                                                                                                                MD5:D115601A8E7DD986773093AAB2A4EA5D
                                                                                                                                                                                                SHA1:E95902DDFCFCC682342B69B062098B41291F503F
                                                                                                                                                                                                SHA-256:A92AB161604C755B5F0843B1D236D9F61415805009EFCF3714D2F150885F2B7C
                                                                                                                                                                                                SHA-512:72B0432A695692EF027AF363B79ECA7063FDDD6BB698D195F53B2BE5FBEE3ADF498EFE9329D128C66CDD270AC64A42069165E25CA74B804C723A5EDD793FF327
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Midnight color scheme for WinMerge..; based on https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.ini..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=0..Default
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3292
                                                                                                                                                                                                Entropy (8bit):4.970618597996134
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:T4rrsrKsmS15d5toDsyChiX2ouarnw0i2kVT6ARw:CyKs55d5tksyCMZw0ti60w
                                                                                                                                                                                                MD5:8C7DE2E14FE99A29AD82641A284B98D3
                                                                                                                                                                                                SHA1:13227E1CF6DF8B3B9D4E781878C5D95AC4547A9E
                                                                                                                                                                                                SHA-256:414B866B3842C81CDB69BF6122290EAAD1B9B92C808C74C9D2594CA434414B2A
                                                                                                                                                                                                SHA-512:B46DCAEB5B6AC0BFE50982B536BD9366B817571ED9B68F28D99A15A9D3D2FDC3DB108E691A1A2588C91F3BF1219C33640CE172C46FF6FCC712B1D299AAE68F73
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Modern color scheme..[WinMerge]..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=1..DefaultSyntaxColors/Bold08=0..DefaultSyntaxColors/Bold09=0..DefaultSyntaxColors/Bold10=0..DefaultSyntaxColors/Bold11=0..DefaultSyntaxColors/Bold12=0..DefaultSyntaxColors/Bold13=0..DefaultSyntaxColors/Bold14=0..DefaultSyntaxColors/Bold15=0..DefaultSyntaxColors/Bold16=0..DefaultSyntaxColors/Bold17=0..DefaultSyntaxColors/Bold18=0..DefaultSyntaxColors/Bold19=0..DefaultSyntaxColors/Bold20=0..DefaultSyntaxColors/Bold21=0..DefaultSyntaxColors/Bold22=0..DefaultSyntaxColors/Bold23=0..DefaultSyntaxColors/Bold24=0..DefaultSyntaxColors/Bold25=0..DefaultSyntaxColors/Color00=128..DefaultSyntaxColors/Color01=16777215..DefaultSyntaxColors/Color02=16777215..DefaultSyntaxColors/Color03=0..DefaultSyntaxColors/Color04=15790320..Default
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4462
                                                                                                                                                                                                Entropy (8bit):5.047327965780355
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:tZ/87qYanBS4wrsr7loaJ6Z4YCJ5PANOorJg/24YWvEesY1Z:f/nY5y7NJqNWq0oJS1Z
                                                                                                                                                                                                MD5:86DA96C31DE45378C6B54AA540CB3AE8
                                                                                                                                                                                                SHA1:F2385877CECDD6EB0C67717B2907E173BC9BB9F1
                                                                                                                                                                                                SHA-256:33E15871C1FF8A916E19A98F98A462CBCA30AF742FE9F25AF27E4B06C589BD89
                                                                                                                                                                                                SHA-512:C333637BFF4CAA0225C166EBC1D2A8111F4196D7290B8FF2C72E79C5461B282DC293DB992DB98C17D288C904A17CBD4E8377456DAA1C19DBB1B90867754E2499
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Solarized Dark color scheme for WinMerge..; based on https://ethanschoonover.com/solarized/ and https://github.com/keeleyt83/winmerge-solarized-dark..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColor
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4455
                                                                                                                                                                                                Entropy (8bit):5.016370079593731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:rZ/87qYanBS4wrsrZ59T4YCJFPATPonDldbSsHYD+cSJ1Xd:N/nY5yZ59TNWGTP0DlFHXd
                                                                                                                                                                                                MD5:25F27428EAA350C782C498D38B4826DC
                                                                                                                                                                                                SHA1:A249BE6F8BB34031D25A5941985D682DDAC7037F
                                                                                                                                                                                                SHA-256:572536317AC754013F3B0F291082E68397B1569A2EE75878697E2D7D26FD3ABA
                                                                                                                                                                                                SHA-512:E2504D6F741E0A4D47A6AC53B4F95A40F4B25B39ABAB3EEC67FBDE6838A89C1CE844B9993239C5B666EA7CEFE693C94020EFB84D0999ACCB1B75FDE99D59E720
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Solarized Light color scheme for WinMerge..; based on https://ethanschoonover.com/solarized/ and https://github.com/keeleyt83/winmerge-solarized-dark..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColo
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11560
                                                                                                                                                                                                Entropy (8bit):4.476377058372447
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:qf9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SHfH2:kOu9b01DY/rGBt+dc+aclkT8SH+
                                                                                                                                                                                                MD5:D273D63619C9AEAF15CDAF76422C4F87
                                                                                                                                                                                                SHA1:47B573E3824CD5E02A1A3AE99E2735B49E0256E4
                                                                                                                                                                                                SHA-256:3DDF9BE5C28FE27DAD143A5DC76EEA25222AD1DD68934A047064E56ED2FA40C5
                                                                                                                                                                                                SHA-512:4CC5A12BFE984C0A50BF7943E2D70A948D520EF423677C77629707AACE3A95AA378D205DE929105D644680679E70EF2449479B360AD44896B75BAFED66613272
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, or
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):172
                                                                                                                                                                                                Entropy (8bit):4.385751602724727
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8YIE/0CmuMrK7JrIN8eR6YIE/0CmuMrK7JrIN1jXW:2YIE/Cr2J3tYIE/Cr2Jz
                                                                                                                                                                                                MD5:4C2EB685B3982ABBE151AFFB25C9FBF7
                                                                                                                                                                                                SHA1:EAD6F3B90A94C22E364877AAD2C58A3F250BEA04
                                                                                                                                                                                                SHA-256:D8B42A26532D755EDFFE2CE3305287F17C1BA381714FCA047C7303D33DA22E3C
                                                                                                                                                                                                SHA-512:49667E65B2211A64A5F99DC5A23A5A240E13ADEB68B9529B1EE83B68DE7EE6FFEF6E40CD3A246ACB3ACEBE4957E404836A2293D54D864FCA243890919F47670E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0.jar..https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0-sources.jar..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11560
                                                                                                                                                                                                Entropy (8bit):4.476377058372447
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:qf9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SHfH2:kOu9b01DY/rGBt+dc+aclkT8SH+
                                                                                                                                                                                                MD5:D273D63619C9AEAF15CDAF76422C4F87
                                                                                                                                                                                                SHA1:47B573E3824CD5E02A1A3AE99E2735B49E0256E4
                                                                                                                                                                                                SHA-256:3DDF9BE5C28FE27DAD143A5DC76EEA25222AD1DD68934A047064E56ED2FA40C5
                                                                                                                                                                                                SHA-512:4CC5A12BFE984C0A50BF7943E2D70A948D520EF423677C77629707AACE3A95AA378D205DE929105D644680679E70EF2449479B360AD44896B75BAFED66613272
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, or
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):172
                                                                                                                                                                                                Entropy (8bit):4.385751602724727
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8YIE/0CmuMrK7JrIN8eR6YIE/0CmuMrK7JrIN1jXW:2YIE/Cr2J3tYIE/Cr2Jz
                                                                                                                                                                                                MD5:4C2EB685B3982ABBE151AFFB25C9FBF7
                                                                                                                                                                                                SHA1:EAD6F3B90A94C22E364877AAD2C58A3F250BEA04
                                                                                                                                                                                                SHA-256:D8B42A26532D755EDFFE2CE3305287F17C1BA381714FCA047C7303D33DA22E3C
                                                                                                                                                                                                SHA-512:49667E65B2211A64A5F99DC5A23A5A240E13ADEB68B9529B1EE83B68DE7EE6FFEF6E40CD3A246ACB3ACEBE4957E404836A2293D54D864FCA243890919F47670E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0.jar..https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0-sources.jar..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1412
                                                                                                                                                                                                Entropy (8bit):5.53181397287856
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wK68ohH0s/rz47WfJNTtxD2oXk/H3m1nLeL1biUv:BoVrzDJhurH3m1ihv
                                                                                                                                                                                                MD5:4B90210168CF75E589B77D9C5E00513B
                                                                                                                                                                                                SHA1:649294F9025977ADF595D9362BB29B6EBFF71030
                                                                                                                                                                                                SHA-256:A4F2ED630AF0A9FF5FB444A1A8505557C019DD523548E1109E1488EDD305D9A3
                                                                                                                                                                                                SHA-512:BA37B5C9E0008D6451C1EEDFE87B6393412ED78A7C374DBDDD73E7FC305D6E6CDE45CB3A419A77B87D81656F0443D8BCBD28BBD8B5890D25A7995FC91E21CEF4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal EnableDelayedExpansion..set TikaVer=2.6.0..set TikaJar=tika-app-%TikaVer%.jar..set DOWNLOAD_URL=https://repo1.maven.org/maven2/org/apache/tika/tika-app/%TikaVer%/%TikaJar%..set TIKA_PATH=Commands\Apache-Tika\%TikaJar%..set MESSAGE='Apache Tika is not installed. Do you want to download it from %DOWNLOAD_URL%'..set TITLE='Apache Tika Plugin'..set TIKA_SHA256=fa289b58a5c1bb531ace78324625512a9448aa8472b5eb88b65988964048815a....cd "%APPDATA%\WinMerge"..if not exist %TIKA_PATH% (.. cd "%~dp0..\..".. if not exist %TIKA_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%TIKA_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebR
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1412
                                                                                                                                                                                                Entropy (8bit):5.53181397287856
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wK68ohH0s/rz47WfJNTtxD2oXk/H3m1nLeL1biUv:BoVrzDJhurH3m1ihv
                                                                                                                                                                                                MD5:4B90210168CF75E589B77D9C5E00513B
                                                                                                                                                                                                SHA1:649294F9025977ADF595D9362BB29B6EBFF71030
                                                                                                                                                                                                SHA-256:A4F2ED630AF0A9FF5FB444A1A8505557C019DD523548E1109E1488EDD305D9A3
                                                                                                                                                                                                SHA-512:BA37B5C9E0008D6451C1EEDFE87B6393412ED78A7C374DBDDD73E7FC305D6E6CDE45CB3A419A77B87D81656F0443D8BCBD28BBD8B5890D25A7995FC91E21CEF4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal EnableDelayedExpansion..set TikaVer=2.6.0..set TikaJar=tika-app-%TikaVer%.jar..set DOWNLOAD_URL=https://repo1.maven.org/maven2/org/apache/tika/tika-app/%TikaVer%/%TikaJar%..set TIKA_PATH=Commands\Apache-Tika\%TikaJar%..set MESSAGE='Apache Tika is not installed. Do you want to download it from %DOWNLOAD_URL%'..set TITLE='Apache Tika Plugin'..set TIKA_SHA256=fa289b58a5c1bb531ace78324625512a9448aa8472b5eb88b65988964048815a....cd "%APPDATA%\WinMerge"..if not exist %TIKA_PATH% (.. cd "%~dp0..\..".. if not exist %TIKA_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%TIKA_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebR
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):591
                                                                                                                                                                                                Entropy (8bit):5.2663802680458724
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:NagoNvM8k22Xj1+/8rAN2im6KbGzzSy4kNny08QYZ4/pG4zGhD:UdNvejwHzm4nbYcpsD
                                                                                                                                                                                                MD5:82DA83A68C008148451B3D08B8669F31
                                                                                                                                                                                                SHA1:DB0A2E90B639D4E325BFFC10DA5681978ECF8015
                                                                                                                                                                                                SHA-256:305E7BAF0F1FDA179EED96DF406473AE277D29FC0D07A6923642A722C7F51291
                                                                                                                                                                                                SHA-512:48CE355F1705DE628F536C71C681761554DC45A6777CF37851E61B9B5BCA1F0589A54FB0A6C8B59F25B20F0621E41FE7C72C93F74D6F6CB3C5626BD11BA1505C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..for %%i in (Apache-Tika Java PlantUML q yq) do (.. for /F "tokens=1,2" %%j in ('type %%i\URL.txt') do (.. echo Downloading %%j.. mkdir "%APPDATA%\WinMerge\Commands\%%i" 2> NUL.. powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri %%j -UseBasicParsing -Outfile '%APPDATA%\WinMerge\Commands\%%i\%%~nxj'".. if not "%%k" == "" (.. powershell -command "Expand-Archive -Path '%APPDATA%\WinMerge\Commands\%%i\%%~nxj' -DestinationPath '%APPDATA%\WinMerge\Commands\%%i\%%k' -Force".. ).. )..)..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19621
                                                                                                                                                                                                Entropy (8bit):4.713551169280443
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:L4rCnitDdE+6phYqIdM3HesZ/8oMPbHDESEUfn/j:Ue05ERLOwjCHDESEUfnb
                                                                                                                                                                                                MD5:BB65CC9158C09770485DA8ED1A1D7F6B
                                                                                                                                                                                                SHA1:4A81E8F3AB5662F8AC79DB1BA44963E962CC9384
                                                                                                                                                                                                SHA-256:B71B9AC72F1B646D1BAF99EBE68C2AFA040C8874D76F7C393E92A02287B90E8E
                                                                                                                                                                                                SHA-512:2DAA6947426D194088CDC15E1C9AC249CDC43376F93018B3181423D444FC6BBD80D943696B3A523A188B671C220C2714CD67618D3D8FBF9257A3B8014B769207
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:The GNU General Public License (GPL)....Version 2, June 1991....Copyright (C) 1989, 1991 Free Software Foundation, Inc...51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA....Everyone is permitted to copy and distribute verbatim copies of this license..document, but changing it is not allowed.....Preamble....The licenses for most software are designed to take away your freedom to share..and change it. By contrast, the GNU General Public License is intended to..guarantee your freedom to share and change free software--to make sure the..software is free for all its users. This General Public License applies to..most of the Free Software Foundation's software and to any other program whose..authors commit to using it. (Some other Free Software Foundation software is..covered by the GNU Library General Public License instead.) You can apply it to..your programs, too.....When we speak of free software, we are referring to freedom, not price. Our..General Public Licenses are desi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):192
                                                                                                                                                                                                Entropy (8bit):5.130781430824907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8SEl82LzqhLVLXszhblZooVmKKq7TVSLBncSlWtEd6VALB7hfD4RigP4puKkCv:2SKEhjKDh9K6TVMTWusVALB7hL40Fpu6
                                                                                                                                                                                                MD5:1FAD3B40E857109BC79FD54FAEFCE288
                                                                                                                                                                                                SHA1:FAF5451A8EA6978E0740D89A545323EA4611085E
                                                                                                                                                                                                SHA-256:B86C62DC32A2CA49995E5BBB8E7B6267FB7AFE4C8D9321C1C91C5FBF7F87D91D
                                                                                                                                                                                                SHA-512:1ED4AF0054838A641C87A9901B9FE0ED3967F3EB6A8B86C479E12437778BB3E5F4DBB45348572643218A749B43436D5E2612E456AB101BB19231A0B5E349159C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://download.java.net/java/GA/jdk19.0.2/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-19.0.2_windows-x64_bin.zip ...https://github.com/openjdk/jdk19u/archive/refs/tags/jdk-19.0.2-ga.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19621
                                                                                                                                                                                                Entropy (8bit):4.713551169280443
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:L4rCnitDdE+6phYqIdM3HesZ/8oMPbHDESEUfn/j:Ue05ERLOwjCHDESEUfnb
                                                                                                                                                                                                MD5:BB65CC9158C09770485DA8ED1A1D7F6B
                                                                                                                                                                                                SHA1:4A81E8F3AB5662F8AC79DB1BA44963E962CC9384
                                                                                                                                                                                                SHA-256:B71B9AC72F1B646D1BAF99EBE68C2AFA040C8874D76F7C393E92A02287B90E8E
                                                                                                                                                                                                SHA-512:2DAA6947426D194088CDC15E1C9AC249CDC43376F93018B3181423D444FC6BBD80D943696B3A523A188B671C220C2714CD67618D3D8FBF9257A3B8014B769207
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:The GNU General Public License (GPL)....Version 2, June 1991....Copyright (C) 1989, 1991 Free Software Foundation, Inc...51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA....Everyone is permitted to copy and distribute verbatim copies of this license..document, but changing it is not allowed.....Preamble....The licenses for most software are designed to take away your freedom to share..and change it. By contrast, the GNU General Public License is intended to..guarantee your freedom to share and change free software--to make sure the..software is free for all its users. This General Public License applies to..most of the Free Software Foundation's software and to any other program whose..authors commit to using it. (Some other Free Software Foundation software is..covered by the GNU Library General Public License instead.) You can apply it to..your programs, too.....When we speak of free software, we are referring to freedom, not price. Our..General Public Licenses are desi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1752
                                                                                                                                                                                                Entropy (8bit):5.632944793459951
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:CPh6qPIeNjI2hNjK47WAOYxD2oXk/H3m9OW/pVeJyrG0YmrX00dly:CPbPVnhNjJWJprH3m8xqA
                                                                                                                                                                                                MD5:172823718D38E1C2DA94577B0E086DDB
                                                                                                                                                                                                SHA1:DBD2568AB948B43591E6E134EAB0040C883E4FCD
                                                                                                                                                                                                SHA-256:2119D62CF4404EDC18D35E22EDB66C4B7B516DC142114E3BD149845083062F48
                                                                                                                                                                                                SHA-512:EB0C249D047857F521B4D9A4095926B12D6E99B4BCABBBDA25487930E62FB11588645D31F1571206A5EC0F8AB0E8D2F64D59C9442A491338C61D9B8E7C36AB5E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..where /q java.exe..if %ERRORLEVEL% == 0 (.. java %*.. goto :eof..)....setlocal EnableDelayedExpansion..set OpenJDKVer=19.0.2..set DOWNLOAD_URL=https://download.java.net/java/GA/jdk%OpenJDKVer%/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-%OpenJDKVer%_windows-x64_bin.zip..set DOWNLOAD_DIR=Commands\Java..set DOWNLOAD_PATH=Commands\Java\openjdk-%OpenJDKVer%_windows-x64_bin.zip..set OPENJDK_JAVA_PATH=Commands\Java\jdk-%OpenJDKVer%\bin\java.exe..set MESSAGE='OpenJDK is not installed. Do you want to download it from %DOWNLOAD_URL%'..set TITLE='OpenJDK'..set OPENJDK_SHA256=9f70eba3f2631674a2d7d3aa01150d697f68be16ad76662ff948d7fe1b4985d8....cd "%APPDATA%\WinMerge"..if not exist %OPENJDK_JAVA_PATH% (.. cd "%~dp0..\..".. if not exist %OPENJDK_JAVA_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. pushd "%APPDATA%\WinMerge".. for %%i in (%OPENJDK_JAVA_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):192
                                                                                                                                                                                                Entropy (8bit):5.130781430824907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8SEl82LzqhLVLXszhblZooVmKKq7TVSLBncSlWtEd6VALB7hfD4RigP4puKkCv:2SKEhjKDh9K6TVMTWusVALB7hL40Fpu6
                                                                                                                                                                                                MD5:1FAD3B40E857109BC79FD54FAEFCE288
                                                                                                                                                                                                SHA1:FAF5451A8EA6978E0740D89A545323EA4611085E
                                                                                                                                                                                                SHA-256:B86C62DC32A2CA49995E5BBB8E7B6267FB7AFE4C8D9321C1C91C5FBF7F87D91D
                                                                                                                                                                                                SHA-512:1ED4AF0054838A641C87A9901B9FE0ED3967F3EB6A8B86C479E12437778BB3E5F4DBB45348572643218A749B43436D5E2612E456AB101BB19231A0B5E349159C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://download.java.net/java/GA/jdk19.0.2/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-19.0.2_windows-x64_bin.zip ...https://github.com/openjdk/jdk19u/archive/refs/tags/jdk-19.0.2-ga.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1752
                                                                                                                                                                                                Entropy (8bit):5.632944793459951
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:CPh6qPIeNjI2hNjK47WAOYxD2oXk/H3m9OW/pVeJyrG0YmrX00dly:CPbPVnhNjJWJprH3m8xqA
                                                                                                                                                                                                MD5:172823718D38E1C2DA94577B0E086DDB
                                                                                                                                                                                                SHA1:DBD2568AB948B43591E6E134EAB0040C883E4FCD
                                                                                                                                                                                                SHA-256:2119D62CF4404EDC18D35E22EDB66C4B7B516DC142114E3BD149845083062F48
                                                                                                                                                                                                SHA-512:EB0C249D047857F521B4D9A4095926B12D6E99B4BCABBBDA25487930E62FB11588645D31F1571206A5EC0F8AB0E8D2F64D59C9442A491338C61D9B8E7C36AB5E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..where /q java.exe..if %ERRORLEVEL% == 0 (.. java %*.. goto :eof..)....setlocal EnableDelayedExpansion..set OpenJDKVer=19.0.2..set DOWNLOAD_URL=https://download.java.net/java/GA/jdk%OpenJDKVer%/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-%OpenJDKVer%_windows-x64_bin.zip..set DOWNLOAD_DIR=Commands\Java..set DOWNLOAD_PATH=Commands\Java\openjdk-%OpenJDKVer%_windows-x64_bin.zip..set OPENJDK_JAVA_PATH=Commands\Java\jdk-%OpenJDKVer%\bin\java.exe..set MESSAGE='OpenJDK is not installed. Do you want to download it from %DOWNLOAD_URL%'..set TITLE='OpenJDK'..set OPENJDK_SHA256=9f70eba3f2631674a2d7d3aa01150d697f68be16ad76662ff948d7fe1b4985d8....cd "%APPDATA%\WinMerge"..if not exist %OPENJDK_JAVA_PATH% (.. cd "%~dp0..\..".. if not exist %OPENJDK_JAVA_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. pushd "%APPDATA%\WinMerge".. for %%i in (%OPENJDK_JAVA_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):184
                                                                                                                                                                                                Entropy (8bit):4.588723046130315
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEdlJisjistkCmCVnumMVAuR6tEdlJisjistkCmCVnumMVrKCXW:2uNiKsCBlMAuNiKsCBlMA5
                                                                                                                                                                                                MD5:1C5A42368B9C66466C18B68F3AAB2B8B
                                                                                                                                                                                                SHA1:BF2BAC31ED86D524D24680245330C12F8B6FB5AE
                                                                                                                                                                                                SHA-256:78AB71DF0C5D731A7B7084264362287221095660170D8D8331914813868BB372
                                                                                                                                                                                                SHA-512:34E0BF2388645D140EA92861BCC049E59E7934CB15593F72528558B98A7D29E46A43F87A6C65BFB50BAA94A80C6D8AC938F20092B62CB4E85675C5F27A0D9884
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0.jar..https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jar..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):184
                                                                                                                                                                                                Entropy (8bit):4.588723046130315
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEdlJisjistkCmCVnumMVAuR6tEdlJisjistkCmCVnumMVrKCXW:2uNiKsCBlMAuNiKsCBlMA5
                                                                                                                                                                                                MD5:1C5A42368B9C66466C18B68F3AAB2B8B
                                                                                                                                                                                                SHA1:BF2BAC31ED86D524D24680245330C12F8B6FB5AE
                                                                                                                                                                                                SHA-256:78AB71DF0C5D731A7B7084264362287221095660170D8D8331914813868BB372
                                                                                                                                                                                                SHA-512:34E0BF2388645D140EA92861BCC049E59E7934CB15593F72528558B98A7D29E46A43F87A6C65BFB50BAA94A80C6D8AC938F20092B62CB4E85675C5F27A0D9884
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0.jar..https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jar..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1771
                                                                                                                                                                                                Entropy (8bit):5.442693979824128
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wK6l0jKDWwiOskSwEUTCJ6xD2oXk/HFeOJ/deODy1Tl4aGCv:DPknTgrHFXSO7uv
                                                                                                                                                                                                MD5:3DE4EB0A375473E7FCEE7F40EF71DD15
                                                                                                                                                                                                SHA1:D6D134994C30784398D5FF61874E2962BB45EFD2
                                                                                                                                                                                                SHA-256:5A53B01408C9B3C1AD1A8F82E5C4188388BDADFFE08BEEC186710BFA6E678ABC
                                                                                                                                                                                                SHA-512:7A18CAB0F3D8BE21C71046257A28F02C741A0647E8A20355293FA055572834A5E83792EC8865E227462F8CE9325F412D28FBF290FA7F876B533474FBF99BE433
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal EnableDelayedExpansion..set PlantUMLVer=1.2023.0..set PlantUMLJar=plantuml-%PlantUMLVer%.jar..set DOWNLOAD_URL=https://github.com/plantuml/plantuml/releases/download/v%PlantUMLVer%/%PlantUMLJar%..set PlantUML_PATH=Commands\PlantUML\%PlantUMLJar%..set MESSAGE='PlantUML is not installed. Do you want to download it and its dependences from %DOWNLOAD_URL%'..set TITLE='PlantUML Plugin'..set PlantUML_SHA256=0404edcf0af28e5b409bc17aa59ad8b05051f47347377749c46c8018135d0dec....cd "%APPDATA%\WinMerge"..if not exist %PlantUML_PATH% (.. cd "%~dp0..\..".. if not exist %PlantUML_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%PlantUML_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::Securit
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2216
                                                                                                                                                                                                Entropy (8bit):4.968812290902196
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:O3u0zUMycw+o5kdv/MvB7gvhjGJWELuIN:OjzUt+KB7JLuIN
                                                                                                                                                                                                MD5:C89A426CCD90127E46AA3C98E56D7689
                                                                                                                                                                                                SHA1:40F731CF93BE586957D9FC9AE1427183D3897F1E
                                                                                                                                                                                                SHA-256:80B4FDB88057708048A58A1CFB3CF7EE78C3B95E662AB8AF0ECCB1B8A97B6467
                                                                                                                                                                                                SHA-512:7C4B4F74D18669D4659DAF74561EB17F315698FF513B2A5C24BF7FAE5DB2D8B920C58DFDA450365E140552E69E12C4558D90C113D6603A19D4B963036EF8B964
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:=======================================================================..PlantUML : a free UML diagram generator..========================================================================....(C) Copyright 2009-2017, Arnaud Roques....Project Info: http://plantuml.com....If you like this project or if you find it useful, you can support us at:....http://plantuml.com/patreon (only 1$ per month!)..http://plantuml.com/paypal....PlantUML is free software; you can redistribute it and/or modify it..under the terms of the GNU General Public License as published by..the Free Software Foundation, either version 3 of the License, or..(at your option) any later version.....PlantUML distributed in the hope that it will be useful, but..WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY..or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public..License for more details.....You should have received a copy of the GNU General Public..License along with this library; if not,
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2216
                                                                                                                                                                                                Entropy (8bit):4.968812290902196
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:O3u0zUMycw+o5kdv/MvB7gvhjGJWELuIN:OjzUt+KB7JLuIN
                                                                                                                                                                                                MD5:C89A426CCD90127E46AA3C98E56D7689
                                                                                                                                                                                                SHA1:40F731CF93BE586957D9FC9AE1427183D3897F1E
                                                                                                                                                                                                SHA-256:80B4FDB88057708048A58A1CFB3CF7EE78C3B95E662AB8AF0ECCB1B8A97B6467
                                                                                                                                                                                                SHA-512:7C4B4F74D18669D4659DAF74561EB17F315698FF513B2A5C24BF7FAE5DB2D8B920C58DFDA450365E140552E69E12C4558D90C113D6603A19D4B963036EF8B964
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:=======================================================================..PlantUML : a free UML diagram generator..========================================================================....(C) Copyright 2009-2017, Arnaud Roques....Project Info: http://plantuml.com....If you like this project or if you find it useful, you can support us at:....http://plantuml.com/patreon (only 1$ per month!)..http://plantuml.com/paypal....PlantUML is free software; you can redistribute it and/or modify it..under the terms of the GNU General Public License as published by..the Free Software Foundation, either version 3 of the License, or..(at your option) any later version.....PlantUML distributed in the hope that it will be useful, but..WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY..or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public..License for more details.....You should have received a copy of the GNU General Public..License along with this library; if not,
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1771
                                                                                                                                                                                                Entropy (8bit):5.442693979824128
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wK6l0jKDWwiOskSwEUTCJ6xD2oXk/HFeOJ/deODy1Tl4aGCv:DPknTgrHFXSO7uv
                                                                                                                                                                                                MD5:3DE4EB0A375473E7FCEE7F40EF71DD15
                                                                                                                                                                                                SHA1:D6D134994C30784398D5FF61874E2962BB45EFD2
                                                                                                                                                                                                SHA-256:5A53B01408C9B3C1AD1A8F82E5C4188388BDADFFE08BEEC186710BFA6E678ABC
                                                                                                                                                                                                SHA-512:7A18CAB0F3D8BE21C71046257A28F02C741A0647E8A20355293FA055572834A5E83792EC8865E227462F8CE9325F412D28FBF290FA7F876B533474FBF99BE433
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal EnableDelayedExpansion..set PlantUMLVer=1.2023.0..set PlantUMLJar=plantuml-%PlantUMLVer%.jar..set DOWNLOAD_URL=https://github.com/plantuml/plantuml/releases/download/v%PlantUMLVer%/%PlantUMLJar%..set PlantUML_PATH=Commands\PlantUML\%PlantUMLJar%..set MESSAGE='PlantUML is not installed. Do you want to download it and its dependences from %DOWNLOAD_URL%'..set TITLE='PlantUML Plugin'..set PlantUML_SHA256=0404edcf0af28e5b409bc17aa59ad8b05051f47347377749c46c8018135d0dec....cd "%APPDATA%\WinMerge"..if not exist %PlantUML_PATH% (.. cd "%~dp0..\..".. if not exist %PlantUML_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%PlantUML_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::Securit
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1074
                                                                                                                                                                                                Entropy (8bit):5.20644221729891
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wqkKbPFvpPYXvkusPEqXvkugGawXwdSr1VTuKzPFvI:MGPFvBovnsPEevngGZumPFvI
                                                                                                                                                                                                MD5:93AE1D5A603922E678E25A4B8AB60F76
                                                                                                                                                                                                SHA1:BDA6042EBA1F95AC679DD07999F22F3E9842C725
                                                                                                                                                                                                SHA-256:5FCF8C63E99FCD0075E02E05DB393951B790DECA37FC6DB49A70D6A8F2BBEA8F
                                                                                                                                                                                                SHA-512:01D026E0388B63F400728709472EB2F508F2F8529191BAC1B6317B2D82A5514A763B2BFB415FAEC1055BFA95236D7ACABB8744DE9CE34AAC9D7E8C0877769161
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal enabledelayedexpansion..if exist "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt) do set DUMPBIN_PATH=%%i..)..if not exist "!DUMPBIN_PATH!" (.. if exist "%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" (.. for /f "usebackq tokens=*" %%i in (`"%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" -latest -products * -property installationPath`) do (.. set InstallDir=%%i.. ).. ).. if exist "!InstallDir!\Common7\Tools\vsdevcmd.bat" (.. call "!InstallDir!\Common7\Tools\vsdevcmd.bat" > NUL.. ) else (.. echo Visual Studio not installed.. goto :eof.. ).. mkdir "%APPDATA%\WinMerge\Commands\dumpbin\" 2> NUL.. where dumpbin.exe > "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt".. if exist "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\dumpb
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1074
                                                                                                                                                                                                Entropy (8bit):5.20644221729891
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wqkKbPFvpPYXvkusPEqXvkugGawXwdSr1VTuKzPFvI:MGPFvBovnsPEevngGZumPFvI
                                                                                                                                                                                                MD5:93AE1D5A603922E678E25A4B8AB60F76
                                                                                                                                                                                                SHA1:BDA6042EBA1F95AC679DD07999F22F3E9842C725
                                                                                                                                                                                                SHA-256:5FCF8C63E99FCD0075E02E05DB393951B790DECA37FC6DB49A70D6A8F2BBEA8F
                                                                                                                                                                                                SHA-512:01D026E0388B63F400728709472EB2F508F2F8529191BAC1B6317B2D82A5514A763B2BFB415FAEC1055BFA95236D7ACABB8744DE9CE34AAC9D7E8C0877769161
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal enabledelayedexpansion..if exist "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt) do set DUMPBIN_PATH=%%i..)..if not exist "!DUMPBIN_PATH!" (.. if exist "%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" (.. for /f "usebackq tokens=*" %%i in (`"%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" -latest -products * -property installationPath`) do (.. set InstallDir=%%i.. ).. ).. if exist "!InstallDir!\Common7\Tools\vsdevcmd.bat" (.. call "!InstallDir!\Common7\Tools\vsdevcmd.bat" > NUL.. ) else (.. echo Visual Studio not installed.. goto :eof.. ).. mkdir "%APPDATA%\WinMerge\Commands\dumpbin\" 2> NUL.. where dumpbin.exe > "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt".. if exist "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\dumpb
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1058
                                                                                                                                                                                                Entropy (8bit):5.142344487666288
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wqvbPAunPYXvkusPEqXvkugGawXwdSr1V7zPA7:LPAuPovnsPEevngGxPA7
                                                                                                                                                                                                MD5:CD549EA1B144648A57D4D443665C6A0A
                                                                                                                                                                                                SHA1:8B88D7E9452A0C1A7FF37BA1AC05EF9796AC473D
                                                                                                                                                                                                SHA-256:BF9A8D277D4E016AE8FD6EE342EBCD1A8A28FECD3004CEF045FBA373BE4F8E01
                                                                                                                                                                                                SHA-512:F307381687C84FE9C93B529D240B06D78E3F843DEDBA6627EA2ADDB66F279ED022B394B015B24B1B30FE11069CB2779986524EFF2EB187F528235D0441217D33
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal enabledelayedexpansion..if exist "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt) do set ILDASM_PATH=%%i..)..if not exist "!ILDASM_PATH!" (.. if exist "%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" (.. for /f "usebackq tokens=*" %%i in (`"%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" -latest -products * -property installationPath`) do (.. set InstallDir=%%i.. ).. ).. if exist "!InstallDir!\Common7\Tools\vsdevcmd.bat" (.. call "!InstallDir!\Common7\Tools\vsdevcmd.bat" > NUL.. ) else (.. echo Visual Studio not installed.. goto :eof.. ).. mkdir "%APPDATA%\WinMerge\Commands\ildasm\" 2> NUL.. where ildasm.exe > "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt".. if exist "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\ildasm\ildasmpath
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1058
                                                                                                                                                                                                Entropy (8bit):5.142344487666288
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wqvbPAunPYXvkusPEqXvkugGawXwdSr1V7zPA7:LPAuPovnsPEevngGxPA7
                                                                                                                                                                                                MD5:CD549EA1B144648A57D4D443665C6A0A
                                                                                                                                                                                                SHA1:8B88D7E9452A0C1A7FF37BA1AC05EF9796AC473D
                                                                                                                                                                                                SHA-256:BF9A8D277D4E016AE8FD6EE342EBCD1A8A28FECD3004CEF045FBA373BE4F8E01
                                                                                                                                                                                                SHA-512:F307381687C84FE9C93B529D240B06D78E3F843DEDBA6627EA2ADDB66F279ED022B394B015B24B1B30FE11069CB2779986524EFF2EB187F528235D0441217D33
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal enabledelayedexpansion..if exist "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt) do set ILDASM_PATH=%%i..)..if not exist "!ILDASM_PATH!" (.. if exist "%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" (.. for /f "usebackq tokens=*" %%i in (`"%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" -latest -products * -property installationPath`) do (.. set InstallDir=%%i.. ).. ).. if exist "!InstallDir!\Common7\Tools\vsdevcmd.bat" (.. call "!InstallDir!\Common7\Tools\vsdevcmd.bat" > NUL.. ) else (.. echo Visual Studio not installed.. goto :eof.. ).. mkdir "%APPDATA%\WinMerge\Commands\ildasm\" 2> NUL.. where ildasm.exe > "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt".. if exist "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\ildasm\ildasmpath
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):591
                                                                                                                                                                                                Entropy (8bit):5.2663802680458724
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:NagoNvM8k22Xj1+/8rAN2im6KbGzzSy4kNny08QYZ4/pG4zGhD:UdNvejwHzm4nbYcpsD
                                                                                                                                                                                                MD5:82DA83A68C008148451B3D08B8669F31
                                                                                                                                                                                                SHA1:DB0A2E90B639D4E325BFFC10DA5681978ECF8015
                                                                                                                                                                                                SHA-256:305E7BAF0F1FDA179EED96DF406473AE277D29FC0D07A6923642A722C7F51291
                                                                                                                                                                                                SHA-512:48CE355F1705DE628F536C71C681761554DC45A6777CF37851E61B9B5BCA1F0589A54FB0A6C8B59F25B20F0621E41FE7C72C93F74D6F6CB3C5626BD11BA1505C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..for %%i in (Apache-Tika Java PlantUML q yq) do (.. for /F "tokens=1,2" %%j in ('type %%i\URL.txt') do (.. echo Downloading %%j.. mkdir "%APPDATA%\WinMerge\Commands\%%i" 2> NUL.. powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri %%j -UseBasicParsing -Outfile '%APPDATA%\WinMerge\Commands\%%i\%%~nxj'".. if not "%%k" == "" (.. powershell -command "Expand-Archive -Path '%APPDATA%\WinMerge\Commands\%%i\%%~nxj' -DestinationPath '%APPDATA%\WinMerge\Commands\%%i\%%k' -Force".. ).. )..)..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6026
                                                                                                                                                                                                Entropy (8bit):5.1770541814752
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:/NPut0CQHT6KyuxDdjCpHHgUODHHgUObTCUePugefQHRDcF5Teprf5IYorYJCrYH:MbQHTvxjCpngU2ngUETr1QHRDcF5Tmr9
                                                                                                                                                                                                MD5:488F4E0B04C0456337FB70D1AC1758BA
                                                                                                                                                                                                SHA1:C4C65D618BA4BA1C37EA9C2F7C5954066D0D3BED
                                                                                                                                                                                                SHA-256:10E974638A41FADFD72357F2F3A4325E20B856C563365128F72FEAA406F8C92D
                                                                                                                                                                                                SHA-512:4C41CC278D4FDEAFF8EC8FAD3353CD1C03CC7E38A681BD64118D541E628A8621A2E327CF94FCD77BAD1EF5F796B839EBA70F90EEFDF297B84629EBBFFE2AC1CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:jq is copyright (C) 2012 Stephen Dolan..Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION.W
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6026
                                                                                                                                                                                                Entropy (8bit):5.1770541814752
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:/NPut0CQHT6KyuxDdjCpHHgUODHHgUObTCUePugefQHRDcF5Teprf5IYorYJCrYH:MbQHTvxjCpngU2ngUETr1QHRDcF5Tmr9
                                                                                                                                                                                                MD5:488F4E0B04C0456337FB70D1AC1758BA
                                                                                                                                                                                                SHA1:C4C65D618BA4BA1C37EA9C2F7C5954066D0D3BED
                                                                                                                                                                                                SHA-256:10E974638A41FADFD72357F2F3A4325E20B856C563365128F72FEAA406F8C92D
                                                                                                                                                                                                SHA-512:4C41CC278D4FDEAFF8EC8FAD3353CD1C03CC7E38A681BD64118D541E628A8621A2E327CF94FCD77BAD1EF5F796B839EBA70F90EEFDF297B84629EBBFFE2AC1CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:jq is copyright (C) 2012 Stephen Dolan..Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION.W
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1027584
                                                                                                                                                                                                Entropy (8bit):6.146221741723587
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:eYA6YaK43oPQdrxJnobG25Rt1LdJtgVA1KN8mLgdAM:iMx/25RzioT
                                                                                                                                                                                                MD5:336671437F8806FDD4E82BA63A9C0FFA
                                                                                                                                                                                                SHA1:99DAEC5966F04E018B6CCF267E3B945A6F08EC0F
                                                                                                                                                                                                SHA-256:E4EFDD6A2C463AE714ED98FD5E874FE834A3A2380E17885BD4CDA1C49E5166DF
                                                                                                                                                                                                SHA-512:480A07C4E30B857A211F61A22F4FBC61A623043ED260660ADA8D51429E8F4E17188F2E32D1CB7ED3EC580F406D3D2F2EFB8E47EE2B7D6B9B07013BDACC3F798A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ze...............).L...................`....@..................................o....@... ..............................p...................................O..........................T*.......................s...............................text....K.......L..................`..`.data....N...`...P...P..............@....rdata.............................@..@.eh_framh....P.......>..............@..@.bss.........`...........................idata.......p.......B..............@....CRT....4............T..............@....tls.................V..............@....rsrc................X..............@..@.reloc...O.......P...^..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1027584
                                                                                                                                                                                                Entropy (8bit):6.146221741723587
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:eYA6YaK43oPQdrxJnobG25Rt1LdJtgVA1KN8mLgdAM:iMx/25RzioT
                                                                                                                                                                                                MD5:336671437F8806FDD4E82BA63A9C0FFA
                                                                                                                                                                                                SHA1:99DAEC5966F04E018B6CCF267E3B945A6F08EC0F
                                                                                                                                                                                                SHA-256:E4EFDD6A2C463AE714ED98FD5E874FE834A3A2380E17885BD4CDA1C49E5166DF
                                                                                                                                                                                                SHA-512:480A07C4E30B857A211F61A22F4FBC61A623043ED260660ADA8D51429E8F4E17188F2E32D1CB7ED3EC580F406D3D2F2EFB8E47EE2B7D6B9B07013BDACC3F798A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ze...............).L...................`....@..................................o....@... ..............................p...................................O..........................T*.......................s...............................text....K.......L..................`..`.data....N...`...P...P..............@....rdata.............................@..@.eh_framh....P.......>..............@..@.bss.........`...........................idata.......p.......B..............@....CRT....4............T..............@....tls.................V..............@....rsrc................X..............@..@.reloc...O.......P...^..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1096
                                                                                                                                                                                                Entropy (8bit):5.186765243069268
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:aZENrRONJHujH0cPP3gtkHw1h39KAHGhsUv4eOk4/+jm3oqMSFJ:aZENtONJYbvE/NKAHGhs5eNm3oEFJ
                                                                                                                                                                                                MD5:383F39920F391605AF6E8E46E60E2378
                                                                                                                                                                                                SHA1:90846C5A4D1373EB1DFA01886CE192B2674DB511
                                                                                                                                                                                                SHA-256:D30937367D5413E7EAA218B1640B8946FF76FD34D97152F6979FD96169D5D0FC
                                                                                                                                                                                                SHA-512:77887FEF6646C62013B72F47EE95F1BCFF67CF8BB5E2577D82C896F7D8AF93784FAFF5CCEF1DCAB20F51D8977E6D2CDAA88D3CB43F23D6F7C6B214B83DB731E3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# The MIT License (MIT)..Copyright . 2016-2024 Martin Mit....Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the .Software.),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED .AS IS., WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISIN
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):295
                                                                                                                                                                                                Entropy (8bit):4.90715201528161
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:h6RmvYz+dd9ujH0/buW/5Y5KxIcDvb7BbAg+S37sQK:YRmvT9ujH0bQEIcPJADeK
                                                                                                                                                                                                MD5:E6EB65A3A26F7DE71B2782E280068160
                                                                                                                                                                                                SHA1:EDB9902910DCE381FD3C560466B063D587D9076B
                                                                                                                                                                                                SHA-256:8C4CA503505D0ACE5B42F279DC92C711B06F1A63340F9F151F7F21B0CFF952AB
                                                                                                                                                                                                SHA-512:0B996AE0D1A44376DCDB6B70B1C8D4BEB032DA904163C4D664FDCB5027A21C79FE85BAE7532EA35144B2A80F4212BA02689ACABA8A65C4A1A01CE7F48AA435CE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..echo ^<!DOCTYPE html^>..echo ^<html^>..echo ^<head^>..echo ^<title^>^</title^>..echo ^<meta name="generator" content="md2html"^>..echo ^<base href="file:///%~dp1"^>..echo ^</head^>..echo ^<body^>..type %1 | "%~dp0\md2html.exe" %2 %3 %4 %5 %6 %7 %8 %9..echo ^</body^>..echo ^</html^>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):95389
                                                                                                                                                                                                Entropy (8bit):6.351958651853396
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:2FhSNBiCwti7kGwKEaRvXT0gMQq/OmIqoamOdqVhV:2FhSNBiCwtiIGwK1eGadqVL
                                                                                                                                                                                                MD5:C441AC00F19E1AAEECA422F450F8FE9B
                                                                                                                                                                                                SHA1:14D8305C863EC3362F1A2011071185AEF974F93E
                                                                                                                                                                                                SHA-256:D9A721D18E6EBD0A274F092B409BDD1302A5CC9741F53184AD1F5D05CF5C03F5
                                                                                                                                                                                                SHA-512:6F670C7F2045A03943221A7AE719D3C4C069A825367DA5F72271BD5B32EE3AAC53F9B7024D3367A85F9B5D1CBBBB84C42685C3A2ADCD87C590FAB4EA5764488B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e.n..,.....&#...*.....j....................Lk.................................%....@... .........................G.......P...........................................................$T......................................................text...............................`..`.data...,...........................@....rdata...:... ...<..................@..@/4...........`.......>..............@..@.bss.....................................edata..G............R..............@..@.idata..P............T..............@....CRT....,............Z..............@....tls.................\..............@....reloc...............^..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1096
                                                                                                                                                                                                Entropy (8bit):5.186765243069268
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:aZENrRONJHujH0cPP3gtkHw1h39KAHGhsUv4eOk4/+jm3oqMSFJ:aZENtONJYbvE/NKAHGhs5eNm3oEFJ
                                                                                                                                                                                                MD5:383F39920F391605AF6E8E46E60E2378
                                                                                                                                                                                                SHA1:90846C5A4D1373EB1DFA01886CE192B2674DB511
                                                                                                                                                                                                SHA-256:D30937367D5413E7EAA218B1640B8946FF76FD34D97152F6979FD96169D5D0FC
                                                                                                                                                                                                SHA-512:77887FEF6646C62013B72F47EE95F1BCFF67CF8BB5E2577D82C896F7D8AF93784FAFF5CCEF1DCAB20F51D8977E6D2CDAA88D3CB43F23D6F7C6B214B83DB731E3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# The MIT License (MIT)..Copyright . 2016-2024 Martin Mit....Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the .Software.),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED .AS IS., WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISIN
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):59176
                                                                                                                                                                                                Entropy (8bit):6.197366541786481
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:8hviIQFF0yNLbdWPOpi0w7H8KDGYrxFn7lhHRhV4ZgA6OTTEC1msaetRJ9oCVA8C:+iTFzdWmpi088KDvL2tUuW43E
                                                                                                                                                                                                MD5:BDD6AE6B15BD8168E02140E0C97A59F2
                                                                                                                                                                                                SHA1:489AA9AC066A9FBC537178681049BA9905930C55
                                                                                                                                                                                                SHA-256:971A810AC5D3F1A5B26822062D3485109E768815B745A299FAECE553D466C26B
                                                                                                                                                                                                SHA-512:2B2C52888B610111DDEF056C4DB00AD692DDAD813C7F5A2CABA61FD921500C07A947FCCA4E68072514EEE39FB9B4DBB5310CA96A228905FB010EA3C576AEC156
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e....L.....&....*..........................@..........................P............@... .................................t....0.......................@..p...................................................l................................text..............................`..`.data...\...........................@....rdata........... ..................@..@/4......h...........................@..@.bss.....................................idata..t...........................@....CRT....0...........................@....tls......... ......................@....rsrc........0......................@..@.reloc..p....@......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):109220
                                                                                                                                                                                                Entropy (8bit):6.105046591488112
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:xDB8At5TE6Bpi4gDKHvJbKTuFpYy8y0tvkTj5JOe51xKTEjRbI:xDOAt5TdBpiRAzpYtvkTj5JOe5PE
                                                                                                                                                                                                MD5:57F31D328C85AFB0BAAD1764C3BA6346
                                                                                                                                                                                                SHA1:258A138704B0A22223E546DC57FFCE7EE8239934
                                                                                                                                                                                                SHA-256:FC3640060BDFB60973E45F2053B6BA39B1B31C8C3492ACA8FEA543F59A761063
                                                                                                                                                                                                SHA-512:981822CC21613233824FCCEA5A3413E5827F949CBEEED50A41FF5E55700F265A03396926D7518CF2BC5C78970205B3FBC5FCD5C6D63AE4DEC00D3D6DD121FECB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e....:.....&#...*...........................n......................... ............@... .........................c.......................................h............................w......................$................................text...............................`..`.data...X...........................@....rdata..............................@..@/4...................d..............@..@.bss....T................................edata..c............~..............@..@.idata..............................@....CRT....,...........................@....tls................................@....reloc..h...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):109220
                                                                                                                                                                                                Entropy (8bit):6.105046591488112
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:xDB8At5TE6Bpi4gDKHvJbKTuFpYy8y0tvkTj5JOe51xKTEjRbI:xDOAt5TdBpiRAzpYtvkTj5JOe5PE
                                                                                                                                                                                                MD5:57F31D328C85AFB0BAAD1764C3BA6346
                                                                                                                                                                                                SHA1:258A138704B0A22223E546DC57FFCE7EE8239934
                                                                                                                                                                                                SHA-256:FC3640060BDFB60973E45F2053B6BA39B1B31C8C3492ACA8FEA543F59A761063
                                                                                                                                                                                                SHA-512:981822CC21613233824FCCEA5A3413E5827F949CBEEED50A41FF5E55700F265A03396926D7518CF2BC5C78970205B3FBC5FCD5C6D63AE4DEC00D3D6DD121FECB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e....:.....&#...*...........................n......................... ............@... .........................c.......................................h............................w......................$................................text...............................`..`.data...X...........................@....rdata..............................@..@/4...................d..............@..@.bss....T................................edata..c............~..............@..@.idata..............................@....CRT....,...........................@....tls................................@....reloc..h...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):95389
                                                                                                                                                                                                Entropy (8bit):6.351958651853396
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:2FhSNBiCwti7kGwKEaRvXT0gMQq/OmIqoamOdqVhV:2FhSNBiCwtiIGwK1eGadqVL
                                                                                                                                                                                                MD5:C441AC00F19E1AAEECA422F450F8FE9B
                                                                                                                                                                                                SHA1:14D8305C863EC3362F1A2011071185AEF974F93E
                                                                                                                                                                                                SHA-256:D9A721D18E6EBD0A274F092B409BDD1302A5CC9741F53184AD1F5D05CF5C03F5
                                                                                                                                                                                                SHA-512:6F670C7F2045A03943221A7AE719D3C4C069A825367DA5F72271BD5B32EE3AAC53F9B7024D3367A85F9B5D1CBBBB84C42685C3A2ADCD87C590FAB4EA5764488B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e.n..,.....&#...*.....j....................Lk.................................%....@... .........................G.......P...........................................................$T......................................................text...............................`..`.data...,...........................@....rdata...:... ...<..................@..@/4...........`.......>..............@..@.bss.....................................edata..G............R..............@..@.idata..P............T..............@....CRT....,............Z..............@....tls.................\..............@....reloc...............^..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):295
                                                                                                                                                                                                Entropy (8bit):4.90715201528161
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:h6RmvYz+dd9ujH0/buW/5Y5KxIcDvb7BbAg+S37sQK:YRmvT9ujH0bQEIcPJADeK
                                                                                                                                                                                                MD5:E6EB65A3A26F7DE71B2782E280068160
                                                                                                                                                                                                SHA1:EDB9902910DCE381FD3C560466B063D587D9076B
                                                                                                                                                                                                SHA-256:8C4CA503505D0ACE5B42F279DC92C711B06F1A63340F9F151F7F21B0CFF952AB
                                                                                                                                                                                                SHA-512:0B996AE0D1A44376DCDB6B70B1C8D4BEB032DA904163C4D664FDCB5027A21C79FE85BAE7532EA35144B2A80F4212BA02689ACABA8A65C4A1A01CE7F48AA435CE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..echo ^<!DOCTYPE html^>..echo ^<html^>..echo ^<head^>..echo ^<title^>^</title^>..echo ^<meta name="generator" content="md2html"^>..echo ^<base href="file:///%~dp1"^>..echo ^</head^>..echo ^<body^>..type %1 | "%~dp0\md2html.exe" %2 %3 %4 %5 %6 %7 %8 %9..echo ^</body^>..echo ^</html^>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):59176
                                                                                                                                                                                                Entropy (8bit):6.197366541786481
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:8hviIQFF0yNLbdWPOpi0w7H8KDGYrxFn7lhHRhV4ZgA6OTTEC1msaetRJ9oCVA8C:+iTFzdWmpi088KDvL2tUuW43E
                                                                                                                                                                                                MD5:BDD6AE6B15BD8168E02140E0C97A59F2
                                                                                                                                                                                                SHA1:489AA9AC066A9FBC537178681049BA9905930C55
                                                                                                                                                                                                SHA-256:971A810AC5D3F1A5B26822062D3485109E768815B745A299FAECE553D466C26B
                                                                                                                                                                                                SHA-512:2B2C52888B610111DDEF056C4DB00AD692DDAD813C7F5A2CABA61FD921500C07A947FCCA4E68072514EEE39FB9B4DBB5310CA96A228905FB010EA3C576AEC156
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e....L.....&....*..........................@..........................P............@... .................................t....0.......................@..p...................................................l................................text..............................`..`.data...\...........................@....rdata........... ..................@..@/4......h...........................@..@.bss.....................................idata..t...........................@....CRT....0...........................@....tls......... ......................@....rsrc........0......................@..@.reloc..p....@......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3362559
                                                                                                                                                                                                Entropy (8bit):6.266382256196019
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:cCkgs3WfqTw4LbOI2eLJG0zcR3Py92TI8Ri9HqzSYPgcBl2U0X3UKut5bNbgcD5l:nts9TBJIaYPgcBl2U0X3UKut5bNbgcDf
                                                                                                                                                                                                MD5:3669501666877E287C9FEAFFD1605AB1
                                                                                                                                                                                                SHA1:7451FFCBA556C3CC35602B537D086435FE2A16F5
                                                                                                                                                                                                SHA-256:FB4A05CE7D50721C71F66C37E0AB7E52CD46034A2E394940B3F60C9C2AFB079A
                                                                                                                                                                                                SHA-512:6EFDB9AAD523398ABAECA8E9B640DA14DB5700E589452824B3DFD7FDA707DBFBE837CAC55EB44A07FD029140F7247BA0CB899DC252C33BEFAFE8AC582507A9FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........+..B.....!...$......*..x..@..............a..........................O.......3....... .......................+._....................................P,.......(..............................................................................text....h.......j..................`.``/4.......!......."...n.............. .@..data...............................@.`..rdata..h5...."..6....".............@.`@.buildid5.....(.......'.............@.0@.bss.....v....(.......................`..edata.._.....+.......'.............@.0@.reloc.......P,.......(.............@.0B/19.......... .......N*.............@.`..idata...........0....*.............@.0./38...................+.............@.0B.rsrc.................+.............@.0..cygheap.. .../.......................0.........................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):103166
                                                                                                                                                                                                Entropy (8bit):6.438613906021623
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Tre0u0y2Yck4hhyRBxI85p2beki6wQy80gjvq53k54UxnUP:nBuLFt4hhyRDZUad6wQy8pEkVnUP
                                                                                                                                                                                                MD5:55229243A445AF57C59761F4FC10A3B7
                                                                                                                                                                                                SHA1:3608B654334B997A97486F3D840786588BDE47DC
                                                                                                                                                                                                SHA-256:C8C5440AF04BF3C7B35E546B6FA724B8123422DB74A7673801A2B519728A4B5D
                                                                                                                                                                                                SHA-512:A8266EEAD58285BB8120D84DF752A034FD35E257967D99B3AF7519AA63ACAC30782723BA3BEA02E4E9344C6CBD0AA29B76CC61C3AC2FDF386F3FE038D0221905
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........!......#...#.D..........`G.......`.....j.................................h........ .........................s.......X.......................................................................................p............................text....C.......D..................`.P`.data...@....`.......H..............@.`..rdata.......p.......J..............@.`@.buildid5............`..............@.0@/4...................b..............@.0..bss....H.............................`..edata..s............v..............@.0@.idata..X...........................@.0..reloc..............................@.0B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):207279
                                                                                                                                                                                                Entropy (8bit):6.257340830373565
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:8ETp56/3S8Fat2OkIbt8X7nvEDdV7q1IAegepxmMISQVSQOv:8ETp56/3S8Yt2dIbt8X7vEdlpjwOv
                                                                                                                                                                                                MD5:4864A803BF955E82F772DB8B14262B87
                                                                                                                                                                                                SHA1:BD307FFA45F242CB2F4B1261F70F8A2A421AEA73
                                                                                                                                                                                                SHA-256:A9493C56D6A14055AEAB5C8893A5ECDA3EE39D411A09D71CB3C6C2EDE1C94074
                                                                                                                                                                                                SHA-512:3FFA5720BED5054FBF2A211F6428A90BDF9A256F048E5D5DE04722D075BEC1D5E22C40F86CFBB29B15093D63FA83EA6EF43439EB896EB28C0646B461E884F2C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................'......@...................P....@..........................p................ ..............................@..,....`..h............................................................................B...............................text...T?.......@..................`.P`.data...$....P.......D..............@.`..rdata..,g...`...h...F..............@.`@.buildid5...........................@.0@/4.......F.......H..................@.0@.bss.........0........................`..idata..,....@......................@.0..rsrc...h....`......................@.0.................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3362559
                                                                                                                                                                                                Entropy (8bit):6.266382256196019
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:cCkgs3WfqTw4LbOI2eLJG0zcR3Py92TI8Ri9HqzSYPgcBl2U0X3UKut5bNbgcD5l:nts9TBJIaYPgcBl2U0X3UKut5bNbgcDf
                                                                                                                                                                                                MD5:3669501666877E287C9FEAFFD1605AB1
                                                                                                                                                                                                SHA1:7451FFCBA556C3CC35602B537D086435FE2A16F5
                                                                                                                                                                                                SHA-256:FB4A05CE7D50721C71F66C37E0AB7E52CD46034A2E394940B3F60C9C2AFB079A
                                                                                                                                                                                                SHA-512:6EFDB9AAD523398ABAECA8E9B640DA14DB5700E589452824B3DFD7FDA707DBFBE837CAC55EB44A07FD029140F7247BA0CB899DC252C33BEFAFE8AC582507A9FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........+..B.....!...$......*..x..@..............a..........................O.......3....... .......................+._....................................P,.......(..............................................................................text....h.......j..................`.``/4.......!......."...n.............. .@..data...............................@.`..rdata..h5...."..6....".............@.`@.buildid5.....(.......'.............@.0@.bss.....v....(.......................`..edata.._.....+.......'.............@.0@.reloc.......P,.......(.............@.0B/19.......... .......N*.............@.`..idata...........0....*.............@.0./38...................+.............@.0B.rsrc.................+.............@.0..cygheap.. .../.......................0.........................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):103166
                                                                                                                                                                                                Entropy (8bit):6.438613906021623
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Tre0u0y2Yck4hhyRBxI85p2beki6wQy80gjvq53k54UxnUP:nBuLFt4hhyRDZUad6wQy8pEkVnUP
                                                                                                                                                                                                MD5:55229243A445AF57C59761F4FC10A3B7
                                                                                                                                                                                                SHA1:3608B654334B997A97486F3D840786588BDE47DC
                                                                                                                                                                                                SHA-256:C8C5440AF04BF3C7B35E546B6FA724B8123422DB74A7673801A2B519728A4B5D
                                                                                                                                                                                                SHA-512:A8266EEAD58285BB8120D84DF752A034FD35E257967D99B3AF7519AA63ACAC30782723BA3BEA02E4E9344C6CBD0AA29B76CC61C3AC2FDF386F3FE038D0221905
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........!......#...#.D..........`G.......`.....j.................................h........ .........................s.......X.......................................................................................p............................text....C.......D..................`.P`.data...@....`.......H..............@.`..rdata.......p.......J..............@.`@.buildid5............`..............@.0@/4...................b..............@.0..bss....H.............................`..edata..s............v..............@.0@.idata..X...........................@.0..reloc..............................@.0B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):207279
                                                                                                                                                                                                Entropy (8bit):6.257340830373565
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:8ETp56/3S8Fat2OkIbt8X7nvEDdV7q1IAegepxmMISQVSQOv:8ETp56/3S8Yt2dIbt8X7vEdlpjwOv
                                                                                                                                                                                                MD5:4864A803BF955E82F772DB8B14262B87
                                                                                                                                                                                                SHA1:BD307FFA45F242CB2F4B1261F70F8A2A421AEA73
                                                                                                                                                                                                SHA-256:A9493C56D6A14055AEAB5C8893A5ECDA3EE39D411A09D71CB3C6C2EDE1C94074
                                                                                                                                                                                                SHA-512:3FFA5720BED5054FBF2A211F6428A90BDF9A256F048E5D5DE04722D075BEC1D5E22C40F86CFBB29B15093D63FA83EA6EF43439EB896EB28C0646B461E884F2C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................'......@...................P....@..........................p................ ..............................@..,....`..h............................................................................B...............................text...T?.......@..................`.P`.data...$....P.......D..............@.`..rdata..,g...`...h...F..............@.`@.buildid5...........................@.0@/4.......F.......H..................@.0@.bss.........0........................`..idata..,....@......................@.0..rsrc...h....`......................@.0.................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6195
                                                                                                                                                                                                Entropy (8bit):5.183035655065466
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:M78QlvtNrPF7WFGIcH6Rg6GuRcHi6JGYcHQ+GkcHszqoG4cHAHqmGQcHfdcDcGY7:pQlrQ8ZtZIw3bdxLUct
                                                                                                                                                                                                MD5:7FDC216116CBE7C16085A1C08E15409B
                                                                                                                                                                                                SHA1:BEA84B8E4DD5DD559B5A9A9F4A63584109338E00
                                                                                                                                                                                                SHA-256:79AA95224BA6F373C4088D6E55DEB220DA92C1DA212F32A3DADC8EF3B9616689
                                                                                                                                                                                                SHA-512:C17C05A6FA6320C6AEBB77F59672578131331AAD7E08E72F9A28A01FDB675001FE119D2246744CB9F2795FF5213CD390FA5BDFE69A47AFCBFBEB97A7067BCAAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# =========================================================================..#..# Schema Extension for Cygwin User and Group auxiliary classes..#..# Extend your Active Directory using..#..# ldifde -i -f <path>\<this>.ldif -b <username> <domain> <password> \..# -k -c "CN=schema,CN=Configuration,DC=X" #schemaNamingContext..#..# Remember:..# - you have to be schema admin for your active directory..# - you have to run the above command directly from your schema master..#..# For further information read..# http://technet.microsoft.com/en-us/magazine/2008.05.schema.aspx..#..# ----------------------------------------------------------------------..#..# Explanation for the OIDs:..#..# Value Meaning Description..# 1 ISO Identifies the root authority...# 3 IANA Group designation assigned by ISO...# 6.1.4.1.2312 Red Hat Organization assigned by IANA...# 15 Cygwin Assigned by Organization...# Y Object Type Numb
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6195
                                                                                                                                                                                                Entropy (8bit):5.183035655065466
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:M78QlvtNrPF7WFGIcH6Rg6GuRcHi6JGYcHQ+GkcHszqoG4cHAHqmGQcHfdcDcGY7:pQlrQ8ZtZIw3bdxLUct
                                                                                                                                                                                                MD5:7FDC216116CBE7C16085A1C08E15409B
                                                                                                                                                                                                SHA1:BEA84B8E4DD5DD559B5A9A9F4A63584109338E00
                                                                                                                                                                                                SHA-256:79AA95224BA6F373C4088D6E55DEB220DA92C1DA212F32A3DADC8EF3B9616689
                                                                                                                                                                                                SHA-512:C17C05A6FA6320C6AEBB77F59672578131331AAD7E08E72F9A28A01FDB675001FE119D2246744CB9F2795FF5213CD390FA5BDFE69A47AFCBFBEB97A7067BCAAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# =========================================================================..#..# Schema Extension for Cygwin User and Group auxiliary classes..#..# Extend your Active Directory using..#..# ldifde -i -f <path>\<this>.ldif -b <username> <domain> <password> \..# -k -c "CN=schema,CN=Configuration,DC=X" #schemaNamingContext..#..# Remember:..# - you have to be schema admin for your active directory..# - you have to run the above command directly from your schema master..#..# For further information read..# http://technet.microsoft.com/en-us/magazine/2008.05.schema.aspx..#..# ----------------------------------------------------------------------..#..# Explanation for the OIDs:..#..# Value Meaning Description..# 1 ISO Identifies the root authority...# 3 IANA Group designation assigned by ISO...# 6.1.4.1.2312 Red Hat Organization assigned by IANA...# 15 Cygwin Assigned by Organization...# Y Object Type Numb
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35147
                                                                                                                                                                                                Entropy (8bit):4.573442652974749
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Mo1acy3LTB2VsrHG/OfvMmnBCtLmJ9A7D:Mhcycsrfrnoue
                                                                                                                                                                                                MD5:D32239BCB673463AB874E80D47FAE504
                                                                                                                                                                                                SHA1:8624BCDAE55BAEEF00CD11D5DFCFA60F68710A02
                                                                                                                                                                                                SHA-256:8CEB4B9EE5ADEDDE47B31E975C1D90C73AD27B6B165A1DCD80C7C545EB65B903
                                                                                                                                                                                                SHA-512:7633623B66B5E686BB94DD96A7CDB5A7E5EE00E87004FAB416A5610D59C62BADAF512A2E26E34E2455B7ED6B76690D2CD47464836D7D85D78B51D50F7E933D5C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: GNU GENERAL PUBLIC LICENSE. Version 3, 29 June 2007.. Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed... Preamble.. The GNU General Public License is a free, copyleft license for.software and other kinds of works... The licenses for most software and other practical works are designed.to take away your freedom to share and change the works. By contrast,.the GNU General Public License is intended to guarantee your freedom to.share and change all versions of a program--to make sure it remains free.software for all its users. We, the Free Software Foundation, use the.GNU General Public License for most of our software; it applies also to.any other work released this way by its authors. You can apply it to.your programs, too... When we speak of free software, we are referring to
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1458
                                                                                                                                                                                                Entropy (8bit):4.890560517081035
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:C9TPYoEOkfQQRXKNgwNBtrfXPK+n9hakssFQ6WjCQGN/vp7crzESiz8zA:QTg/fQQRaqgZl/DsCQsT/vp7cvUzJ
                                                                                                                                                                                                MD5:31BF89A571F62566F84D9C1B3E0D8545
                                                                                                                                                                                                SHA1:CC391CC58B8A33BAD26474BBFBBD66526EBF9376
                                                                                                                                                                                                SHA-256:794433752103CF4BBB4A84A1BDB8FBC150ABB1762704BB35FECC9F7F820BE984
                                                                                                                                                                                                SHA-512:36BE9C18A83BA498966B74F1C01F8DFE8342C8871D47935D1677F3602F802AABD7530E8653FF403C26B5FC80BE09004393C844364AE86FAAD214840B83C00925
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESSED OR.IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE...Unless stated otherwise, the sources under the cygwin subdirectory,.as well as the sources under the cygserver subdirectory linked into.the Cygwin DLL, are licensed under the Lesser Gnu Public License,.version 3 or (at your option) any later version (LGPLv3+). See the.COPYING.LIB file for the exact wording of that license...Unless stated otherwise, the sources under the cygserver subdir not.linked into the Cygwin DLL, as well as the sources under the lsaauth.and the utils subdirectories are licensed under the Gnu Public License,.version 3 or (at your option) any later version (GPLv3+). See the.COPYING file for the exact wording of that license. ..Parts of the sources in any subdirectory are licensed using a BSD-like.license. The affected source files contain explicit copyright notices.to t
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8136
                                                                                                                                                                                                Entropy (8bit):4.494288173324342
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:vm8yrd5ei20HoHvnxST3j83LpIpXoT+aPOVhvpNrpU/RdV3+tQI+wla7ZvOv/I/P:v9yrd5eiHHoHvxWOp8oPPwmdech+0P
                                                                                                                                                                                                MD5:815865B276963D26F9B4BB70FBB56075
                                                                                                                                                                                                SHA1:4C849B55F93CEA2F7CDB419FA471919C839E3848
                                                                                                                                                                                                SHA-256:A311D924C6A11E6107B498F2A6E8B04A54CF24B4B8533CFB8FCD64BD899179ED
                                                                                                                                                                                                SHA-512:8BBDB23C273155B1B388E09A0552857D93AA8A322ED0E3C4639EC455C3EFE340F5C443838E5C986563C4C00CD55C54F95B2F7767FE7622A4BAC8856D36E24579
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:What is Cygserver?.. Cygserver is a program which is designed to run as a background service.. It provides Cygwin applications with services which require security. arbitration or which need to persist while no other cygwin application. is running... The implemented services so far are:.. - Control slave tty/pty handle dispersal from tty owner to other. processes without compromising the owner processes' security.. - XSI IPC Message Queues.. - XSI IPC Semaphores.. - XSI IPC Shared Memory.. - Allows non-privileged users to store obfuscated passwords in the. registry to be used for setuid(2) to create user tokens with network. credentials. This service is used by `passwd -R'. Using the stored. passwords in setuid(2) does not require running cygserver. The. registry storage is the same as Windows uses to store passwords for. accounts running Windows services....Cygserver command line options:.. Options to Cygserver take the normal UNIX-style `-X' or `--long
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1458
                                                                                                                                                                                                Entropy (8bit):4.890560517081035
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:C9TPYoEOkfQQRXKNgwNBtrfXPK+n9hakssFQ6WjCQGN/vp7crzESiz8zA:QTg/fQQRaqgZl/DsCQsT/vp7cvUzJ
                                                                                                                                                                                                MD5:31BF89A571F62566F84D9C1B3E0D8545
                                                                                                                                                                                                SHA1:CC391CC58B8A33BAD26474BBFBBD66526EBF9376
                                                                                                                                                                                                SHA-256:794433752103CF4BBB4A84A1BDB8FBC150ABB1762704BB35FECC9F7F820BE984
                                                                                                                                                                                                SHA-512:36BE9C18A83BA498966B74F1C01F8DFE8342C8871D47935D1677F3602F802AABD7530E8653FF403C26B5FC80BE09004393C844364AE86FAAD214840B83C00925
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESSED OR.IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE...Unless stated otherwise, the sources under the cygwin subdirectory,.as well as the sources under the cygserver subdirectory linked into.the Cygwin DLL, are licensed under the Lesser Gnu Public License,.version 3 or (at your option) any later version (LGPLv3+). See the.COPYING.LIB file for the exact wording of that license...Unless stated otherwise, the sources under the cygserver subdir not.linked into the Cygwin DLL, as well as the sources under the lsaauth.and the utils subdirectories are licensed under the Gnu Public License,.version 3 or (at your option) any later version (GPLv3+). See the.COPYING file for the exact wording of that license. ..Parts of the sources in any subdirectory are licensed using a BSD-like.license. The affected source files contain explicit copyright notices.to t
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35147
                                                                                                                                                                                                Entropy (8bit):4.573442652974749
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Mo1acy3LTB2VsrHG/OfvMmnBCtLmJ9A7D:Mhcycsrfrnoue
                                                                                                                                                                                                MD5:D32239BCB673463AB874E80D47FAE504
                                                                                                                                                                                                SHA1:8624BCDAE55BAEEF00CD11D5DFCFA60F68710A02
                                                                                                                                                                                                SHA-256:8CEB4B9EE5ADEDDE47B31E975C1D90C73AD27B6B165A1DCD80C7C545EB65B903
                                                                                                                                                                                                SHA-512:7633623B66B5E686BB94DD96A7CDB5A7E5EE00E87004FAB416A5610D59C62BADAF512A2E26E34E2455B7ED6B76690D2CD47464836D7D85D78B51D50F7E933D5C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: GNU GENERAL PUBLIC LICENSE. Version 3, 29 June 2007.. Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed... Preamble.. The GNU General Public License is a free, copyleft license for.software and other kinds of works... The licenses for most software and other practical works are designed.to take away your freedom to share and change the works. By contrast,.the GNU General Public License is intended to guarantee your freedom to.share and change all versions of a program--to make sure it remains free.software for all its users. We, the Free Software Foundation, use the.GNU General Public License for most of our software; it applies also to.any other work released this way by its authors. You can apply it to.your programs, too... When we speak of free software, we are referring to
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8136
                                                                                                                                                                                                Entropy (8bit):4.494288173324342
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:vm8yrd5ei20HoHvnxST3j83LpIpXoT+aPOVhvpNrpU/RdV3+tQI+wla7ZvOv/I/P:v9yrd5eiHHoHvxWOp8oPPwmdech+0P
                                                                                                                                                                                                MD5:815865B276963D26F9B4BB70FBB56075
                                                                                                                                                                                                SHA1:4C849B55F93CEA2F7CDB419FA471919C839E3848
                                                                                                                                                                                                SHA-256:A311D924C6A11E6107B498F2A6E8B04A54CF24B4B8533CFB8FCD64BD899179ED
                                                                                                                                                                                                SHA-512:8BBDB23C273155B1B388E09A0552857D93AA8A322ED0E3C4639EC455C3EFE340F5C443838E5C986563C4C00CD55C54F95B2F7767FE7622A4BAC8856D36E24579
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:What is Cygserver?.. Cygserver is a program which is designed to run as a background service.. It provides Cygwin applications with services which require security. arbitration or which need to persist while no other cygwin application. is running... The implemented services so far are:.. - Control slave tty/pty handle dispersal from tty owner to other. processes without compromising the owner processes' security.. - XSI IPC Message Queues.. - XSI IPC Semaphores.. - XSI IPC Shared Memory.. - Allows non-privileged users to store obfuscated passwords in the. registry to be used for setuid(2) to create user tokens with network. credentials. This service is used by `passwd -R'. Using the stored. passwords in setuid(2) does not require running cygserver. The. registry storage is the same as Windows uses to store passwords for. accounts running Windows services....Cygserver command line options:.. Options to Cygserver take the normal UNIX-style `-X' or `--long
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 210247
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):47855
                                                                                                                                                                                                Entropy (8bit):7.9940811952790245
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:768:2HEB76JTORRyCsmcRKzXkCPIx4X8vpZzLtZJZ6yM5TXs8PqvLe1ZGQmsK:2HvuRyXRKxAx4MvpZzLtvCJcaqvLeyQA
                                                                                                                                                                                                MD5:0E424118539084CE331B5913F922E3BE
                                                                                                                                                                                                SHA1:A26CF825DC47092C7BD4C83435F0061FD942A99D
                                                                                                                                                                                                SHA-256:BF16F3C319C8780B6538ACE21D4E2B769A046194DB9AA7027D4DEE21DEB51AEC
                                                                                                                                                                                                SHA-512:B59153ED6365B9C9F18A59199C9151A27C7E04982B53CD187652685C161F7CE731310727734F9F34E44815C74984AC778A1181DB73BE15944F65341CA1807324
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.............V.Y. ..s.%.._.*.`..3.@.:.."R].:..n..r7.ts.Q}.h^d^n.d....o..Q..'OJr3....i...z..M....Y7oF.a....Nt..../....%.".ho.e.....~3J....~>x..7..he.5....[.......$....x.D..q.G0P3:...].Eg...4:..f.g#.|.Gm...u.b4L..$...O.0.....p...=.'...'C.-.F0^..]...O...y.f...v..I3.E.......F.=D..Fp....{iq..#N....>...+........."i."..c........`.....g.......|....h%^.V.x.:....M<.7W..n.....#.i.?j.G.Q...s......Y.7..........+....%8...C\.k.e^.6../..fp]0..z.EW.1..q.......>.........K.N.W.....Go.&...4.9i8...4)..h..pN].w..........u.G..8:y..vpt.vq..ytzBo...C...h\\../..K.'.../...D+.7.#..G8.v{yL.{.8...l.......|...Od......Ay.<.K<.>......M.$u.5j...t20.OGH..^...q:H..g4&..........r...^/....Nz.0..a.t........?.3..>...@....w7.Y.}..._..Q3z.vG......{..#.I.[..........f..E..'m.O..wJ.....>.%oJ"Bt.w...|.........f..a...?!q..............h.'\...o...G....b`..b..F...O?.......>..F... .?93..6...q;.V....qik.@;.W?*n..:k.....<...]..]C.....U+qmT..tu.u#en...a.6.6..%..&."E..<...L3..CS..=.....w
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 36614
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11481
                                                                                                                                                                                                Entropy (8bit):7.981940046894167
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:YczOB6tnRdml8andTUdR2sqnIC+jracFthMak+MWmfF3gZoeIPCyMAOzPaB1vAlO:bzOBwRkl8andTUdmnICutG5+LfZAPCyb
                                                                                                                                                                                                MD5:24873A406B207B56BF376D8E91ABF6E2
                                                                                                                                                                                                SHA1:F5A966BE3DA16FD16E96E8A8F3D5B52B3BA0ABF0
                                                                                                                                                                                                SHA-256:5A76BFE06016E7E85253244895181DAE54C980E2BE0D97B6D99194F5C4BB5554
                                                                                                                                                                                                SHA-512:BD26CE202B6B4BE35BEFEE8CF2F7E1A2DBD2AA786C44D1236AC88BFCA59046E1B125C832AA685B326087B5E0816ADAE2D7E45737730D99CE30F0C8AB7DEB492C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........<ks.8...'...-..Y..L&..l..GF[......]. ...... mk..._?...(......)E".@...h..*1..K...J.kY.FI..C..:."...F..g.O.*L.3.z..X.z....!..zG:...rU.gG{b:......X..J.k.(.e....X...P......T.:1..`.,dV......:.qb.".W..2._.B.u.,6..s.......J.....(aQ#.~....Q9....8K"..5.E.d.9.M.l"..H%,...W.41+&...8./R..O..4..N...J\.....x....G.6.7.'....H......g....p....L<.{n.T..8$::R.|f.t.Ei..q`....N.}.2U1/...x...".+n.@...F..;.._t%V.N.n.X2.k.g<./.p.N...z.............<K...W........:......<....,..7.[...G..,T........\..w@.o.UF..a.{|Aqx9c-.|T.....N`Lf.S..u.P.P.&.r.;M5..;mJT..C1.N@.'/.....!..oE...._+j.?z.I..:....1......~.}..X-.d.........9.k..{..,+.1.qz..^o..UF...3.b.C){M..s >... ..52..P.BFJ<....>..*...K.1.....E...@.(..4.p...+].0..Gv.....QT..5.Z.nO<....I.iF......o..........-.......Hf^B.Y.!+k....T....xW-.......#.........I.C.Y.;... .wN3P..[.7.^...-}...)..<..7.f.vFe"..x.H1(y...jp{..u.......@..E.e.....(..EV.../.n-.B.h...6`?WI.........$....~.....H#V.g7.........b.L)`.T...3.....i.@.6
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 210247
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):47855
                                                                                                                                                                                                Entropy (8bit):7.9940811952790245
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:768:2HEB76JTORRyCsmcRKzXkCPIx4X8vpZzLtZJZ6yM5TXs8PqvLe1ZGQmsK:2HvuRyXRKxAx4MvpZzLtvCJcaqvLeyQA
                                                                                                                                                                                                MD5:0E424118539084CE331B5913F922E3BE
                                                                                                                                                                                                SHA1:A26CF825DC47092C7BD4C83435F0061FD942A99D
                                                                                                                                                                                                SHA-256:BF16F3C319C8780B6538ACE21D4E2B769A046194DB9AA7027D4DEE21DEB51AEC
                                                                                                                                                                                                SHA-512:B59153ED6365B9C9F18A59199C9151A27C7E04982B53CD187652685C161F7CE731310727734F9F34E44815C74984AC778A1181DB73BE15944F65341CA1807324
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.............V.Y. ..s.%.._.*.`..3.@.:.."R].:..n..r7.ts.Q}.h^d^n.d....o..Q..'OJr3....i...z..M....Y7oF.a....Nt..../....%.".ho.e.....~3J....~>x..7..he.5....[.......$....x.D..q.G0P3:...].Eg...4:..f.g#.|.Gm...u.b4L..$...O.0.....p...=.'...'C.-.F0^..]...O...y.f...v..I3.E.......F.=D..Fp....{iq..#N....>...+........."i."..c........`.....g.......|....h%^.V.x.:....M<.7W..n.....#.i.?j.G.Q...s......Y.7..........+....%8...C\.k.e^.6../..fp]0..z.EW.1..q.......>.........K.N.W.....Go.&...4.9i8...4)..h..pN].w..........u.G..8:y..vpt.vq..ytzBo...C...h\\../..K.'.../...D+.7.#..G8.v{yL.{.8...l.......|...Od......Ay.<.K<.>......M.$u.5j...t20.OGH..^...q:H..g4&..........r...^/....Nz.0..a.t........?.3..>...@....w7.Y.}..._..Q3z.vG......{..#.I.[..........f..E..'m.O..wJ.....>.%oJ"Bt.w...|.........f..a...?!q..............h.'\...o...G....b`..b..F...O?.......>..F... .?93..6...q;.V....qik.@;.W?*n..:k.....<...]..]C.....U+qmT..tu.u#en...a.6.6..%..&."E..<...L3..CS..=.....w
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 36614
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11481
                                                                                                                                                                                                Entropy (8bit):7.981940046894167
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:YczOB6tnRdml8andTUdR2sqnIC+jracFthMak+MWmfF3gZoeIPCyMAOzPaB1vAlO:bzOBwRkl8andTUdmnICutG5+LfZAPCyb
                                                                                                                                                                                                MD5:24873A406B207B56BF376D8E91ABF6E2
                                                                                                                                                                                                SHA1:F5A966BE3DA16FD16E96E8A8F3D5B52B3BA0ABF0
                                                                                                                                                                                                SHA-256:5A76BFE06016E7E85253244895181DAE54C980E2BE0D97B6D99194F5C4BB5554
                                                                                                                                                                                                SHA-512:BD26CE202B6B4BE35BEFEE8CF2F7E1A2DBD2AA786C44D1236AC88BFCA59046E1B125C832AA685B326087B5E0816ADAE2D7E45737730D99CE30F0C8AB7DEB492C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........<ks.8...'...-..Y..L&..l..GF[......]. ...... mk..._?...(......)E".@...h..*1..K...J.kY.FI..C..:."...F..g.O.*L.3.z..X.z....!..zG:...rU.gG{b:......X..J.k.(.e....X...P......T.:1..`.,dV......:.qb.".W..2._.B.u.,6..s.......J.....(aQ#.~....Q9....8K"..5.E.d.9.M.l"..H%,...W.41+&...8./R..O..4..N...J\.....x....G.6.7.'....H......g....p....L<.{n.T..8$::R.|f.t.Ei..q`....N.}.2U1/...x...".+n.@...F..;.._t%V.N.n.X2.k.g<./.p.N...z.............<K...W........:......<....,..7.[...G..,T........\..w@.o.UF..a.{|Aqx9c-.|T.....N`Lf.S..u.P.P.&.r.;M5..;mJT..C1.N@.'/.....!..oE...._+j.?z.I..:....1......~.}..X-.d.........9.k..{..,+.1.qz..^o..UF...3.b.C){M..s >... ..52..P.BFJ<....>..*...K.1.....E...@.(..4.p...+].0..Gv.....QT..5.Z.nO<....I.iF......o..........-.......Hf^B.Y.!+k....T....xW-.......#.........I.C.Y.;... .wN3P..[.7.^...-}...)..<..7.f.vFe"..x.H1(y...jp{..u.......@..E.e.....(..EV.../.n-.B.h...6`?WI.........$....~.....H#V.g7.........b.L)`.T...3.....i.@.6
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3324
                                                                                                                                                                                                Entropy (8bit):4.657970991150273
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:SDLuUETp4Y6+qu+vvQwmIYBQ2wzNade4BtT2eC7XL:SDaESS4wgqjc9qeC7XL
                                                                                                                                                                                                MD5:FE60D87048567D4FE8C8A0ED2448BCC8
                                                                                                                                                                                                SHA1:C0AD296B24F96E7C77CE564CAD2FA1A4F76024D8
                                                                                                                                                                                                SHA-256:9D6B43CE4D8DE0C878BF16B54D8E7A10D9BD42B75178153E3AF6A815BDC90F74
                                                                                                                                                                                                SHA-512:0FA9CDD317B02A5706DBB619231DDE8AD843F4052DBF2C8DAEF97FDAEEC81AF413BE12FAEC4D3BFBA583E77604596B5AAB62F1C9D54758DD32358AAA9BEBEF5A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GCC RUNTIME LIBRARY EXCEPTION..Version 3.1, 31 March 2009..Copyright (C) 2009 Free Software Foundation, Inc. <http://fsf.org/>..Everyone is permitted to copy and distribute verbatim copies of this.license document, but changing it is not allowed...This GCC Runtime Library Exception ("Exception") is an additional.permission under section 7 of the GNU General Public License, version.3 ("GPLv3"). It applies to a given file (the "Runtime Library") that.bears a notice placed by the copyright holder of the file stating that.the file is governed by GPLv3 along with this Exception...When you use GCC to compile a program, GCC may combine portions of.certain GCC header files and runtime libraries with the compiled.program. The purpose of this Exception is to allow compilation of.non-GPL (including proprietary) programs to use, in this way, the.header files and runtime libraries covered by this Exception...0. Definitions...A file is an "Independent Module" if it either requires the Runtime.Librar
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3324
                                                                                                                                                                                                Entropy (8bit):4.657970991150273
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:SDLuUETp4Y6+qu+vvQwmIYBQ2wzNade4BtT2eC7XL:SDaESS4wgqjc9qeC7XL
                                                                                                                                                                                                MD5:FE60D87048567D4FE8C8A0ED2448BCC8
                                                                                                                                                                                                SHA1:C0AD296B24F96E7C77CE564CAD2FA1A4F76024D8
                                                                                                                                                                                                SHA-256:9D6B43CE4D8DE0C878BF16B54D8E7A10D9BD42B75178153E3AF6A815BDC90F74
                                                                                                                                                                                                SHA-512:0FA9CDD317B02A5706DBB619231DDE8AD843F4052DBF2C8DAEF97FDAEEC81AF413BE12FAEC4D3BFBA583E77604596B5AAB62F1C9D54758DD32358AAA9BEBEF5A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GCC RUNTIME LIBRARY EXCEPTION..Version 3.1, 31 March 2009..Copyright (C) 2009 Free Software Foundation, Inc. <http://fsf.org/>..Everyone is permitted to copy and distribute verbatim copies of this.license document, but changing it is not allowed...This GCC Runtime Library Exception ("Exception") is an additional.permission under section 7 of the GNU General Public License, version.3 ("GPLv3"). It applies to a given file (the "Runtime Library") that.bears a notice placed by the copyright holder of the file stating that.the file is governed by GPLv3 along with this Exception...When you use GCC to compile a program, GCC may combine portions of.certain GCC header files and runtime libraries with the compiled.program. The purpose of this Exception is to allow compilation of.non-GPL (including proprietary) programs to use, in this way, the.header files and runtime libraries covered by this Exception...0. Definitions...A file is an "Independent Module" if it either requires the Runtime.Librar
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 34708
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11906
                                                                                                                                                                                                Entropy (8bit):7.982665202243619
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:X7zFICeuru4KzbI0uBeHJwmPEfbn74MxcysO9is9oVK5cwQdAGHsxoJtro5sA+vV:2CZiIeHqsPysYROUcwervJto5sAg/9
                                                                                                                                                                                                MD5:2BFA45B0D19992B16A80DDA3671969BE
                                                                                                                                                                                                SHA1:CB28BE23EC99087554385093665F2B96706348D3
                                                                                                                                                                                                SHA-256:CA57E06025443F32FCFFA186B082B7BA5A336E3846534D0D2AD4F30398420719
                                                                                                                                                                                                SHA-512:9D427280FE74C8BBFA287FF4B9D93B23FDBD92C2FE7DB3229B535BE8E1AE85AD753EF8D04D1CC7EF7B232094C5213BF549B73F92FC8CFFF9168B84AE21F0E1C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........}.s.....Wt)Wk)KR....8u.,..%.$.....HuL....LW*..~...H.....&..G?.../.nw.*k.wv....0...W.vx...C....+3r3.._..s...?.hdF7......;{`wv....ft....?5<...f..bm3.......Mea..vsWf.z..........yIft5..n.U...?.....#..q......w.6..m..i........vG..;e.....#.R^.^.\./o...q5M........'/N...\....rZ...^\.U.N..N..+p`|...y.-..9...,.].d......6o.U]. .:....4...f./j.p...^.$`..6..V.....`.....`..l..]y;.#...)y.....m..'.......Omdn`.2[..d\Z0ng...k..B0.vVW.^zi@..h..x..`.(.Q.....U1u3....<..K.......C........4.V.o..iW.YF.4.r....).%...l..9.r9..iK./...^..>....o......_............-..E..(..%.-.#..mr.-i..@8.......n...Y..mY<..!yy..0<.......3..k|........-r...n.<a...0y.+x...."w.`......#..X;.!..`uk.(.......`b.a9z........JSgn.....z..Z;..E.kC.,a.......(.Q..I...E.a|.i......P.Ff.hR....[.......N.aD.b.e...1.Q..9R....\....O...~.F....|...B..8....s..b.#.......$.A..,.......Y~...|BS0..V].Ec......70.....)....t......<m.bY...k......x:0..I..Y.B..~c....0...........{.. ......g..4E.Ft\.E2
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 34708
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11906
                                                                                                                                                                                                Entropy (8bit):7.982665202243619
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:X7zFICeuru4KzbI0uBeHJwmPEfbn74MxcysO9is9oVK5cwQdAGHsxoJtro5sA+vV:2CZiIeHqsPysYROUcwervJto5sAg/9
                                                                                                                                                                                                MD5:2BFA45B0D19992B16A80DDA3671969BE
                                                                                                                                                                                                SHA1:CB28BE23EC99087554385093665F2B96706348D3
                                                                                                                                                                                                SHA-256:CA57E06025443F32FCFFA186B082B7BA5A336E3846534D0D2AD4F30398420719
                                                                                                                                                                                                SHA-512:9D427280FE74C8BBFA287FF4B9D93B23FDBD92C2FE7DB3229B535BE8E1AE85AD753EF8D04D1CC7EF7B232094C5213BF549B73F92FC8CFFF9168B84AE21F0E1C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........}.s.....Wt)Wk)KR....8u.,..%.$.....HuL....LW*..~...H.....&..G?.../.nw.*k.wv....0...W.vx...C....+3r3.._..s...?.hdF7......;{`wv....ft....?5<...f..bm3.......Mea..vsWf.z..........yIft5..n.U...?.....#..q......w.6..m..i........vG..;e.....#.R^.^.\./o...q5M........'/N...\....rZ...^\.U.N..N..+p`|...y.-..9...,.].d......6o.U]. .:....4...f./j.p...^.$`..6..V.....`.....`..l..]y;.#...)y.....m..'.......Omdn`.2[..d\Z0ng...k..B0.vVW.^zi@..h..x..`.(.Q.....U1u3....<..K.......C........4.V.o..iW.YF.4.r....).%...l..9.r9..iK./...^..>....o......_............-..E..(..%.-.#..mr.-i..@8.......n...Y..mY<..!yy..0<.......3..k|........-r...n.<a...0y.+x...."w.`......#..X;.!..`uk.(.......`b.a9z........JSgn.....z..Z;..E.kC.,a.......(.Q..I...E.a|.i......P.Ff.hR....[.......N.aD.b.e...1.Q..9R....\....O...~.F....|...B..8....s..b.#.......$.A..,.......Y~...|BS0..V].Ec......70.....)....t......<m.bY...k......x:0..I..Y.B..~c....0...........{.. ......g..4E.Ft\.E2
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 17339
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6488
                                                                                                                                                                                                Entropy (8bit):7.968254671784316
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:g1MVFitte8mUmQdevBtpmK+rPDoNdF+UTuUh:eMV4ttTmqdNrLoXMOuUh
                                                                                                                                                                                                MD5:08135494D5D01619738BD09CBEACED57
                                                                                                                                                                                                SHA1:DFB0BFF2E359A5A2F6A51D0EABCAEBAEE0A41EAB
                                                                                                                                                                                                SHA-256:A56618EE997A62C1AFB5824C69956CC188F7955B57FEF95E50F316B958F65BDC
                                                                                                                                                                                                SHA-512:E10820D2EC9EDB40596E20EDC728674F9CCAE11C38ADF78C02887F147818A6EEC76F3D4A744A512DCCAD83BE8936E6776D57AB3FCE8B3605E662A3DE74E8AE50
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........[.s.F..9.+.t.]2.h..JbW..I.6k)R!(?*.zApHa..4..........`@.rRuW...X$.=..{.._N.(...xs].N.U....I..}..>S.u..U..i........W.k..z..P.Z..z..7:/.rOWFa...<..R.$QL.P..t~.W........e+..w.sPY.u.mU....0...y..J.)35..G..Z...|y.Wq!..Y..t..... \..+.8..2X..=u...*..oV.Lf...u..D......qI....&^.W.a.ZXgI....^..R.d.........X..-..*J(..........2.a*./..8.=<..% Ht..Y.6[X5J.xk....,...YW..._.F....*..-.+..{..dx W....I...F.]AD.g}5.1.H...V..i..f[.e.]....m....H.:].&..3..J.T..2..:.%f.L.;....../'.J..."..z..`.r.v0..>_.go.......M_..W.t....\.f..|<.Z.......^......L.+......5.....d.B.<.L.c?..t4.:.O_....l.&....-f=Z.)...f/.?.....p<./.3K/.).......`....&....._..!G.....d0...@.S,..7.L....IKT.jI:...`8.b..$=....Dj>..9.7........0.......?].!.dr..+....j`.... ....j.,....^.f......?.3....5.......a.........yx..Yy........+)p.......~..MYl(j6.O.I'l..z....9.57 u...h..G....p.US..d..|.;#Jo.....=0......W..2........j.R....}.0.!....dR...1A.._.G..9..]..W?....-.]....GR.../s....sU..$^.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 17339
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6488
                                                                                                                                                                                                Entropy (8bit):7.968254671784316
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:g1MVFitte8mUmQdevBtpmK+rPDoNdF+UTuUh:eMV4ttTmqdNrLoXMOuUh
                                                                                                                                                                                                MD5:08135494D5D01619738BD09CBEACED57
                                                                                                                                                                                                SHA1:DFB0BFF2E359A5A2F6A51D0EABCAEBAEE0A41EAB
                                                                                                                                                                                                SHA-256:A56618EE997A62C1AFB5824C69956CC188F7955B57FEF95E50F316B958F65BDC
                                                                                                                                                                                                SHA-512:E10820D2EC9EDB40596E20EDC728674F9CCAE11C38ADF78C02887F147818A6EEC76F3D4A744A512DCCAD83BE8936E6776D57AB3FCE8B3605E662A3DE74E8AE50
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........[.s.F..9.+.t.]2.h..JbW..I.6k)R!(?*.zApHa..4..........`@.rRuW...X$.=..{.._N.(...xs].N.U....I..}..>S.u..U..i........W.k..z..P.Z..z..7:/.rOWFa...<..R.$QL.P..t~.W........e+..w.sPY.u.mU....0...y..J.)35..G..Z...|y.Wq!..Y..t..... \..+.8..2X..=u...*..oV.Lf...u..D......qI....&^.W.a.ZXgI....^..R.d.........X..-..*J(..........2.a*./..8.=<..% Ht..Y.6[X5J.xk....,...YW..._.F....*..-.+..{..dx W....I...F.]AD.g}5.1.H...V..i..f[.e.]....m....H.:].&..3..J.T..2..:.%f.L.;....../'.J..."..z..`.r.v0..>_.go.......M_..W.t....\.f..|<.Z.......^......L.+......5.....d.B.<.L.c?..t4.:.O_....l.&....-f=Z.)...f/.?.....p<./.3K/.).......`....&....._..!G.....d0...@.S,..7.L....IKT.jI:...`8.b..$=....Dj>..9.7........0.......?].!.dr..+....j`.... ....j.,....^.f......?.3....5.......a.........yx..Yy........+)p.......~..MYl(j6.O.I'l..z....9.57 u...h..G....p.US..d..|.;#Jo.....=0......W..2........j.R....}.0.!....dR...1A.._.G..9..]..W?....-.]....GR.../s....sU..$^.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 12431
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4756
                                                                                                                                                                                                Entropy (8bit):7.963589231177926
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Pw4HBZoR5A3HbfzaudYN+3iHgV2jryX1XMkd1qyfyDVXRy3:Pw4hZk8gNuzV0CZMa1wVRy3
                                                                                                                                                                                                MD5:A50FE89ED2996E24414514231AECF8BF
                                                                                                                                                                                                SHA1:A6603F49EF60829033B0128146846F9E8256914F
                                                                                                                                                                                                SHA-256:6FECAF141EB6DCCA21A13D6C3ADD18F74279AA503399896B440B23E2372CDF1E
                                                                                                                                                                                                SHA-512:1067DC563568280C449A27789AC2080602A28A3494492BFC52C1DCAFEF85707552B8AC2B53D496035A4BC05DF7CFE42984BD25374FCE7C2665A22409B75C0698
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........[mw.G.....}......l..fs...9G.-..>..4C...3dz..&......7..l.......z}.....:I..4..3........[.....o.k..k5\.80i.k.v...3..503.gV%S...e....~9.Q8M.8.m.:Q...U..&.1....F.. ........DM.d.l2.nuj.4..p...$K.I.Md.j.f..[...f.ZY.&...D.,.. .J....Xc1D].....JR...2&.H&.4.4.i).gi.E..0.4..'$.\g..i.E.m..H.IH.,........=.X.N,..be3(+.....qrC..e....'Y...^..".$:%g.b],p."..rc.n......`.......F.FsR.$X-.^:..3.%...Z..^.#[...F.....}.V=..Bz!....c.|..3[.]..\.....r$vE.O...@.E..%z...2.$w.s3e.& ..../%....".....a...Mg.U.|1...vO..;<.A.U.7..N.T..{...|9....._;C,..+z.:.w...b...U....3..@y..........{.R .z..:....^..[.)m.U...;8y...c....c.^....{...u.......@]\...C!G[;..'g...{.....Zu.....u..U......!;.gB.9a....{2.-..N.9.w.R..O..o..Lg........Kx..N;.W._.3..]N...s....^..G..r.U....!...aw.....Pg.!k.r.m......T...||9.Yy~o..../F~.......@.......=.6....#..6DK.y.....+k.C..B.'#&Wy.|..Qe...}u.C.']z.'Jo.a....Cz...o:.d....2...../n.a..RuN..I|.2.a.;..dR.....EL..o.....B.Jg..v.o?W..H4..g...n./^....O..M.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 12431
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4756
                                                                                                                                                                                                Entropy (8bit):7.963589231177926
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Pw4HBZoR5A3HbfzaudYN+3iHgV2jryX1XMkd1qyfyDVXRy3:Pw4hZk8gNuzV0CZMa1wVRy3
                                                                                                                                                                                                MD5:A50FE89ED2996E24414514231AECF8BF
                                                                                                                                                                                                SHA1:A6603F49EF60829033B0128146846F9E8256914F
                                                                                                                                                                                                SHA-256:6FECAF141EB6DCCA21A13D6C3ADD18F74279AA503399896B440B23E2372CDF1E
                                                                                                                                                                                                SHA-512:1067DC563568280C449A27789AC2080602A28A3494492BFC52C1DCAFEF85707552B8AC2B53D496035A4BC05DF7CFE42984BD25374FCE7C2665A22409B75C0698
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........[mw.G.....}......l..fs...9G.-..>..4C...3dz..&......7..l.......z}.....:I..4..3........[.....o.k..k5\.80i.k.v...3..503.gV%S...e....~9.Q8M.8.m.:Q...U..&.1....F.. ........DM.d.l2.nuj.4..p...$K.I.Md.j.f..[...f.ZY.&...D.,.. .J....Xc1D].....JR...2&.H&.4.4.i).gi.E..0.4..'$.\g..i.E.m..H.IH.,........=.X.N,..be3(+.....qrC..e....'Y...^..".$:%g.b],p."..rc.n......`.......F.FsR.$X-.^:..3.%...Z..^.#[...F.....}.V=..Bz!....c.|..3[.]..\.....r$vE.O...@.E..%z...2.$w.s3e.& ..../%....".....a...Mg.U.|1...vO..;<.A.U.7..N.T..{...|9....._;C,..+z.:.w...b...U....3..@y..........{.R .z..:....^..[.)m.U...;8y...c....c.^....{...u.......@]\...C!G[;..'g...{.....Zu.....u..U......!;.gB.9a....{2.-..N.9.w.R..O..o..Lg........Kx..N;.W._.3..]N...s....^..G..r.U....!...aw.....Pg.!k.r.m......T...||9.Yy~o..../F~.......@.......=.6....#..6DK.y.....+k.C..B.'#&Wy.|..Qe...}u.C.']z.'Jo.a....Cz...o:.d....2...../n.a..RuN..I|.2.a.;..dR.....EL..o.....B.Jg..v.o?W..H4..g...n./^....O..M.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35815
                                                                                                                                                                                                Entropy (8bit):4.622965346596128
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:A7Y+tNdSz3ZlqXOWoInuzx3Y8N3WiAD0Jv:AVtNIq1uzZY1q
                                                                                                                                                                                                MD5:9C25E1CDC3B5122842A6A70FAB49A522
                                                                                                                                                                                                SHA1:2EA9F02239DC6B5FDBFFF01FCDF85BCC8C13667C
                                                                                                                                                                                                SHA-256:53927BD0B739D38C87A0A82236FD9B070C2DFFF11C0C119BE50372005D5047AD
                                                                                                                                                                                                SHA-512:7A0429020657FCF4B6035C393B10A98978360E99F3B0A092373057378A406BF016D8A96F41E3A4ED023343CE6805CD94CB5861DF81503D105291EFC51119E3C9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: GNU GENERAL PUBLIC LICENSE.. Version 3, 29 June 2007.... Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed..... Preamble.... The GNU General Public License is a free, copyleft license for..software and other kinds of works..... The licenses for most software and other practical works are designed..to take away your freedom to share and change the works. By contrast,..the GNU General Public License is intended to guarantee your freedom to..share and change all versions of a program--to make sure it remains free..software for all its users. We, the Free Software Foundation, use the..GNU General Public License for most of our software; it applies also to..any other work released this way by its authors. You can apply it to..your programs, too..... When we speak of free software
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):134
                                                                                                                                                                                                Entropy (8bit):4.841558315007637
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEd9EFKkCXdFwkoFRIyK8qJ6tEd9EjT4RigNUcrMVovn:2uQFKSZBqJ6uQv40mZp
                                                                                                                                                                                                MD5:1BC0303C1A9801768EC7AE4E4947536D
                                                                                                                                                                                                SHA1:676A1D6475D82015FC722F9FAF9244C04D3A7EF0
                                                                                                                                                                                                SHA-256:78541436076111CB84F2BAC0FE4BC8E6CC91743FBB016B3EF80B89D3D58B6ED9
                                                                                                                                                                                                SHA-512:E2029FE5A70651EAC11E4772D66B47F11DBD43161755E60A8E6D7E3D600183334CE173B5A08EAE24870671495238153E838F48A16D4BD0150A6698649BBBA462
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe..https://github.com/harelba/q/archive/refs/tags/2.0.19.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):134
                                                                                                                                                                                                Entropy (8bit):4.841558315007637
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEd9EFKkCXdFwkoFRIyK8qJ6tEd9EjT4RigNUcrMVovn:2uQFKSZBqJ6uQv40mZp
                                                                                                                                                                                                MD5:1BC0303C1A9801768EC7AE4E4947536D
                                                                                                                                                                                                SHA1:676A1D6475D82015FC722F9FAF9244C04D3A7EF0
                                                                                                                                                                                                SHA-256:78541436076111CB84F2BAC0FE4BC8E6CC91743FBB016B3EF80B89D3D58B6ED9
                                                                                                                                                                                                SHA-512:E2029FE5A70651EAC11E4772D66B47F11DBD43161755E60A8E6D7E3D600183334CE173B5A08EAE24870671495238153E838F48A16D4BD0150A6698649BBBA462
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe..https://github.com/harelba/q/archive/refs/tags/2.0.19.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1566
                                                                                                                                                                                                Entropy (8bit):5.565538419382493
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:b7Bp747BfKc6zqGqNPfSmiXDYrH3mfotT:Q9DZJKW2Q1
                                                                                                                                                                                                MD5:C22F1914C559C00286C0A1A531B6DD1B
                                                                                                                                                                                                SHA1:1D27339DF9ABC524083CE0E3B273236FEBCB3C00
                                                                                                                                                                                                SHA-256:E53F3808A6FA1107050FB0131F6DFA3EBD524CDB49F78B5F9831209C0D6687A4
                                                                                                                                                                                                SHA-512:9D731A355EB4B0E8AB6F1A579F68BA156D26C38112422D9ADD5E54ABDD2A1BCEC56F71AA949620BD267F72190EAD54D6676C810C6D911968EE8D33BC3320C3C3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..if "%PROCESSOR_ARCHITECTURE%" == "AMD64" goto :next..if "%PROCESSOR_ARCHITEW6432%" == "AMD64" goto :next..if "%PROCESSOR_ARCHITECTURE%" == "ARM64" (.. rem Check if the OS is Windows 11.. (ver | findstr /c:"Version 10.0.2") > NUL && goto :next..).. ..echo QueryCSV and QueryTSV plugins are only supported on x64 systems..goto :eof....:next..set DOWNLOAD_URL=https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe..set Q_PATH=Commands\q\q-AMD64-Windows.exe..set MESSAGE='q command is not installed. Do you want to download it from %DOWNLOAD_URL%?'..set TITLE='CSV/TSV Data Querier Plugin'..set SHA256=f534ab37868d4fd5a472f8be0936b42583bc08860f92fa8135ab16c0d80a03f1....cd "%APPDATA%\WinMerge"..if not exist %Q_PATH% (.. cd "%~dp0..\..".. if not exist %Q_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%Q_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1)
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35815
                                                                                                                                                                                                Entropy (8bit):4.622965346596128
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:A7Y+tNdSz3ZlqXOWoInuzx3Y8N3WiAD0Jv:AVtNIq1uzZY1q
                                                                                                                                                                                                MD5:9C25E1CDC3B5122842A6A70FAB49A522
                                                                                                                                                                                                SHA1:2EA9F02239DC6B5FDBFFF01FCDF85BCC8C13667C
                                                                                                                                                                                                SHA-256:53927BD0B739D38C87A0A82236FD9B070C2DFFF11C0C119BE50372005D5047AD
                                                                                                                                                                                                SHA-512:7A0429020657FCF4B6035C393B10A98978360E99F3B0A092373057378A406BF016D8A96F41E3A4ED023343CE6805CD94CB5861DF81503D105291EFC51119E3C9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: GNU GENERAL PUBLIC LICENSE.. Version 3, 29 June 2007.... Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed..... Preamble.... The GNU General Public License is a free, copyleft license for..software and other kinds of works..... The licenses for most software and other practical works are designed..to take away your freedom to share and change the works. By contrast,..the GNU General Public License is intended to guarantee your freedom to..share and change all versions of a program--to make sure it remains free..software for all its users. We, the Free Software Foundation, use the..GNU General Public License for most of our software; it applies also to..any other work released this way by its authors. You can apply it to..your programs, too..... When we speak of free software
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1566
                                                                                                                                                                                                Entropy (8bit):5.565538419382493
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:b7Bp747BfKc6zqGqNPfSmiXDYrH3mfotT:Q9DZJKW2Q1
                                                                                                                                                                                                MD5:C22F1914C559C00286C0A1A531B6DD1B
                                                                                                                                                                                                SHA1:1D27339DF9ABC524083CE0E3B273236FEBCB3C00
                                                                                                                                                                                                SHA-256:E53F3808A6FA1107050FB0131F6DFA3EBD524CDB49F78B5F9831209C0D6687A4
                                                                                                                                                                                                SHA-512:9D731A355EB4B0E8AB6F1A579F68BA156D26C38112422D9ADD5E54ABDD2A1BCEC56F71AA949620BD267F72190EAD54D6676C810C6D911968EE8D33BC3320C3C3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..if "%PROCESSOR_ARCHITECTURE%" == "AMD64" goto :next..if "%PROCESSOR_ARCHITEW6432%" == "AMD64" goto :next..if "%PROCESSOR_ARCHITECTURE%" == "ARM64" (.. rem Check if the OS is Windows 11.. (ver | findstr /c:"Version 10.0.2") > NUL && goto :next..).. ..echo QueryCSV and QueryTSV plugins are only supported on x64 systems..goto :eof....:next..set DOWNLOAD_URL=https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe..set Q_PATH=Commands\q\q-AMD64-Windows.exe..set MESSAGE='q command is not installed. Do you want to download it from %DOWNLOAD_URL%?'..set TITLE='CSV/TSV Data Querier Plugin'..set SHA256=f534ab37868d4fd5a472f8be0936b42583bc08860f92fa8135ab16c0d80a03f1....cd "%APPDATA%\WinMerge"..if not exist %Q_PATH% (.. cd "%~dp0..\..".. if not exist %Q_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%Q_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1)
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2039
                                                                                                                                                                                                Entropy (8bit):4.657764928272199
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:waOnGtUKAPZuknB8kDstCbMJNLMKKvJFrpPAA:waOnGt9ANgAbKMxR4A
                                                                                                                                                                                                MD5:FCA2FCC0C318CB66D3871F8906117B17
                                                                                                                                                                                                SHA1:25AB2F51391C272FEC1396067B3610FC55563853
                                                                                                                                                                                                SHA-256:E7D0BE075BC6F0426E382AE715B0F9D45B16E8BF01E216EE29D14184C3CE4643
                                                                                                                                                                                                SHA-512:BCE4A63C4DF39A0634D9EDEB3AA6C00C976164A75998A1E9E9C679DB547BD355A332FD1DD519D03F054C5D6DF9E4BDA853FCC605157E1C65295A9E3A0F848474
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# HTML Tidy..## HTML parser and pretty printer..Copyright (c) 1998-2016 World Wide Web Consortium.(Massachusetts Institute of Technology, European Research .Consortium for Informatics and Mathematics, Keio University)..All Rights Reserved...Additional contributions (c) 2001-2016 University of Toronto, Terry Teague, .@geoffmcl, HTACG, and others...### Contributing Author(s):.. Dave Raggett <dsr@w3.org>..The contributing author(s) would like to thank all those who.helped with testing, bug fixes and suggestions for improvements. .This wouldn't have been possible without your help...## COPYRIGHT NOTICE:..This software and documentation is provided "as is," and.the copyright holders and contributing author(s) make no.representations or warranties, express or implied, including.but not limited to, warranties of merchantability or fitness.for any particular purpose or that the use of the software or.documentation will not infringe any third party patents,.copyrights, trademarks or other righ
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):656384
                                                                                                                                                                                                Entropy (8bit):5.636252683370469
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:UuHtXrfWv3W/l82KKRPY/kKEPLzLOB1mpPjhTgs4SZeVhsqjcr5MLxqVz:UuHRr2G/VukKa3OBwZj0sqjcr04
                                                                                                                                                                                                MD5:58CAAE364D18ACE58A888693EBF04ECD
                                                                                                                                                                                                SHA1:BD54E72DEC083380E542302C73F6F57D87776497
                                                                                                                                                                                                SHA-256:A2292D0AA8D3F219591FC3EF88FE4B9B6DC0E9C71947DA2DC0BD1D245EAE88B2
                                                                                                                                                                                                SHA-512:2DAC1A499B70239885DD69E47E747B8DDA95CCA5114C1C6091CE60CB6BE8479445818DDC4F681FF1059C13A7438EB322E0070B2F04F5AA792E5390E557B4C1C5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MJ...J...J.....Q.A.....S......R.S....!g.H...q..]...q..\...q..E...C.3.I...J...)......Q......K....._.K......K...RichJ...................PE..L...9.2Y...........!.................i.......................................`............@..............................%..T...(............................ ..X;......................................@...............P............................text............................... ..`.rdata..............................@..@.data...d...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..X;... ...<..................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2039
                                                                                                                                                                                                Entropy (8bit):4.657764928272199
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:waOnGtUKAPZuknB8kDstCbMJNLMKKvJFrpPAA:waOnGt9ANgAbKMxR4A
                                                                                                                                                                                                MD5:FCA2FCC0C318CB66D3871F8906117B17
                                                                                                                                                                                                SHA1:25AB2F51391C272FEC1396067B3610FC55563853
                                                                                                                                                                                                SHA-256:E7D0BE075BC6F0426E382AE715B0F9D45B16E8BF01E216EE29D14184C3CE4643
                                                                                                                                                                                                SHA-512:BCE4A63C4DF39A0634D9EDEB3AA6C00C976164A75998A1E9E9C679DB547BD355A332FD1DD519D03F054C5D6DF9E4BDA853FCC605157E1C65295A9E3A0F848474
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# HTML Tidy..## HTML parser and pretty printer..Copyright (c) 1998-2016 World Wide Web Consortium.(Massachusetts Institute of Technology, European Research .Consortium for Informatics and Mathematics, Keio University)..All Rights Reserved...Additional contributions (c) 2001-2016 University of Toronto, Terry Teague, .@geoffmcl, HTACG, and others...### Contributing Author(s):.. Dave Raggett <dsr@w3.org>..The contributing author(s) would like to thank all those who.helped with testing, bug fixes and suggestions for improvements. .This wouldn't have been possible without your help...## COPYRIGHT NOTICE:..This software and documentation is provided "as is," and.the copyright holders and contributing author(s) make no.representations or warranties, express or implied, including.but not limited to, warranties of merchantability or fitness.for any particular purpose or that the use of the software or.documentation will not infringe any third party patents,.copyrights, trademarks or other righ
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):643072
                                                                                                                                                                                                Entropy (8bit):5.637579642460327
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:NPlX7UmLs/mwO8UCzPv8rxIyJ+QO+GVJz9JvDF1sqjcrlBvRX0gGeOMw3f1pk:ERmEPv8xIjQXg9psqjcrIMwP1pk
                                                                                                                                                                                                MD5:0781B34905DFB8A5383E726293E2480F
                                                                                                                                                                                                SHA1:2AA53E4E6D2F3E0FE34FD67F87752D7DAF236354
                                                                                                                                                                                                SHA-256:A0047FEB097747BBF8393F6CD6E3A849F8BB4227E5B6A401B858C7DD188C4441
                                                                                                                                                                                                SHA-512:D55424FC40B4E4D5C7FDFD85A29776E1DF3F5FB73E5A3B2273BD1AC42D14D55EB05957E524D05154B122E494E9FECDCB994824D6FD102C4EA5CDA2331386C64B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 7%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V5n..T...T...T......T.....T......T......T..)....T..)....T..)....T...,...T...T..wT.......T.......T.......T..Rich.T..........PE..L...6.2Y.................8...........\.......P....@.......................... ............@.................................d...(...............................d8..@...............................`...@............P..X............................text...e7.......8.................. ..`.rdata.."....P.......<..............@..@.data...0...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..d8.......:..................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):656384
                                                                                                                                                                                                Entropy (8bit):5.636252683370469
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:UuHtXrfWv3W/l82KKRPY/kKEPLzLOB1mpPjhTgs4SZeVhsqjcr5MLxqVz:UuHRr2G/VukKa3OBwZj0sqjcr04
                                                                                                                                                                                                MD5:58CAAE364D18ACE58A888693EBF04ECD
                                                                                                                                                                                                SHA1:BD54E72DEC083380E542302C73F6F57D87776497
                                                                                                                                                                                                SHA-256:A2292D0AA8D3F219591FC3EF88FE4B9B6DC0E9C71947DA2DC0BD1D245EAE88B2
                                                                                                                                                                                                SHA-512:2DAC1A499B70239885DD69E47E747B8DDA95CCA5114C1C6091CE60CB6BE8479445818DDC4F681FF1059C13A7438EB322E0070B2F04F5AA792E5390E557B4C1C5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MJ...J...J.....Q.A.....S......R.S....!g.H...q..]...q..\...q..E...C.3.I...J...)......Q......K....._.K......K...RichJ...................PE..L...9.2Y...........!.................i.......................................`............@..............................%..T...(............................ ..X;......................................@...............P............................text............................... ..`.rdata..............................@..@.data...d...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..X;... ...<..................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):643072
                                                                                                                                                                                                Entropy (8bit):5.637579642460327
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:NPlX7UmLs/mwO8UCzPv8rxIyJ+QO+GVJz9JvDF1sqjcrlBvRX0gGeOMw3f1pk:ERmEPv8xIjQXg9psqjcrIMwP1pk
                                                                                                                                                                                                MD5:0781B34905DFB8A5383E726293E2480F
                                                                                                                                                                                                SHA1:2AA53E4E6D2F3E0FE34FD67F87752D7DAF236354
                                                                                                                                                                                                SHA-256:A0047FEB097747BBF8393F6CD6E3A849F8BB4227E5B6A401B858C7DD188C4441
                                                                                                                                                                                                SHA-512:D55424FC40B4E4D5C7FDFD85A29776E1DF3F5FB73E5A3B2273BD1AC42D14D55EB05957E524D05154B122E494E9FECDCB994824D6FD102C4EA5CDA2331386C64B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 7%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V5n..T...T...T......T.....T......T......T..)....T..)....T..)....T...,...T...T..wT.......T.......T.......T..Rich.T..........PE..L...6.2Y.................8...........\.......P....@.......................... ............@.................................d...(...............................d8..@...............................`...@............P..X............................text...e7.......8.................. ..`.rdata.."....P.......<..............@..@.data...0...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..d8.......:..................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1073
                                                                                                                                                                                                Entropy (8bit):5.139723101957799
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:J5rzJHkH0yw3gt3DQJq1hBE9QHbsUv4fOk4/+8/3oqaFN:J5HJMlUE/BGQHbs5JK/3oDFN
                                                                                                                                                                                                MD5:F746027DDDCC918DB68B8905C2D3CCBA
                                                                                                                                                                                                SHA1:F1EE4F4E7B72BA2C090FEBEE2D413BDA38F9FCFE
                                                                                                                                                                                                SHA-256:AEE8102444F037D29D2157FE8B5627A9EBA34DC15DE8B7DABA242E5804348602
                                                                                                                                                                                                SHA-512:27047D7C1777F2623464F35E6AD6A0E74F79AF5A8034A449A31DD1122C2AFEB6D5E32EAF282C57CBA6E407956E4E42922DD8A10286FA75E632C9956F3408A7D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (c) 2017 Mike Farah....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,..OUT OF OR IN CONN
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):141
                                                                                                                                                                                                Entropy (8bit):4.808641378616769
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEd4Oe0kCMU5lyf6tEd4OevT4RigT9Vy:2uuO3awG6uuOA406Vy
                                                                                                                                                                                                MD5:970FD55834D487D8E9861AA870A0E711
                                                                                                                                                                                                SHA1:6D1D249C26CE4411C27FDD271777D3B298815A89
                                                                                                                                                                                                SHA-256:3D6C18E34709A88E9A141FE0B486F6EFB467C61ABC214EF4EA39A66A69715C2B
                                                                                                                                                                                                SHA-512:3F84C0CB2D84AB6E419B7E65656137D4EE9A8AC459947B8079C9975EBF7C41C8888C15CAF0AE7EE0163578677A9EB464B3DBECCC3A2A5968EB99087BCD3A3752
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe..https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1235
                                                                                                                                                                                                Entropy (8bit):5.5393711308103475
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:otL8Dbw0P6VT+xD2oXk/H3mKlgbe61IfY:A4w0P6JPrH3mKltrY
                                                                                                                                                                                                MD5:01BDBF3652B6DEC639560B259D1BA7D6
                                                                                                                                                                                                SHA1:6AFC20C69DFF3DBC141D9A4666E1C2236FB187F2
                                                                                                                                                                                                SHA-256:699A464E99C9344D28640CD135CD602673049913D1C1CED29CF94E6C2334BDE9
                                                                                                                                                                                                SHA-512:EC49CB3658B2C9DEF2726CF5C247198C2871C4096F3633122327E7CE4A5C51DB523235810AE68C2C498B15707AD065282E9099AF181FBEAE61711E8AD60B45E0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off....set DOWNLOAD_URL=https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe..set YQ_PATH=Commands\yq\yq_windows_386.exe..set MESSAGE='yq command is not installed. Do you want to download it from %DOWNLOAD_URL%?'..set TITLE='YAML Data Querier Plugin'..set SHA256=fde958b4f5830d0cb878bedcb4a3155e4b269520ceeb33966d9b326fb5c62bb2....cd "%APPDATA%\WinMerge"..if not exist %YQ_PATH% (.. cd "%~dp0..\..".. if not exist %YQ_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%YQ_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri %DOWNLOAD_URL% -UseBasicParsing -Outfile %YQ_PATH%".. powershell -command "
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1073
                                                                                                                                                                                                Entropy (8bit):5.139723101957799
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:J5rzJHkH0yw3gt3DQJq1hBE9QHbsUv4fOk4/+8/3oqaFN:J5HJMlUE/BGQHbs5JK/3oDFN
                                                                                                                                                                                                MD5:F746027DDDCC918DB68B8905C2D3CCBA
                                                                                                                                                                                                SHA1:F1EE4F4E7B72BA2C090FEBEE2D413BDA38F9FCFE
                                                                                                                                                                                                SHA-256:AEE8102444F037D29D2157FE8B5627A9EBA34DC15DE8B7DABA242E5804348602
                                                                                                                                                                                                SHA-512:27047D7C1777F2623464F35E6AD6A0E74F79AF5A8034A449A31DD1122C2AFEB6D5E32EAF282C57CBA6E407956E4E42922DD8A10286FA75E632C9956F3408A7D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (c) 2017 Mike Farah....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,..OUT OF OR IN CONN
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):141
                                                                                                                                                                                                Entropy (8bit):4.808641378616769
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEd4Oe0kCMU5lyf6tEd4OevT4RigT9Vy:2uuO3awG6uuOA406Vy
                                                                                                                                                                                                MD5:970FD55834D487D8E9861AA870A0E711
                                                                                                                                                                                                SHA1:6D1D249C26CE4411C27FDD271777D3B298815A89
                                                                                                                                                                                                SHA-256:3D6C18E34709A88E9A141FE0B486F6EFB467C61ABC214EF4EA39A66A69715C2B
                                                                                                                                                                                                SHA-512:3F84C0CB2D84AB6E419B7E65656137D4EE9A8AC459947B8079C9975EBF7C41C8888C15CAF0AE7EE0163578677A9EB464B3DBECCC3A2A5968EB99087BCD3A3752
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe..https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1235
                                                                                                                                                                                                Entropy (8bit):5.5393711308103475
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:otL8Dbw0P6VT+xD2oXk/H3mKlgbe61IfY:A4w0P6JPrH3mKltrY
                                                                                                                                                                                                MD5:01BDBF3652B6DEC639560B259D1BA7D6
                                                                                                                                                                                                SHA1:6AFC20C69DFF3DBC141D9A4666E1C2236FB187F2
                                                                                                                                                                                                SHA-256:699A464E99C9344D28640CD135CD602673049913D1C1CED29CF94E6C2334BDE9
                                                                                                                                                                                                SHA-512:EC49CB3658B2C9DEF2726CF5C247198C2871C4096F3633122327E7CE4A5C51DB523235810AE68C2C498B15707AD065282E9099AF181FBEAE61711E8AD60B45E0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off....set DOWNLOAD_URL=https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe..set YQ_PATH=Commands\yq\yq_windows_386.exe..set MESSAGE='yq command is not installed. Do you want to download it from %DOWNLOAD_URL%?'..set TITLE='YAML Data Querier Plugin'..set SHA256=fde958b4f5830d0cb878bedcb4a3155e4b269520ceeb33966d9b326fb5c62bb2....cd "%APPDATA%\WinMerge"..if not exist %YQ_PATH% (.. cd "%~dp0..\..".. if not exist %YQ_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%YQ_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri %DOWNLOAD_URL% -UseBasicParsing -Outfile %YQ_PATH%".. powershell -command "
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9087
                                                                                                                                                                                                Entropy (8bit):5.294161224264135
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:pk+y285bYzFCBShKc2cW6tMzG1im8ZOwy2q4CONE6XG:q+mMBhKc2G/8ZOwyN4CONVG
                                                                                                                                                                                                MD5:194C2FD9CF27231E588579683344DC09
                                                                                                                                                                                                SHA1:8F2A75989268609F0F41B6DFB1932E44120921D9
                                                                                                                                                                                                SHA-256:6A29845E6AFAFEF5252F8FE58CA07708620260FD71B3FBB36AD58651DCFA4BEB
                                                                                                                                                                                                SHA-512:C6C1138843585BCD9A990E20887C752D38B6A9F5B51EFB0A995B23AF79097694B6D4AC1D81052979A41A427A73B333CBEED113175B7A80AF194611B7A41B8232
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..People who have contributed to WinMerge..---------------------------------------....Original developer, project admin:..* Dean Grimm <grimmdp@yahoo.com>....Project lead:..* Christian List <list1974@hotmail.com>....Developers:..* Denis Bradford <denisbradford@users.sourceforge.net>..* Tim Gerundt <tim@gerundt.de>..* Marcel Gosselin <marcelgosselin@users.sourceforge.net>..* Gal Hammer <galh@users.sourceforge.net>..* Takashi Sawanaka <sdottaka@users.sourceforge.net>..* Alexander Skinner (Graphic Design) <neonapple@users.sourceforge.net>..* Jochen Tucht <jtuc@users.sourceforge.net>....Inactive/past developers:..* Laurent Ganier..* Dennis Limm..* Chris Mumford..* Perry Rapp..* Christian "Seier" Blackburn (Installer)..* Kimmo Varis <kimmov@winmerge.org>....Localization:..* Arabic:.. Downzen team <https://downzen.com>....* Basque:.. Xabier Aramendi <Azpidatziak@gmail.com> ....* Bulgarian:.. Sld <sld|mail.bg>.. tigertron <ivg_18@yahoo.com>.. Yanko Yankov <yankonik70 at hotmail.com>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (10419), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):188293
                                                                                                                                                                                                Entropy (8bit):5.400052052014627
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:iE8wR6yLftzYusjOql3mc/CoMCPRWMHmWFGrReKr9:iE8C6yL1zYDqo31vPIR9
                                                                                                                                                                                                MD5:C0BC6B707599D3389A904ACCD3B1D29B
                                                                                                                                                                                                SHA1:21FD97C6EE36E4BF6C9B5103AFAA954CFDDB30F1
                                                                                                                                                                                                SHA-256:B7BED3B51C85786AF578DD08EBD585542F9B210F9C1DDF3F9ED1BA6FA970FFE3
                                                                                                                                                                                                SHA-512:ED394582CAB40EFC189033B95296AD31669EE52369153E29B3E5B61EE05CB5F7DC9053A741178B1E5C747727B94D818C081FD7F71FB5FBB77CC3A157E5EBF4BD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml" lang xml:lang>..<head>.. <meta charset="utf-8" />.. <meta name="generator" content="pandoc" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />.. <title>ChangeLog</title>.. <style>..code{white-space: pre-wrap;}..span.smallcaps{font-variant: small-caps;}..div.columns{display: flex; gap: min(4vw, 1.5em);}..div.column{flex: auto; overflow-x: auto;}..div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}....ul.task-list[class]{list-style: none;}..ul.task-list li input[type="checkbox"] {..font-size: inherit;..width: 0.8em;..margin: 0 0.8em 0.2em -1.6em;..vertical-align: middle;..}...display.math{display: block; text-align: center; margin: 0.5rem auto;}..</style>.. <style type="text/css">article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary {display: block;}audio,canvas,video {display: inline-block;}audio:not([controls]) {display: none;height: 0
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19610
                                                                                                                                                                                                Entropy (8bit):4.867663780720245
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:emSQYkZR4X2n6xUQeNbOsTP7BZR20MyBei6+ogExlJ2:ZlFj0E3ZbVei6+ogExlI
                                                                                                                                                                                                MD5:FD71BB2AB1F19C9EABAB911328203531
                                                                                                                                                                                                SHA1:0F894898E6428DC0D9C1B397ED8AF5BCBB9D5495
                                                                                                                                                                                                SHA-256:34F8865FD79D7AB78701C8CEE5C1B4A74A93324271369DEB2EF5C4B015D44CE3
                                                                                                                                                                                                SHA-512:12B41E35FAC85280325C0A303A98C1CD7FFA6055307013880F17E4F10FBF7D64A467EF21EB3AE82007B2ACE29FE3A027B72F1AAA875FE4666EA3A495F86FB732
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Arial;}{\f1\froman\fprq2\fcharset2 Symbol;}{\f2\fmodern\fprq1\fcharset0 Courier New;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Riched20 10.0.16299}\viewkind4\uc1 ..\pard\s2\sb100\sa100\b\f0\fs24 GNU GENERAL PUBLIC LICENSE\par....\pard\sb100\sa100\b0\fs20 Version 2, June 1991 \par....\pard Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.\fs24 \par....\pard\s2\sb100\sa100\b Preamble\par....\pard\sb100\sa100\b0\fs20 The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is fre
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2018
                                                                                                                                                                                                Entropy (8bit):4.727835384823898
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:h04M+knMptYv9WfMg9dIBXp6fM0tp3bEWNW0bK6:hxM+Xcv9Wf/YLMM0jBbK6
                                                                                                                                                                                                MD5:83A8A7F12B73936EE7CED7FEDE862557
                                                                                                                                                                                                SHA1:869A7B7B28B3298A0B8BB7E26042793AB02288EF
                                                                                                                                                                                                SHA-256:3B01C3BEF8F5E5FA8ABFE008B71C818C6BF727AC6A737CA6068C9E9B0824F6A9
                                                                                                                                                                                                SHA-512:6BB4289C0628A31A9E926F23219603A212FB4A07A2226C81459A0A3C389EB54677F6EFC2245DE40AB5178B17017EEA401944E8668BFDA1C531F80417CF61C4DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:WINMERGE....WinMerge is an Open Source comparing and merging tool for Windows. WinMerge can..compare both folders and files, presenting differences in a visual text format..that is easy to understand and handle. WinMerge can be used as an external..differencing/merging tool or as a standalone application.....WinMerge has many helpful supporting features to make comparing, synchronising,..and merging as easy and useful as possible. Several programming languages and..other file formats are syntax-highlighted.....The latest WinMerge version and WinMerge information is available at..https://winmerge.org/.....Quick start..===========..To learn how to perform basic operations after installing WinMerge, click..Help>WinMerge Help and navigate to the Quick start topic. Or, go to the Web..version at https://manual.winmerge.org/Quick_start.html.....WinMerge Help..============= ..WinMerge Help is installed locally as a Microsoft HTML Help file, WinMerge.chm,..when you install WinMerge. To open He
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines (10419), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16545
                                                                                                                                                                                                Entropy (8bit):5.5796009164122635
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:zphrv7frnD9pG2UyCOCqaf3pFhX8CF4cqL+:fJk2Ux1fpFhMCF4S
                                                                                                                                                                                                MD5:FEBAB85D1F9E87F63637C09797F84D48
                                                                                                                                                                                                SHA1:EBD82C442E2D2130A5A1D3926F33697992C24E45
                                                                                                                                                                                                SHA-256:D9D2A9ADD5EFEBA998585D1FD5BF7A61F6A82C2725621FDBD4D07D95CA292103
                                                                                                                                                                                                SHA-512:AC2E13BAE1136000A87DC10ABF5E29A09E9A6E17BC87702CBA1B9BAEDF145094AF52FC9D95685BAE20563FB7A604A7B6FA0AD105E3A9FB7409E4AAC97530495A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml" lang xml:lang>..<head>.. <meta charset="utf-8" />.. <meta name="generator" content="pandoc" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />.. <title>ReleaseNotes</title>.. <style>..code{white-space: pre-wrap;}..span.smallcaps{font-variant: small-caps;}..div.columns{display: flex; gap: min(4vw, 1.5em);}..div.column{flex: auto; overflow-x: auto;}..div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}....ul.task-list[class]{list-style: none;}..ul.task-list li input[type="checkbox"] {..font-size: inherit;..width: 0.8em;..margin: 0 0.8em 0.2em -1.6em;..vertical-align: middle;..}...display.math{display: block; text-align: center; margin: 0.5rem auto;}..</style>.. <style type="text/css">article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary {display: block;}audio,canvas,video {display: inline-block;}audio:not([controls]) {display: none;height
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1029392
                                                                                                                                                                                                Entropy (8bit):7.98952148834042
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:j5OBYUaJgR6rtqm1uzrShGMG076s1TsIV/Jz5YfUOi:+jsr8pmGMG07fTsIV/V5YMj
                                                                                                                                                                                                MD5:068E7FE2AA2CE33373FF0F9874E29D3C
                                                                                                                                                                                                SHA1:042E2BDD93F688CDC20AD773F0970084A6DD81C1
                                                                                                                                                                                                SHA-256:F178BA3C9733FAC83363CC78DFD6A7111645FB81970B109B0E9259D3E9961337
                                                                                                                                                                                                SHA-512:45AA382670E5E55E3431FF6FCC26FC3F38D93D104776C0A70486F7A9AE070019AEF46094D2A52BB0D3E54B54C858AD785BCF797B3AAD947AD1A7EB9338D6ED60
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:ITSF....`.......j..B.......|.{.......".....|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGL4................/..../#IDXHDR....../#ITBITS..../#STRINGS..,.H./#SYSTEM....6./#TOCIDX......./#TOPICS.... ./#URLSTR...U..W./#URLTBL..9.../#WINDOWS..%.L./$FIftiMain..,..]./$OBJINST...m.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...i../$WWKeywordLinks/..../$WWKeywordLinks/BTree..q..L./$WWKeywordLinks/Data...=.../$WWKeywordLinks/Map...?.../$WWKeywordLinks/Property...I ./htmlhelp/..../htmlhelp/About_Doc.html.....$./htmlhelp/Command_line.html......../htmlhelp/Compare_bin.html...'.4./htmlhelp/Compare_dirs.html...M..../htmlhelp/Compare_files.html...[..L./htmlhelp/Compare_images.html...b.*./htmlhelp/Compare_table.html...[.../htmlhelp/Compare_webpages.html.....(./htmlhelp/Configuration.html...4..t./htmlhelp/css/..../htmlhelp/css/all.css....../htmlhelp/css/help.css......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19610
                                                                                                                                                                                                Entropy (8bit):4.867663780720245
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:emSQYkZR4X2n6xUQeNbOsTP7BZR20MyBei6+ogExlJ2:ZlFj0E3ZbVei6+ogExlI
                                                                                                                                                                                                MD5:FD71BB2AB1F19C9EABAB911328203531
                                                                                                                                                                                                SHA1:0F894898E6428DC0D9C1B397ED8AF5BCBB9D5495
                                                                                                                                                                                                SHA-256:34F8865FD79D7AB78701C8CEE5C1B4A74A93324271369DEB2EF5C4B015D44CE3
                                                                                                                                                                                                SHA-512:12B41E35FAC85280325C0A303A98C1CD7FFA6055307013880F17E4F10FBF7D64A467EF21EB3AE82007B2ACE29FE3A027B72F1AAA875FE4666EA3A495F86FB732
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Arial;}{\f1\froman\fprq2\fcharset2 Symbol;}{\f2\fmodern\fprq1\fcharset0 Courier New;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Riched20 10.0.16299}\viewkind4\uc1 ..\pard\s2\sb100\sa100\b\f0\fs24 GNU GENERAL PUBLIC LICENSE\par....\pard\sb100\sa100\b0\fs20 Version 2, June 1991 \par....\pard Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.\fs24 \par....\pard\s2\sb100\sa100\b Preamble\par....\pard\sb100\sa100\b0\fs20 The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is fre
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (10419), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):188293
                                                                                                                                                                                                Entropy (8bit):5.400052052014627
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:iE8wR6yLftzYusjOql3mc/CoMCPRWMHmWFGrReKr9:iE8C6yL1zYDqo31vPIR9
                                                                                                                                                                                                MD5:C0BC6B707599D3389A904ACCD3B1D29B
                                                                                                                                                                                                SHA1:21FD97C6EE36E4BF6C9B5103AFAA954CFDDB30F1
                                                                                                                                                                                                SHA-256:B7BED3B51C85786AF578DD08EBD585542F9B210F9C1DDF3F9ED1BA6FA970FFE3
                                                                                                                                                                                                SHA-512:ED394582CAB40EFC189033B95296AD31669EE52369153E29B3E5B61EE05CB5F7DC9053A741178B1E5C747727B94D818C081FD7F71FB5FBB77CC3A157E5EBF4BD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml" lang xml:lang>..<head>.. <meta charset="utf-8" />.. <meta name="generator" content="pandoc" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />.. <title>ChangeLog</title>.. <style>..code{white-space: pre-wrap;}..span.smallcaps{font-variant: small-caps;}..div.columns{display: flex; gap: min(4vw, 1.5em);}..div.column{flex: auto; overflow-x: auto;}..div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}....ul.task-list[class]{list-style: none;}..ul.task-list li input[type="checkbox"] {..font-size: inherit;..width: 0.8em;..margin: 0 0.8em 0.2em -1.6em;..vertical-align: middle;..}...display.math{display: block; text-align: center; margin: 0.5rem auto;}..</style>.. <style type="text/css">article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary {display: block;}audio,canvas,video {display: inline-block;}audio:not([controls]) {display: none;height: 0
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines (10419), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16545
                                                                                                                                                                                                Entropy (8bit):5.5796009164122635
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:zphrv7frnD9pG2UyCOCqaf3pFhX8CF4cqL+:fJk2Ux1fpFhMCF4S
                                                                                                                                                                                                MD5:FEBAB85D1F9E87F63637C09797F84D48
                                                                                                                                                                                                SHA1:EBD82C442E2D2130A5A1D3926F33697992C24E45
                                                                                                                                                                                                SHA-256:D9D2A9ADD5EFEBA998585D1FD5BF7A61F6A82C2725621FDBD4D07D95CA292103
                                                                                                                                                                                                SHA-512:AC2E13BAE1136000A87DC10ABF5E29A09E9A6E17BC87702CBA1B9BAEDF145094AF52FC9D95685BAE20563FB7A604A7B6FA0AD105E3A9FB7409E4AAC97530495A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml" lang xml:lang>..<head>.. <meta charset="utf-8" />.. <meta name="generator" content="pandoc" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />.. <title>ReleaseNotes</title>.. <style>..code{white-space: pre-wrap;}..span.smallcaps{font-variant: small-caps;}..div.columns{display: flex; gap: min(4vw, 1.5em);}..div.column{flex: auto; overflow-x: auto;}..div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}....ul.task-list[class]{list-style: none;}..ul.task-list li input[type="checkbox"] {..font-size: inherit;..width: 0.8em;..margin: 0 0.8em 0.2em -1.6em;..vertical-align: middle;..}...display.math{display: block; text-align: center; margin: 0.5rem auto;}..</style>.. <style type="text/css">article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary {display: block;}audio,canvas,video {display: inline-block;}audio:not([controls]) {display: none;height
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2018
                                                                                                                                                                                                Entropy (8bit):4.727835384823898
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:h04M+knMptYv9WfMg9dIBXp6fM0tp3bEWNW0bK6:hxM+Xcv9Wf/YLMM0jBbK6
                                                                                                                                                                                                MD5:83A8A7F12B73936EE7CED7FEDE862557
                                                                                                                                                                                                SHA1:869A7B7B28B3298A0B8BB7E26042793AB02288EF
                                                                                                                                                                                                SHA-256:3B01C3BEF8F5E5FA8ABFE008B71C818C6BF727AC6A737CA6068C9E9B0824F6A9
                                                                                                                                                                                                SHA-512:6BB4289C0628A31A9E926F23219603A212FB4A07A2226C81459A0A3C389EB54677F6EFC2245DE40AB5178B17017EEA401944E8668BFDA1C531F80417CF61C4DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:WINMERGE....WinMerge is an Open Source comparing and merging tool for Windows. WinMerge can..compare both folders and files, presenting differences in a visual text format..that is easy to understand and handle. WinMerge can be used as an external..differencing/merging tool or as a standalone application.....WinMerge has many helpful supporting features to make comparing, synchronising,..and merging as easy and useful as possible. Several programming languages and..other file formats are syntax-highlighted.....The latest WinMerge version and WinMerge information is available at..https://winmerge.org/.....Quick start..===========..To learn how to perform basic operations after installing WinMerge, click..Help>WinMerge Help and navigate to the Quick start topic. Or, go to the Web..version at https://manual.winmerge.org/Quick_start.html.....WinMerge Help..============= ..WinMerge Help is installed locally as a Microsoft HTML Help file, WinMerge.chm,..when you install WinMerge. To open He
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1029392
                                                                                                                                                                                                Entropy (8bit):7.98952148834042
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:j5OBYUaJgR6rtqm1uzrShGMG076s1TsIV/Jz5YfUOi:+jsr8pmGMG07fTsIV/V5YMj
                                                                                                                                                                                                MD5:068E7FE2AA2CE33373FF0F9874E29D3C
                                                                                                                                                                                                SHA1:042E2BDD93F688CDC20AD773F0970084A6DD81C1
                                                                                                                                                                                                SHA-256:F178BA3C9733FAC83363CC78DFD6A7111645FB81970B109B0E9259D3E9961337
                                                                                                                                                                                                SHA-512:45AA382670E5E55E3431FF6FCC26FC3F38D93D104776C0A70486F7A9AE070019AEF46094D2A52BB0D3E54B54C858AD785BCF797B3AAD947AD1A7EB9338D6ED60
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:ITSF....`.......j..B.......|.{.......".....|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGL4................/..../#IDXHDR....../#ITBITS..../#STRINGS..,.H./#SYSTEM....6./#TOCIDX......./#TOPICS.... ./#URLSTR...U..W./#URLTBL..9.../#WINDOWS..%.L./$FIftiMain..,..]./$OBJINST...m.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...i../$WWKeywordLinks/..../$WWKeywordLinks/BTree..q..L./$WWKeywordLinks/Data...=.../$WWKeywordLinks/Map...?.../$WWKeywordLinks/Property...I ./htmlhelp/..../htmlhelp/About_Doc.html.....$./htmlhelp/Command_line.html......../htmlhelp/Compare_bin.html...'.4./htmlhelp/Compare_dirs.html...M..../htmlhelp/Compare_files.html...[..L./htmlhelp/Compare_images.html...b.*./htmlhelp/Compare_table.html...[.../htmlhelp/Compare_webpages.html.....(./htmlhelp/Configuration.html...4..t./htmlhelp/css/..../htmlhelp/css/all.css....../htmlhelp/css/help.css......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                Entropy (8bit):4.620935812441775
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboNbvr0rqGuy1UOPhtBsbqrFFAdhjq88djHBubhiLSl:f6xIzOqGAO5t9wSclr
                                                                                                                                                                                                MD5:1C6936A1A8EF598A1BA6D71FBA1BDC7B
                                                                                                                                                                                                SHA1:4B8453128C3688613969945460A4E4BDECE4B4E1
                                                                                                                                                                                                SHA-256:9104E65CE3726B24A1B5278CC51C4F94505A0F2FC63BF6EBE554E8966D5E7B23
                                                                                                                                                                                                SHA-512:B7BA4F7FC924D7AEE91DCF0F125C3B45D8FB83E921DD55DA7546B01D243BD364F321CBE1E74279633B26FDC6C4AA94AAB7B412199B4B77675205679BE8C823E2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in ADAMulti source trees..name: ADAMulti..desc: Suppresses various binaries found in ADAMulti source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.o$ ## Object file..f: \.lib$..f: \.obj$ ## Object file..f: \.inf$ ## Generated file..f: \.map$ ## Map file..f: \.lst$ ## list file..f: \.ti$ ## generated file..f: \.dbo$ ## Object file..f: \.dla$ ## Object file..f: \.dnm$ ## Node map file?..f: \.bin$ ## Code file..f: \.a$ ## library file..f: \.s$....d: \\cvs$ ## cvs repository files..d: \\obj$ ## object file directory..d: \\objs$ ## object file directory..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):814
                                                                                                                                                                                                Entropy (8bit):4.759950979909193
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63J19xfUh9du3yU97qMd8u41UOPaGQDgDLo:f6r4hju0Md8sOiX0o
                                                                                                                                                                                                MD5:1F12DA4937ACBDF8EC79628E28F6D209
                                                                                                                                                                                                SHA1:432FCF7AE57410E84C4E557430B923B3A58798AB
                                                                                                                                                                                                SHA-256:332796A673BF853FF1413A06353472AF864019837DF9EC64FF4C748F756447D4
                                                                                                                                                                                                SHA-512:CFDF7B9440927F22EF23A7B0CCB034FF462D747691D4D0B18257CF8D08B99BE9351C76F6DF717F692BF3CD5DEDF4D607B1CA8E57B76302DA4C8B4E0BA3A3F199
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge ..## This filter lets through only files ASP.NET developers care about ..name: ASP.NET Devel ..desc: Lets through only files ASP.NET developer cares about....## This is an exclusive filter ..## (it lets through only matching files) ..def: exclude ....## Filters for filenames begin with f: ..## Filters for directories begin with d: ..## (Inline comments begin with " ##" and extend to the end of the line) ....f: \.xml$ ..f: \.xlst$..f: \.xsl$..f: \.xslt$..f: \.dtd$ ..f: \.html$ ..f: \.htm$ ..f: \.css$ ..f: \.gif$ ..f: \.bmp$ ..f: \.jpg$ ..f: \.png$ ..f: \.js$ ..f: \.dll$ ..f: \.aspx$ ..f: \.asmx$ ..f: \.ascx$ ..f: \.vb$ ..f: \.resx$ ..f: \.cs$ ..f: \.js$ ..f: \.vbproj$ ..f: \.csproj$ ..f: \.sln$ ..f: \.webinfo$ ..f: \.config$ ....d: \\*$ ## Subdirectories ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1327
                                                                                                                                                                                                Entropy (8bit):4.862463583066028
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboRYTkPR00rqGuy1UOPhbO3LF2/BRGXCLMe9YvQExg7+8SDCencQtSTIZg:f6xj/OqGAO5b4EiX2WvQkC+8SDpftAKg
                                                                                                                                                                                                MD5:2B6932858C2C520552694D93714A70DA
                                                                                                                                                                                                SHA1:B3353709B0B9C5383FFD7FE82D6B50011283860D
                                                                                                                                                                                                SHA-256:4D93D7F441237F83FD64E8C5F501E9CA834FCF2CD8F445FBE2EAE2E57145C01D
                                                                                                                                                                                                SHA-512:00B7BD69DD08DAF794F868678829591D6EDBD13F059B2E7D9DFE7AE2939998DE3F6A02B5C0A689C7E678DEF2E673B1D83E4FFBBE90DFC1957DAF70895F820B37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual C# source trees..name: Visual C# loose..desc: Suppresses various binaries found in Visual C# source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows executable..f: \.obj$ ## VC object module file..f: \.pdb$ ## VC program database file (debugging symbolic information)..f: \.res$ ## VC compiled resources file (output of RC [resource compiler])..f: \.suo$ ## VC options file (binary)..f: \.cache$ ## ??..f: \.resource$ ## Compiled resource file...f: \.xfrm ## ??..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working cop
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1220
                                                                                                                                                                                                Entropy (8bit):4.919200066834932
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63/UtEkfbkt319T8qGuy1UOPhnd4BK8DD2AynkrAY70/to00vc+K+W:f61OqGAO5a/2wxYFo00v0j
                                                                                                                                                                                                MD5:38F962A51B73259DDC502CDFCB2B62B5
                                                                                                                                                                                                SHA1:494FE599A47B459863AA8CFFB896B6BDD4E29FBB
                                                                                                                                                                                                SHA-256:05D73888BEFFB8D3A81AAB24B8F320E038122148FF57B98B3150C22E0DE4798B
                                                                                                                                                                                                SHA-512:0F9E7AEA5E7025D4695BC91DF715E6B50C05E508B34BA97B89EECCCDC44C411B74AEC1746F7D1BC07845D83F4F21884B3F5827998C652FC688AB6FAE6B85C1DB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter template for WinMerge..name: Delphi filter..desc: View only files .PAS and files .DFM....## Select if filter is inclusive or exclusive..## Inclusive (loose) filter lets through all items not matching rules..## Exclusive filter lets through only items that match to rule..## include or exclude..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.^~..## EXCLUDE temporary files..f: \.dcu$ .## EXCLUDE Delphi compiled unit..f: \.exe$ .## EXCLUDE Exe file..f: \.cfg$ .## EXCLUDE configuration file..f: \.dsk$ .## EXCLUDE File of internal information of the project..f: \.dof$ .## EXCLUDE Delphi options file..f: \.ddp$ .## EXCLUDE Delphi diagram portfolio file..f: \.db$ .## EXCLUDE File Paradox..f: \.ims$ .## EXCLUDE Icon file, normally created with IconForge..f: \.bak$ .## EXCLUDE Backup file made with WinMerge....## f: \.dfm$ ## Delphi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):699
                                                                                                                                                                                                Entropy (8bit):4.560292414919042
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13mkUUKmugzPHFXeO2v3O09khwmPfaBSCrCfua/15/qm/1UOPSoZbfiSK+mO:jL63/U+fbkt319T8qGuuXqm1UOPhFiSh
                                                                                                                                                                                                MD5:12F11F1BDE5974E44B522F10F1D58A82
                                                                                                                                                                                                SHA1:A0E99CFD836A594BA0156803D6503EF1246AFD8D
                                                                                                                                                                                                SHA-256:8D7E3E2910D6A70F2D34E4DFF6F4CC4E730631CCF882F37D1B7813BE743A6BAF
                                                                                                                                                                                                SHA-512:4D71948EE04E1363131F4F2456FF03BF357713BBE9AAA92EC0686B82264D39952F8F40E2E553E8C8E3F5E634593D3BC619FFD62E28925F69C03CBCBC335A34C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter template for WinMerge..name: ${name}..desc: Longer description....## Select if filter is inclusive or exclusive..## Inclusive (loose) filter lets through all items not matching rules..## Exclusive filter lets through only items that match to rule..## include or exclude..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## To exclude some of the files that match the f: pattern, specify f!:..## To exclude some of the folders that match the d: pattern, specify d!:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.ext$ ## Filter for filename....d: \\subdir$ ## Filter for directory..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):898
                                                                                                                                                                                                Entropy (8bit):4.832661136389676
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TUaMrqGuy1UOPhs7WUOMk3O87ds+8SDCeDSTIZn:f6+qGAO5sazO8O+8SDpAKn
                                                                                                                                                                                                MD5:C784341DB7F8E83142222553C55DD25C
                                                                                                                                                                                                SHA1:379B62172B174FA495DEC9C1F9309861910D21D6
                                                                                                                                                                                                SHA-256:D50B1891FDE7B91C4D2B86D4A4E7EAA74C157FC47CD7C53D8D51A638A6A05F92
                                                                                                                                                                                                SHA-512:C373049D44C4C219C6998EA1299B1D024EAD5551E3832862C9696572645721A034F63437752DDD663B966FDB312F0A76D744BBF07D7C0A3517BA60C25A5BE064
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..name: Frontpage..desc: Suppresses _vti and other system directories in Frontpage websites....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....d: \\fpdb$..d: \\stats$..d: \\_borders$..d: \\_derived$..d: \\_fpclass$..d: \\_overlay$..d: \\_private$..d: \\_contentindex$..d: \\_themes$..d: \\_vti_bin$..d: \\_vti_cnf$..d: \\_vti_log$..d: \\_vti_map$..d: \\_vti_pvt$..d: \\_vti_txt$..d: \\_vti_script$..d: \\_vti*$..d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):631
                                                                                                                                                                                                Entropy (8bit):4.745696255656045
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TULVavioTFXZaBSCrCfuy1UOPSovFvMzDI8MMCFeqUQ1fYDn:jL63TULsq0rqGuy1UOPhvFvgs8SFhUQy
                                                                                                                                                                                                MD5:AE1D1DC03D9330ACB82244B7F8E021B9
                                                                                                                                                                                                SHA1:8E1857D3A1435FE7863E218139CA7C281F665118
                                                                                                                                                                                                SHA-256:0D4D52EDCAF548157654BA4DD2AB853D07F7F672093638DCE0E2877BCA5DB655
                                                                                                                                                                                                SHA-512:034EEE5D6DD59FFC4576931EBF38C1A60C470DC517B49B482C5181FCF69D86F846F937364966BE219F3851E3A8C96C858C297A319A9339274EADA5E57AB93292
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..name: MASM loose..desc: Suppresses various binaries found in MASM source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \~$ ..f: \.map$ ..f: \.mod$ ..f: \.aml$ ..f: \.bak$ ..f: \.bin$ ..f: \.dat$ ..f: \.icr$ ..f: \.lib$ ..f: \.lnk$ ..f: \.log$ ..f: \.lst$ ..f: \.map$ ..f: \.mod$ ..f: \.obj$ ..f: \.pgx$ ..f: \.res$ ..f: \.rom$ ..f: \.rls$ ..f: MAKEFILE$ ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):737
                                                                                                                                                                                                Entropy (8bit):4.822961918948526
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TRPzJaZinra/oTFXZaBSCrCfuy1UOPSosO7mq1W8S6qVCe7317QTDdWZov:jL63TRboZinm/0rqGuy1UOPhv7+8SDCp
                                                                                                                                                                                                MD5:5787B440857832957C254E863A7632B8
                                                                                                                                                                                                SHA1:5BCECBA898693F303BE64D2244148839AF2D064E
                                                                                                                                                                                                SHA-256:5DD0AB6E1D24A2F612A85C76ABCC2B27DEB102B5AC3DF2377FF0F4137CE21ED2
                                                                                                                                                                                                SHA-512:59EF9CC97D745A14F550FF602CBB9F4F32FCF6658FCA4D766EA6C151F90201DADE850C4DFE3EFDBE80FA646953579E5A3B0A53A4119F6D3744B72640DD0715B4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in GNU C source trees..name: GNU C loose..desc: Suppresses various binaries found in GNU C source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.o$..f: \.lib$..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):945
                                                                                                                                                                                                Entropy (8bit):4.845766436892308
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboyTIS0rqGuy1UOPhnVvFgQ7+8SDCeDSTIZaaMy:f6x9rOqGAO5nf+8SDpAKao
                                                                                                                                                                                                MD5:B2B86FC2614904FE5399DB1656675822
                                                                                                                                                                                                SHA1:3B9B1C2F59FBBE3901F27A11C6C25442941F8F22
                                                                                                                                                                                                SHA-256:BB1F729B7FACFE014769E654AE5E85955730CCE28B144279D0696D6A86421510
                                                                                                                                                                                                SHA-512:C085D5F9E1741EDAA5A035166BC9AEC2E172EC0B0E198EC8FAB895E49ED78F97AF0D2C0C6272F7F1BF6852A154D166BB5264E9C636751CBD92838056DE1CC33B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual Basic source trees..name: Visual Basic loose..desc: Suppresses various binaries found in Visual Basic source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.frx$ ## ..f: \.dca$ ## ..f: \.ctx$ ## ..f: \.dll$ ## Windows DLL..f: \.ocx$ ## OLE Control Extension..f: \.exe$ ## Windows/DOS executable..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..d: \\\.vs$ ## A hidden folder that stores .suo and *.db files....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1902
                                                                                                                                                                                                Entropy (8bit):4.888600408792252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:f6xuJOqGAO5b4AZmeCTrXqX27vQj1pXSrI+8SDpAKa4l:r4qGAU4Ake4XqX2cX0HAlM
                                                                                                                                                                                                MD5:84BE66100C7698A215F2D72D379B7858
                                                                                                                                                                                                SHA1:E3CCB4A5840AD33D82E7183086123A761BE993CC
                                                                                                                                                                                                SHA-256:41FE39326A2782DA298D35600FAA77BB33D616011FCFEB97E433B4B70FBA14AF
                                                                                                                                                                                                SHA-512:A5799E7992300C6C6E6002448843D8D471A3DA662506204344F54AF46A27A3A77929C0E1A325EFD16BE3D0FF31820EECCEE671EB7D09DFED47E1E8AB0E774C46
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual C++ source trees..name: Visual C++ loose..desc: Suppresses various binaries found in Visual C++ source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.clw$ ## VC class-wizard status file..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows/DOS executable..f: \.exp$ ## VC library export file..f: ^BuildLog.htm$ ## VC build log file..f: ^vc\d+\.idb$ ## VC Minimal rebuild dependency file..f: \.ilk$ ## VC incremental linker memory file..f: \.lib$ ## compiled libraries..f: \.ncb$ ## VC parser information file (class view & component gallery stuff)..f: \.obj$ ## VC obje
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                Entropy (8bit):4.7954037272647145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63J19xflvCwrLd8u41UOP7Tsu4yhMLF+0LKIl+8SDCeDSTIZn:f6rZCiLd8sO/su1Sp+0LN+8SDpAKn
                                                                                                                                                                                                MD5:102386258D4864B15ECF3A7434F831C3
                                                                                                                                                                                                SHA1:FBAC69D0501A45EF5C243C11A6305E2A4328451F
                                                                                                                                                                                                SHA-256:CB48E7C3DD5604C177FF1CA2CB5214FCFF1782CF83441030B701521F8991D292
                                                                                                                                                                                                SHA-512:456789E56FF3A630A53E1ECAB54163500F2B4BC573C87F493EAF31243DC2B27C72AC0648A88A97AEA28DD05EB6D6C0EC8AFFEB375BE1F58D27263722E2B0EBDF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge ..## This filter lets through only files ASP.NET developers care about ..name: Exclude Source Control..desc: Exclude Source Control files and directories....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include......## Filters for filenames begin with f: ..## Filters for directories begin with d: ..## (Inline comments begin with " ##" and extend to the end of the line) ....## f: \.bzrignore$ ## Bazaar ignore file..## f: \.cvsignore$ ## CVS ignore file..## f: \.gitignore$ ## Git ignore file..## f: \.hgignore$ ## Mercurial ignore file..## f: \.svnignore$ ## Subversion ignore file....f: \.(vs[sp])?scc$ ## Visual SourceSafe files....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1594
                                                                                                                                                                                                Entropy (8bit):4.890642227970731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:f6xnO1qGAO5kP4ANeCTrXqX27vQKs+8SDpAKn:0O1qGAhP4ANe4XqX2NFHAK
                                                                                                                                                                                                MD5:80BFA16C9B937241F549FBED791DBF30
                                                                                                                                                                                                SHA1:19F53E3082BC0B0F13B1BFA9183FD4C08FE3A9AB
                                                                                                                                                                                                SHA-256:3603F5D52522FAAE2D9CF234D6A47049B0367A16509767A3143691021569734B
                                                                                                                                                                                                SHA-512:1A0B5C6FB97089082417E13875DC34F99E90C29D028364246AB4773AC16139B94FA8271512DEBC056CCAD813E18FD8159662AF6DCB890FC5EE56BD49BF72C76A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Symbian development source trees...name: Symbian C++..desc: Suppresses various binaries found in Visual C++ source trees compiling Symbian....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.bsc$ ## VC Browser database..f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.clw$ ## VC class-wizard status file..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows executable..f: \.exp$ ## VC library export file..f: \\vc60.idb$ ## VC ?..f: \.ilk$ ## VC incremental linker memory file..f: \.lib$ ## compiled libraries..f: \.ncb$ ## VC parser information file (class view & component gallery stuff)..f: \.obj$ ## VC object module file..f:
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):679
                                                                                                                                                                                                Entropy (8bit):4.862099867293502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TRO09JM7+tK9L9JM7OQxN9MGSCrCfuy1UOPSodfIkdcIV8xF24qIX:jL63TR19b8L99uN9HGuy1UOPhCAcIGj
                                                                                                                                                                                                MD5:384273E239F4F46EFECCD402E7A69F10
                                                                                                                                                                                                SHA1:A2E941A5605247366C7D3013C6521E21FD28A91C
                                                                                                                                                                                                SHA-256:68516B0D7BDECDA26A92A5EBC1C078DDADCC259FB12D409791E3827BEE85C9DF
                                                                                                                                                                                                SHA-512:3F9A4CBCD5501E4E322DC42DB241F4B87349BDD30A036D7A94FE7740737E13EC7A5C6A0BE1EAEB4E82B147272E59A3C29E25A499DEEC1FD924E6D52E826B82DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter lets through only files XML/HTML developer cares about..name: XML/HTML Devel..desc: Lets through only files XML/HTML developer cares about....## This is an exclusive filter..## (it lets through only matching files)..def: exclude....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.xml$ ## XML files..f: \.xslt$..f: \.dtd$..f: \.html$ ## HTML files..f: \.htm$..f: \.css$ ## CSS style files..f: \.gif$ ## Pictures..f: \.bmp$..f: \.jpg$..f: \.png$..f: \.js$ ## Java-script....d: \\*$ ## Subdirectories....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):814
                                                                                                                                                                                                Entropy (8bit):4.759950979909193
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63J19xfUh9du3yU97qMd8u41UOPaGQDgDLo:f6r4hju0Md8sOiX0o
                                                                                                                                                                                                MD5:1F12DA4937ACBDF8EC79628E28F6D209
                                                                                                                                                                                                SHA1:432FCF7AE57410E84C4E557430B923B3A58798AB
                                                                                                                                                                                                SHA-256:332796A673BF853FF1413A06353472AF864019837DF9EC64FF4C748F756447D4
                                                                                                                                                                                                SHA-512:CFDF7B9440927F22EF23A7B0CCB034FF462D747691D4D0B18257CF8D08B99BE9351C76F6DF717F692BF3CD5DEDF4D607B1CA8E57B76302DA4C8B4E0BA3A3F199
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge ..## This filter lets through only files ASP.NET developers care about ..name: ASP.NET Devel ..desc: Lets through only files ASP.NET developer cares about....## This is an exclusive filter ..## (it lets through only matching files) ..def: exclude ....## Filters for filenames begin with f: ..## Filters for directories begin with d: ..## (Inline comments begin with " ##" and extend to the end of the line) ....f: \.xml$ ..f: \.xlst$..f: \.xsl$..f: \.xslt$..f: \.dtd$ ..f: \.html$ ..f: \.htm$ ..f: \.css$ ..f: \.gif$ ..f: \.bmp$ ..f: \.jpg$ ..f: \.png$ ..f: \.js$ ..f: \.dll$ ..f: \.aspx$ ..f: \.asmx$ ..f: \.ascx$ ..f: \.vb$ ..f: \.resx$ ..f: \.cs$ ..f: \.js$ ..f: \.vbproj$ ..f: \.csproj$ ..f: \.sln$ ..f: \.webinfo$ ..f: \.config$ ....d: \\*$ ## Subdirectories ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1220
                                                                                                                                                                                                Entropy (8bit):4.919200066834932
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63/UtEkfbkt319T8qGuy1UOPhnd4BK8DD2AynkrAY70/to00vc+K+W:f61OqGAO5a/2wxYFo00v0j
                                                                                                                                                                                                MD5:38F962A51B73259DDC502CDFCB2B62B5
                                                                                                                                                                                                SHA1:494FE599A47B459863AA8CFFB896B6BDD4E29FBB
                                                                                                                                                                                                SHA-256:05D73888BEFFB8D3A81AAB24B8F320E038122148FF57B98B3150C22E0DE4798B
                                                                                                                                                                                                SHA-512:0F9E7AEA5E7025D4695BC91DF715E6B50C05E508B34BA97B89EECCCDC44C411B74AEC1746F7D1BC07845D83F4F21884B3F5827998C652FC688AB6FAE6B85C1DB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter template for WinMerge..name: Delphi filter..desc: View only files .PAS and files .DFM....## Select if filter is inclusive or exclusive..## Inclusive (loose) filter lets through all items not matching rules..## Exclusive filter lets through only items that match to rule..## include or exclude..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.^~..## EXCLUDE temporary files..f: \.dcu$ .## EXCLUDE Delphi compiled unit..f: \.exe$ .## EXCLUDE Exe file..f: \.cfg$ .## EXCLUDE configuration file..f: \.dsk$ .## EXCLUDE File of internal information of the project..f: \.dof$ .## EXCLUDE Delphi options file..f: \.ddp$ .## EXCLUDE Delphi diagram portfolio file..f: \.db$ .## EXCLUDE File Paradox..f: \.ims$ .## EXCLUDE Icon file, normally created with IconForge..f: \.bak$ .## EXCLUDE Backup file made with WinMerge....## f: \.dfm$ ## Delphi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):631
                                                                                                                                                                                                Entropy (8bit):4.745696255656045
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TULVavioTFXZaBSCrCfuy1UOPSovFvMzDI8MMCFeqUQ1fYDn:jL63TULsq0rqGuy1UOPhvFvgs8SFhUQy
                                                                                                                                                                                                MD5:AE1D1DC03D9330ACB82244B7F8E021B9
                                                                                                                                                                                                SHA1:8E1857D3A1435FE7863E218139CA7C281F665118
                                                                                                                                                                                                SHA-256:0D4D52EDCAF548157654BA4DD2AB853D07F7F672093638DCE0E2877BCA5DB655
                                                                                                                                                                                                SHA-512:034EEE5D6DD59FFC4576931EBF38C1A60C470DC517B49B482C5181FCF69D86F846F937364966BE219F3851E3A8C96C858C297A319A9339274EADA5E57AB93292
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..name: MASM loose..desc: Suppresses various binaries found in MASM source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \~$ ..f: \.map$ ..f: \.mod$ ..f: \.aml$ ..f: \.bak$ ..f: \.bin$ ..f: \.dat$ ..f: \.icr$ ..f: \.lib$ ..f: \.lnk$ ..f: \.log$ ..f: \.lst$ ..f: \.map$ ..f: \.mod$ ..f: \.obj$ ..f: \.pgx$ ..f: \.res$ ..f: \.rom$ ..f: \.rls$ ..f: MAKEFILE$ ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):945
                                                                                                                                                                                                Entropy (8bit):4.845766436892308
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboyTIS0rqGuy1UOPhnVvFgQ7+8SDCeDSTIZaaMy:f6x9rOqGAO5nf+8SDpAKao
                                                                                                                                                                                                MD5:B2B86FC2614904FE5399DB1656675822
                                                                                                                                                                                                SHA1:3B9B1C2F59FBBE3901F27A11C6C25442941F8F22
                                                                                                                                                                                                SHA-256:BB1F729B7FACFE014769E654AE5E85955730CCE28B144279D0696D6A86421510
                                                                                                                                                                                                SHA-512:C085D5F9E1741EDAA5A035166BC9AEC2E172EC0B0E198EC8FAB895E49ED78F97AF0D2C0C6272F7F1BF6852A154D166BB5264E9C636751CBD92838056DE1CC33B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual Basic source trees..name: Visual Basic loose..desc: Suppresses various binaries found in Visual Basic source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.frx$ ## ..f: \.dca$ ## ..f: \.ctx$ ## ..f: \.dll$ ## Windows DLL..f: \.ocx$ ## OLE Control Extension..f: \.exe$ ## Windows/DOS executable..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..d: \\\.vs$ ## A hidden folder that stores .suo and *.db files....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1594
                                                                                                                                                                                                Entropy (8bit):4.890642227970731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:f6xnO1qGAO5kP4ANeCTrXqX27vQKs+8SDpAKn:0O1qGAhP4ANe4XqX2NFHAK
                                                                                                                                                                                                MD5:80BFA16C9B937241F549FBED791DBF30
                                                                                                                                                                                                SHA1:19F53E3082BC0B0F13B1BFA9183FD4C08FE3A9AB
                                                                                                                                                                                                SHA-256:3603F5D52522FAAE2D9CF234D6A47049B0367A16509767A3143691021569734B
                                                                                                                                                                                                SHA-512:1A0B5C6FB97089082417E13875DC34F99E90C29D028364246AB4773AC16139B94FA8271512DEBC056CCAD813E18FD8159662AF6DCB890FC5EE56BD49BF72C76A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Symbian development source trees...name: Symbian C++..desc: Suppresses various binaries found in Visual C++ source trees compiling Symbian....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.bsc$ ## VC Browser database..f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.clw$ ## VC class-wizard status file..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows executable..f: \.exp$ ## VC library export file..f: \\vc60.idb$ ## VC ?..f: \.ilk$ ## VC incremental linker memory file..f: \.lib$ ## compiled libraries..f: \.ncb$ ## VC parser information file (class view & component gallery stuff)..f: \.obj$ ## VC object module file..f:
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):699
                                                                                                                                                                                                Entropy (8bit):4.560292414919042
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13mkUUKmugzPHFXeO2v3O09khwmPfaBSCrCfua/15/qm/1UOPSoZbfiSK+mO:jL63/U+fbkt319T8qGuuXqm1UOPhFiSh
                                                                                                                                                                                                MD5:12F11F1BDE5974E44B522F10F1D58A82
                                                                                                                                                                                                SHA1:A0E99CFD836A594BA0156803D6503EF1246AFD8D
                                                                                                                                                                                                SHA-256:8D7E3E2910D6A70F2D34E4DFF6F4CC4E730631CCF882F37D1B7813BE743A6BAF
                                                                                                                                                                                                SHA-512:4D71948EE04E1363131F4F2456FF03BF357713BBE9AAA92EC0686B82264D39952F8F40E2E553E8C8E3F5E634593D3BC619FFD62E28925F69C03CBCBC335A34C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter template for WinMerge..name: ${name}..desc: Longer description....## Select if filter is inclusive or exclusive..## Inclusive (loose) filter lets through all items not matching rules..## Exclusive filter lets through only items that match to rule..## include or exclude..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## To exclude some of the files that match the f: pattern, specify f!:..## To exclude some of the folders that match the d: pattern, specify d!:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.ext$ ## Filter for filename....d: \\subdir$ ## Filter for directory..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                Entropy (8bit):4.620935812441775
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboNbvr0rqGuy1UOPhtBsbqrFFAdhjq88djHBubhiLSl:f6xIzOqGAO5t9wSclr
                                                                                                                                                                                                MD5:1C6936A1A8EF598A1BA6D71FBA1BDC7B
                                                                                                                                                                                                SHA1:4B8453128C3688613969945460A4E4BDECE4B4E1
                                                                                                                                                                                                SHA-256:9104E65CE3726B24A1B5278CC51C4F94505A0F2FC63BF6EBE554E8966D5E7B23
                                                                                                                                                                                                SHA-512:B7BA4F7FC924D7AEE91DCF0F125C3B45D8FB83E921DD55DA7546B01D243BD364F321CBE1E74279633B26FDC6C4AA94AAB7B412199B4B77675205679BE8C823E2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in ADAMulti source trees..name: ADAMulti..desc: Suppresses various binaries found in ADAMulti source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.o$ ## Object file..f: \.lib$..f: \.obj$ ## Object file..f: \.inf$ ## Generated file..f: \.map$ ## Map file..f: \.lst$ ## list file..f: \.ti$ ## generated file..f: \.dbo$ ## Object file..f: \.dla$ ## Object file..f: \.dnm$ ## Node map file?..f: \.bin$ ## Code file..f: \.a$ ## library file..f: \.s$....d: \\cvs$ ## cvs repository files..d: \\obj$ ## object file directory..d: \\objs$ ## object file directory..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):898
                                                                                                                                                                                                Entropy (8bit):4.832661136389676
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TUaMrqGuy1UOPhs7WUOMk3O87ds+8SDCeDSTIZn:f6+qGAO5sazO8O+8SDpAKn
                                                                                                                                                                                                MD5:C784341DB7F8E83142222553C55DD25C
                                                                                                                                                                                                SHA1:379B62172B174FA495DEC9C1F9309861910D21D6
                                                                                                                                                                                                SHA-256:D50B1891FDE7B91C4D2B86D4A4E7EAA74C157FC47CD7C53D8D51A638A6A05F92
                                                                                                                                                                                                SHA-512:C373049D44C4C219C6998EA1299B1D024EAD5551E3832862C9696572645721A034F63437752DDD663B966FDB312F0A76D744BBF07D7C0A3517BA60C25A5BE064
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..name: Frontpage..desc: Suppresses _vti and other system directories in Frontpage websites....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....d: \\fpdb$..d: \\stats$..d: \\_borders$..d: \\_derived$..d: \\_fpclass$..d: \\_overlay$..d: \\_private$..d: \\_contentindex$..d: \\_themes$..d: \\_vti_bin$..d: \\_vti_cnf$..d: \\_vti_log$..d: \\_vti_map$..d: \\_vti_pvt$..d: \\_vti_txt$..d: \\_vti_script$..d: \\_vti*$..d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                Entropy (8bit):4.7954037272647145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63J19xflvCwrLd8u41UOP7Tsu4yhMLF+0LKIl+8SDCeDSTIZn:f6rZCiLd8sO/su1Sp+0LN+8SDpAKn
                                                                                                                                                                                                MD5:102386258D4864B15ECF3A7434F831C3
                                                                                                                                                                                                SHA1:FBAC69D0501A45EF5C243C11A6305E2A4328451F
                                                                                                                                                                                                SHA-256:CB48E7C3DD5604C177FF1CA2CB5214FCFF1782CF83441030B701521F8991D292
                                                                                                                                                                                                SHA-512:456789E56FF3A630A53E1ECAB54163500F2B4BC573C87F493EAF31243DC2B27C72AC0648A88A97AEA28DD05EB6D6C0EC8AFFEB375BE1F58D27263722E2B0EBDF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge ..## This filter lets through only files ASP.NET developers care about ..name: Exclude Source Control..desc: Exclude Source Control files and directories....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include......## Filters for filenames begin with f: ..## Filters for directories begin with d: ..## (Inline comments begin with " ##" and extend to the end of the line) ....## f: \.bzrignore$ ## Bazaar ignore file..## f: \.cvsignore$ ## CVS ignore file..## f: \.gitignore$ ## Git ignore file..## f: \.hgignore$ ## Mercurial ignore file..## f: \.svnignore$ ## Subversion ignore file....f: \.(vs[sp])?scc$ ## Visual SourceSafe files....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1902
                                                                                                                                                                                                Entropy (8bit):4.888600408792252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:f6xuJOqGAO5b4AZmeCTrXqX27vQj1pXSrI+8SDpAKa4l:r4qGAU4Ake4XqX2cX0HAlM
                                                                                                                                                                                                MD5:84BE66100C7698A215F2D72D379B7858
                                                                                                                                                                                                SHA1:E3CCB4A5840AD33D82E7183086123A761BE993CC
                                                                                                                                                                                                SHA-256:41FE39326A2782DA298D35600FAA77BB33D616011FCFEB97E433B4B70FBA14AF
                                                                                                                                                                                                SHA-512:A5799E7992300C6C6E6002448843D8D471A3DA662506204344F54AF46A27A3A77929C0E1A325EFD16BE3D0FF31820EECCEE671EB7D09DFED47E1E8AB0E774C46
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual C++ source trees..name: Visual C++ loose..desc: Suppresses various binaries found in Visual C++ source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.clw$ ## VC class-wizard status file..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows/DOS executable..f: \.exp$ ## VC library export file..f: ^BuildLog.htm$ ## VC build log file..f: ^vc\d+\.idb$ ## VC Minimal rebuild dependency file..f: \.ilk$ ## VC incremental linker memory file..f: \.lib$ ## compiled libraries..f: \.ncb$ ## VC parser information file (class view & component gallery stuff)..f: \.obj$ ## VC obje
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1327
                                                                                                                                                                                                Entropy (8bit):4.862463583066028
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboRYTkPR00rqGuy1UOPhbO3LF2/BRGXCLMe9YvQExg7+8SDCencQtSTIZg:f6xj/OqGAO5b4EiX2WvQkC+8SDpftAKg
                                                                                                                                                                                                MD5:2B6932858C2C520552694D93714A70DA
                                                                                                                                                                                                SHA1:B3353709B0B9C5383FFD7FE82D6B50011283860D
                                                                                                                                                                                                SHA-256:4D93D7F441237F83FD64E8C5F501E9CA834FCF2CD8F445FBE2EAE2E57145C01D
                                                                                                                                                                                                SHA-512:00B7BD69DD08DAF794F868678829591D6EDBD13F059B2E7D9DFE7AE2939998DE3F6A02B5C0A689C7E678DEF2E673B1D83E4FFBBE90DFC1957DAF70895F820B37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual C# source trees..name: Visual C# loose..desc: Suppresses various binaries found in Visual C# source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows executable..f: \.obj$ ## VC object module file..f: \.pdb$ ## VC program database file (debugging symbolic information)..f: \.res$ ## VC compiled resources file (output of RC [resource compiler])..f: \.suo$ ## VC options file (binary)..f: \.cache$ ## ??..f: \.resource$ ## Compiled resource file...f: \.xfrm ## ??..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working cop
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):737
                                                                                                                                                                                                Entropy (8bit):4.822961918948526
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TRPzJaZinra/oTFXZaBSCrCfuy1UOPSosO7mq1W8S6qVCe7317QTDdWZov:jL63TRboZinm/0rqGuy1UOPhv7+8SDCp
                                                                                                                                                                                                MD5:5787B440857832957C254E863A7632B8
                                                                                                                                                                                                SHA1:5BCECBA898693F303BE64D2244148839AF2D064E
                                                                                                                                                                                                SHA-256:5DD0AB6E1D24A2F612A85C76ABCC2B27DEB102B5AC3DF2377FF0F4137CE21ED2
                                                                                                                                                                                                SHA-512:59EF9CC97D745A14F550FF602CBB9F4F32FCF6658FCA4D766EA6C151F90201DADE850C4DFE3EFDBE80FA646953579E5A3B0A53A4119F6D3744B72640DD0715B4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in GNU C source trees..name: GNU C loose..desc: Suppresses various binaries found in GNU C source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.o$..f: \.lib$..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):679
                                                                                                                                                                                                Entropy (8bit):4.862099867293502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TRO09JM7+tK9L9JM7OQxN9MGSCrCfuy1UOPSodfIkdcIV8xF24qIX:jL63TR19b8L99uN9HGuy1UOPhCAcIGj
                                                                                                                                                                                                MD5:384273E239F4F46EFECCD402E7A69F10
                                                                                                                                                                                                SHA1:A2E941A5605247366C7D3013C6521E21FD28A91C
                                                                                                                                                                                                SHA-256:68516B0D7BDECDA26A92A5EBC1C078DDADCC259FB12D409791E3827BEE85C9DF
                                                                                                                                                                                                SHA-512:3F9A4CBCD5501E4E322DC42DB241F4B87349BDD30A036D7A94FE7740737E13EC7A5C6A0BE1EAEB4E82B147272E59A3C29E25A499DEEC1FD924E6D52E826B82DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter lets through only files XML/HTML developer cares about..name: XML/HTML Devel..desc: Lets through only files XML/HTML developer cares about....## This is an exclusive filter..## (it lets through only matching files)..def: exclude....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.xml$ ## XML files..f: \.xslt$..f: \.dtd$..f: \.html$ ## HTML files..f: \.htm$..f: \.css$ ## CSS style files..f: \.gif$ ## Pictures..f: \.bmp$..f: \.jpg$..f: \.png$..f: \.js$ ## Java-script....d: \\*$ ## Subdirectories....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10194
                                                                                                                                                                                                Entropy (8bit):5.068515088227938
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:gpREQanuy9jH35d8BbjP219v3qeCh12CyoRGH48D6oAEXa04wB1Gx:gpREPff+P2/da1yoR8goJox
                                                                                                                                                                                                MD5:B9F00A431D3B266CA691C73CB9B0DE9B
                                                                                                                                                                                                SHA1:D4EC0BFFC3ABAB9AE19C781E42A9757B83FFD644
                                                                                                                                                                                                SHA-256:DF8BB22BAA0CB5EED922DEBED5BBBE5AA878A09941E8B0E6AE35A4E49F96C834
                                                                                                                                                                                                SHA-512:50AAABE71FDFA50C3A0DD87B52EA6A1F055906618879D9708A8EC74ECEE607BFDB9F137E5DFE750D3470AA7D89527C0A72052BC6BD4F1DB01C5FE2E6A2BFEEF2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This file summarizes changes in Frhed releases...Numbers in parentheses refer to SourceForge.net tracker item numbers (#XXXXX) or..to Subversion revision numbers (rXXXXX).....For changes in version 1.1 beta 1 and earlier, see the History.txt file.....Frhed 0.10904.2017.14 (2023-12-19).. BugFix: Could not replace data at the end of the file.. Update French translation....Frhed 0.10904.2017.13 (2023-11-03).. BugFix: Searching with the 32-bit version of frhed sometimes scrolled to an unexpected position... Update French translation....Frhed 0.10904.2017.12 (2023-02-04).. BugFix: Resizing WinMerge Window looses the correct scroll position for the memory address your cursor is at (#13).. (Problem only when embedded in WinMerge).. Update German translation....Frhed 0.10904.2017.11 (2022-11-06).. Add Open files larger than 2GB for 64bit version....frhed 0.10904.2017.9 (2022-03-18).. Add Tranlslation : Polish, Slovak....Frhed 0.10904.2017.7 (2021-04-03).. Add ARM64 support....Frhed
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1638
                                                                                                                                                                                                Entropy (8bit):5.11467331521252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:lubFoYI7elVjeMCPYWr2PVXECHJhIVTgrz:JYhQTr2dXECHJhIVi
                                                                                                                                                                                                MD5:CFAE657B6779BC9792103BD7A000A6A5
                                                                                                                                                                                                SHA1:7AF5EA292877E2A29B1202FFE69C8A1BF3B49E5D
                                                                                                                                                                                                SHA-256:5A44BBC92DA3D4C885D066B5DE75D22009BFD5130874D21E5BACA8C54DBD5CCB
                                                                                                                                                                                                SHA-512:429E21BA63FE447961AA21533A56E056E5FBE60EE5EAD15F01D62DE2397A7925A486FFE6B413D55016F96564C1BEDCEFF15D234616E2D2A4C41FF82278B28588
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:People who have contributed to Frhed..====================================....Original developer:..Raihan Kibria <raihan@kibria.de>....Maintainer on GitHub:..Takashi Sawanaka (GitHub@sdottaka, 2014 and after)..And other contributors: https://github.com/WinMerge/frhed/graphs/contributors....Localization:....* Dutch:.. Thomas De Rocker <thomasderocker@yahoo.com>....* French:.. Fr.d.ric Dectot.. Lolo S... Need74....* Galician.. Luis A. Mart.nez <luis.martinez.sobrino at gmail.com> (GitHub@qosobrin)....* German.. Tim Gerundt <gerundt@users.sourceforge.net>.. Mr-Update (GitHub@Mr-Update)....* Japanese.. Takashi Sawanaka....* Polish.. Miros.aw .ylewicz (GitHub@miroslaw-zylewicz)....* Slovak.. Jozef Matta <jozef.m923@gmail.com>....* Slovenian.. Jadran Rudec <***@***.***>....Other contributors (heksedit versions):..Jochen Tucht (@jtuc in history, 2017)..Jochen Neubeck (admin@jochen in history, 2013)..Kimmo Varis <kimmov@winmerge.org>..Tim Gerundt <gerundt@users.sourceforge.net>
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19925
                                                                                                                                                                                                Entropy (8bit):4.798085859566502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:9D+peuEzgkm47A95bNZSn/Nywi1NffIE4I6d9qnZ90eKRqPqd:d+wgkz7OhNZI/NywiMED1EWPqd
                                                                                                                                                                                                MD5:2BDF9F20119B82C6CD73EF23A948F068
                                                                                                                                                                                                SHA1:6E0572F586341F99AEA818F9E90D674AC2477846
                                                                                                                                                                                                SHA-256:BE3DA215AA52EEE334676049677C9A34160716F876EA60A7A01EC1D5669EC6AD
                                                                                                                                                                                                SHA-512:66C7EDBBE85B794FBDC65052E1268832FEFA49BB44A55BEB9A2DA1314A0A8B700B52E448D82A0F6D81A5F8F5414A98A04ED140396BE9919D0F5FA9A33BB5B892
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This file lists changes in versions before 1.3.1 Alpha. To see changes in 1.3.1 Alpha..and later releases, see the ChangeLog.txt file.....To find source-level changes use diff or a visual diff prog such as CSdiff (good for RTF files) or Araxis Merge....version Experimental/Alpha..- Status bar.. - notify uses different method w less Win32 calls.. (except "Bits=bbbbbbbb" section) but a little less accurate.. - notify now takes into account some stuff like initpopupmenu does.. - won't change bits on read-only mode etc.. - Optimized notify func & made easier to read.. - Can right-click for slightly different stuff (see src/help file).. - Bugfix when clicking in ANSI/OEM - caret is resized properly now.. - Bugfix when iCurbyte is on the END & there is a selection - used to get goto dlg....- Partial open mode.. - Revert can now be used.. - Open partially deselects when successful.. - Can now change the buffer size in partial open mode because.. I figured out a way to resize
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):154
                                                                                                                                                                                                Entropy (8bit):4.714554859553999
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N1KcxyHvOWK5ABz/fKJS4Ifmd1rT2QA6zgKW7wPl62eiNKJNLNvn:CcxyH7/ic4II6CPW8PjePpn
                                                                                                                                                                                                MD5:6EAD33EDB9A6DF8606541E5A48A77CB5
                                                                                                                                                                                                SHA1:C9A2559222D5DF4737BBA7C470A17D02E5A670A2
                                                                                                                                                                                                SHA-256:1D09EA42D91E1274907E0BAAF06D9DB898B9776536DE9DD80FC9CA59C6BB46DE
                                                                                                                                                                                                SHA-512:206B2446B0286935FD50F50C4C69F5870D2234592104A3C6CDA3FE604C493D498F9669D4D2AC67DB23BB97B111A3FD6B80ABB48BE1FAABEBC3F6299C3E1294EE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:http://bonedaddy.net/pabs3/files/frhed/..http://www.unrealtexture.com/Unreal/Website/Downloads/3DEditing/UnrealEditor/Tools/Info/frhed_v11/frhed_v11.htm..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):45
                                                                                                                                                                                                Entropy (8bit):4.455648863372104
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:gS+AoqnGg553TQJsNRN:gdAhGa9cARN
                                                                                                                                                                                                MD5:071F282CADDD55450ADA69BC4FAEF3F8
                                                                                                                                                                                                SHA1:4DD12E41D372A481FC07D59D69CE89BB0F4E8540
                                                                                                                                                                                                SHA-256:CF537117C1DA1698D587EA3D19E2D9897A278D37B6F4EF9DDCCEB6D74C8032FD
                                                                                                                                                                                                SHA-512:328DD823791BA284E0E343D2FA2C0429D29C609DA33D7E10B83962B4ED9A57675CD10EE95A7F226DA99B12FFCB8C05FBDB8B9979DD95B962EC2C6D23A1BEEB9D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:BYTE filetype..WORD version..DWORD filelength
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19925
                                                                                                                                                                                                Entropy (8bit):4.798085859566502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:9D+peuEzgkm47A95bNZSn/Nywi1NffIE4I6d9qnZ90eKRqPqd:d+wgkz7OhNZI/NywiMED1EWPqd
                                                                                                                                                                                                MD5:2BDF9F20119B82C6CD73EF23A948F068
                                                                                                                                                                                                SHA1:6E0572F586341F99AEA818F9E90D674AC2477846
                                                                                                                                                                                                SHA-256:BE3DA215AA52EEE334676049677C9A34160716F876EA60A7A01EC1D5669EC6AD
                                                                                                                                                                                                SHA-512:66C7EDBBE85B794FBDC65052E1268832FEFA49BB44A55BEB9A2DA1314A0A8B700B52E448D82A0F6D81A5F8F5414A98A04ED140396BE9919D0F5FA9A33BB5B892
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This file lists changes in versions before 1.3.1 Alpha. To see changes in 1.3.1 Alpha..and later releases, see the ChangeLog.txt file.....To find source-level changes use diff or a visual diff prog such as CSdiff (good for RTF files) or Araxis Merge....version Experimental/Alpha..- Status bar.. - notify uses different method w less Win32 calls.. (except "Bits=bbbbbbbb" section) but a little less accurate.. - notify now takes into account some stuff like initpopupmenu does.. - won't change bits on read-only mode etc.. - Optimized notify func & made easier to read.. - Can right-click for slightly different stuff (see src/help file).. - Bugfix when clicking in ANSI/OEM - caret is resized properly now.. - Bugfix when iCurbyte is on the END & there is a selection - used to get goto dlg....- Partial open mode.. - Revert can now be used.. - Open partially deselects when successful.. - Can now change the buffer size in partial open mode because.. I figured out a way to resize
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1638
                                                                                                                                                                                                Entropy (8bit):5.11467331521252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:lubFoYI7elVjeMCPYWr2PVXECHJhIVTgrz:JYhQTr2dXECHJhIVi
                                                                                                                                                                                                MD5:CFAE657B6779BC9792103BD7A000A6A5
                                                                                                                                                                                                SHA1:7AF5EA292877E2A29B1202FFE69C8A1BF3B49E5D
                                                                                                                                                                                                SHA-256:5A44BBC92DA3D4C885D066B5DE75D22009BFD5130874D21E5BACA8C54DBD5CCB
                                                                                                                                                                                                SHA-512:429E21BA63FE447961AA21533A56E056E5FBE60EE5EAD15F01D62DE2397A7925A486FFE6B413D55016F96564C1BEDCEFF15D234616E2D2A4C41FF82278B28588
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:People who have contributed to Frhed..====================================....Original developer:..Raihan Kibria <raihan@kibria.de>....Maintainer on GitHub:..Takashi Sawanaka (GitHub@sdottaka, 2014 and after)..And other contributors: https://github.com/WinMerge/frhed/graphs/contributors....Localization:....* Dutch:.. Thomas De Rocker <thomasderocker@yahoo.com>....* French:.. Fr.d.ric Dectot.. Lolo S... Need74....* Galician.. Luis A. Mart.nez <luis.martinez.sobrino at gmail.com> (GitHub@qosobrin)....* German.. Tim Gerundt <gerundt@users.sourceforge.net>.. Mr-Update (GitHub@Mr-Update)....* Japanese.. Takashi Sawanaka....* Polish.. Miros.aw .ylewicz (GitHub@miroslaw-zylewicz)....* Slovak.. Jozef Matta <jozef.m923@gmail.com>....* Slovenian.. Jadran Rudec <***@***.***>....Other contributors (heksedit versions):..Jochen Tucht (@jtuc in history, 2017)..Jochen Neubeck (admin@jochen in history, 2013)..Kimmo Varis <kimmov@winmerge.org>..Tim Gerundt <gerundt@users.sourceforge.net>
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):154
                                                                                                                                                                                                Entropy (8bit):4.714554859553999
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N1KcxyHvOWK5ABz/fKJS4Ifmd1rT2QA6zgKW7wPl62eiNKJNLNvn:CcxyH7/ic4II6CPW8PjePpn
                                                                                                                                                                                                MD5:6EAD33EDB9A6DF8606541E5A48A77CB5
                                                                                                                                                                                                SHA1:C9A2559222D5DF4737BBA7C470A17D02E5A670A2
                                                                                                                                                                                                SHA-256:1D09EA42D91E1274907E0BAAF06D9DB898B9776536DE9DD80FC9CA59C6BB46DE
                                                                                                                                                                                                SHA-512:206B2446B0286935FD50F50C4C69F5870D2234592104A3C6CDA3FE604C493D498F9669D4D2AC67DB23BB97B111A3FD6B80ABB48BE1FAABEBC3F6299C3E1294EE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:http://bonedaddy.net/pabs3/files/frhed/..http://www.unrealtexture.com/Unreal/Website/Downloads/3DEditing/UnrealEditor/Tools/Info/frhed_v11/frhed_v11.htm..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):45
                                                                                                                                                                                                Entropy (8bit):4.455648863372104
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:gS+AoqnGg553TQJsNRN:gdAhGa9cARN
                                                                                                                                                                                                MD5:071F282CADDD55450ADA69BC4FAEF3F8
                                                                                                                                                                                                SHA1:4DD12E41D372A481FC07D59D69CE89BB0F4E8540
                                                                                                                                                                                                SHA-256:CF537117C1DA1698D587EA3D19E2D9897A278D37B6F4EF9DDCCEB6D74C8032FD
                                                                                                                                                                                                SHA-512:328DD823791BA284E0E343D2FA2C0429D29C609DA33D7E10B83962B4ED9A57675CD10EE95A7F226DA99B12FFCB8C05FBDB8B9979DD95B962EC2C6D23A1BEEB9D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:BYTE filetype..WORD version..DWORD filelength
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10194
                                                                                                                                                                                                Entropy (8bit):5.068515088227938
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:gpREQanuy9jH35d8BbjP219v3qeCh12CyoRGH48D6oAEXa04wB1Gx:gpREPff+P2/da1yoR8goJox
                                                                                                                                                                                                MD5:B9F00A431D3B266CA691C73CB9B0DE9B
                                                                                                                                                                                                SHA1:D4EC0BFFC3ABAB9AE19C781E42A9757B83FFD644
                                                                                                                                                                                                SHA-256:DF8BB22BAA0CB5EED922DEBED5BBBE5AA878A09941E8B0E6AE35A4E49F96C834
                                                                                                                                                                                                SHA-512:50AAABE71FDFA50C3A0DD87B52EA6A1F055906618879D9708A8EC74ECEE607BFDB9F137E5DFE750D3470AA7D89527C0A72052BC6BD4F1DB01C5FE2E6A2BFEEF2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This file summarizes changes in Frhed releases...Numbers in parentheses refer to SourceForge.net tracker item numbers (#XXXXX) or..to Subversion revision numbers (rXXXXX).....For changes in version 1.1 beta 1 and earlier, see the History.txt file.....Frhed 0.10904.2017.14 (2023-12-19).. BugFix: Could not replace data at the end of the file.. Update French translation....Frhed 0.10904.2017.13 (2023-11-03).. BugFix: Searching with the 32-bit version of frhed sometimes scrolled to an unexpected position... Update French translation....Frhed 0.10904.2017.12 (2023-02-04).. BugFix: Resizing WinMerge Window looses the correct scroll position for the memory address your cursor is at (#13).. (Problem only when embedded in WinMerge).. Update German translation....Frhed 0.10904.2017.11 (2022-11-06).. Add Open files larger than 2GB for 64bit version....frhed 0.10904.2017.9 (2022-03-18).. Add Tranlslation : Polish, Slovak....Frhed 0.10904.2017.7 (2021-04-03).. Add ARM64 support....Frhed
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18327
                                                                                                                                                                                                Entropy (8bit):4.734251349778708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lq2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDT2:lzun1iYWrTXo0UDT2
                                                                                                                                                                                                MD5:537A8603E1EDA9DE80EE34F607C0CB09
                                                                                                                                                                                                SHA1:9871A6FC4895037B02AC04978AB4A21D9BA4030C
                                                                                                                                                                                                SHA-256:D3533C10B656BEC2782600B05B471ABE3AC916E228B27929CDA1F83C49D7E7A5
                                                                                                                                                                                                SHA-512:5DDFA15A89DCF147072A442C05AA16AF6A215FE8A3811E5A71007099D260687929A5505373F96B9F70EF21E101DC7042345CD358150367905C4CBA18E5DA32B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed........ Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free software, we are referring to freedom, not..price. Our General Publi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58943
                                                                                                                                                                                                Entropy (8bit):5.148573435822846
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:W4fx7ieHltnGjfQauI4YEFasjAqrR3umI7pEImm1S4flZLHll70Koa:W4fx7igp/FFasTF0ESfl1Hll06
                                                                                                                                                                                                MD5:4CFA0E952B2B8DAD6BF4DB1EABBC8A1D
                                                                                                                                                                                                SHA1:E83385D57C1A654F063D8AC7250B8192BB7A0ADF
                                                                                                                                                                                                SHA-256:35B15829919D760EA8F87D4726926A0818847A0DB9432BBA28261C470BE4659D
                                                                                                                                                                                                SHA-512:C3BF17DA6C65FA8FC647E982885DFD006719EBC085EB4192EE201B48BBBCF2D0AE2C1590C757FCFD8017E2B741C7ACBB25212CE476E37A3966D786F3C3654B91
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Tim Gerundt <tim at gerundt.de>.#.# ID line follows -- this is updated by SVN.# $Id: de.po 697 2009-06-10 11:30:30Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2020-08-21 00:20+0000\n"."Last-Translator: Mr. Update\n"."Language-Team: German <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-Language: German\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_GERMAN, SUBLANG_GERMAN"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "65001"..#: heksedit.rc:12.#, c-format.msgid "
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text, with very long lines (302)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60483
                                                                                                                                                                                                Entropy (8bit):5.1267124843958785
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:WeYdzbITVazVyll0DhTZ+dL4emaQXa7WqhRLkuIOU:WeYhHzVyll09TZiL4e+MLkVl
                                                                                                                                                                                                MD5:A2E97FAE64E59DFC0847EBAB810E7FA0
                                                                                                                                                                                                SHA1:E8E8D67CD98322A95C75CBD6BACDEFA6A3A5E4C9
                                                                                                                                                                                                SHA-256:13A7373AF166E25AF5EF69824F6998B55AEAF527B374788627AC37FD382F31F9
                                                                                                                                                                                                SHA-512:85EB26CC9DFAC5A9A5E7F9D0A2CA0FD8247C88BE6CD2B31EDCB59922F2F5A3F0470C3FF8F02F94FBE0F379178843014ADE98C5582F5D551887FB95012D484F27
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * freddydelanuit <fred.dec@free.fr>.# * Lolo S. <slolo2000 at hotmail.com>.# * Need74 <need74 at free.fr>.#.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: 2022-11-06 12:47+0000\n"."PO-Revision-Date: 2023-12-18 19:57:19+0100\n"."Last-Translator: Lolo S. <slolo2000@hotmail.com>\n"."Language-Team: freddydelanuit <fred.dec@free.fr>\n"."Language: fr\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."X-Generator: Poedit 3.4.1\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_FRENCH, SUBLANG_FRENCH_FR"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "65001"..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):96872
                                                                                                                                                                                                Entropy (8bit):5.33928443875562
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:LQD9V+zMxqfIOHOirWyJJdsuzQnOcI4zPFaCLvcvtxRtHvAXShOyGheSoQuGXPJp:LLnrW8mucnOx4rFaCLUlMQOTkL7GXPJp
                                                                                                                                                                                                MD5:FAC5ACE3508163EA5A868C53C711304D
                                                                                                                                                                                                SHA1:C8E0B751AB041826E16944E777BA334E7117B29F
                                                                                                                                                                                                SHA-256:834F3197C0F110B3DC4E99A4227CEAEB075FAA92DB62F09407DF10F9E9AC5044
                                                                                                                                                                                                SHA-512:3DCD6CAD69060D65D4D5CB738ED0BC4CD609D43D0FCC2C2B27E1E57D0B8763202782B6D27756207ED8BE5269028E9F8750E6BC77B13C740339CE6B3509445317
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.f.....R.f.P...R.Rich..R.PE..d....e.........." .........P...............................................p............`.......................................................... .. M...........R..h(...........................................................................................rdata..p...........................@..@.rsrc... M... ...N..................@..@.....e........T........................rdata......T....rdata$zzzdbg.... .......rsrc$01........P>...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):57930
                                                                                                                                                                                                Entropy (8bit):5.071981644281668
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:WN/z4mcvm6DFa76oAgAEQ6ms6MevcKFZQRtneODcCE:WNcrNFa76dEIFZQiOK
                                                                                                                                                                                                MD5:DA8954AB979960689708F792430ECA76
                                                                                                                                                                                                SHA1:5230A24CAEE1467D2682FEAF4B974EF7F9687E29
                                                                                                                                                                                                SHA-256:35D8E9B7C38FDF70926CE41E3758C5596CD89638162F6482F7C1E033EDA3194C
                                                                                                                                                                                                SHA-512:B80429D0998A2A23A094E3CA0DC896359847744B6F959C6347699A29B7C376C7EF4ABCAD9CE28D1289F0F89C3D753F4F5DA539A866C13C53AC5C5FB2EB024513
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Thomas De Rocker <thomasderocker@yahoo.com>.#.# ID line follows -- this is updated by SVN.# $Id: nl.po 715 2009-06-14 18:12:29Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: 2009-06-10 14:28+0000\n"."PO-Revision-Date: \n"."Last-Translator: Thomas De Rocker <thomasderocker@yahoo.com>\n"."Language-Team: Dutch <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-Language: Dutch\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../\n"."X-Poedit-Country: BELGIUM\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_DUTCH, SUBLANG_DUTCH"..#. Codepage.#: heksedit.rc:6.#, c-format.msg
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58943
                                                                                                                                                                                                Entropy (8bit):5.148573435822846
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:W4fx7ieHltnGjfQauI4YEFasjAqrR3umI7pEImm1S4flZLHll70Koa:W4fx7igp/FFasTF0ESfl1Hll06
                                                                                                                                                                                                MD5:4CFA0E952B2B8DAD6BF4DB1EABBC8A1D
                                                                                                                                                                                                SHA1:E83385D57C1A654F063D8AC7250B8192BB7A0ADF
                                                                                                                                                                                                SHA-256:35B15829919D760EA8F87D4726926A0818847A0DB9432BBA28261C470BE4659D
                                                                                                                                                                                                SHA-512:C3BF17DA6C65FA8FC647E982885DFD006719EBC085EB4192EE201B48BBBCF2D0AE2C1590C757FCFD8017E2B741C7ACBB25212CE476E37A3966D786F3C3654B91
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Tim Gerundt <tim at gerundt.de>.#.# ID line follows -- this is updated by SVN.# $Id: de.po 697 2009-06-10 11:30:30Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2020-08-21 00:20+0000\n"."Last-Translator: Mr. Update\n"."Language-Team: German <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-Language: German\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_GERMAN, SUBLANG_GERMAN"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "65001"..#: heksedit.rc:12.#, c-format.msgid "
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):96872
                                                                                                                                                                                                Entropy (8bit):5.33928443875562
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:LQD9V+zMxqfIOHOirWyJJdsuzQnOcI4zPFaCLvcvtxRtHvAXShOyGheSoQuGXPJp:LLnrW8mucnOx4rFaCLUlMQOTkL7GXPJp
                                                                                                                                                                                                MD5:FAC5ACE3508163EA5A868C53C711304D
                                                                                                                                                                                                SHA1:C8E0B751AB041826E16944E777BA334E7117B29F
                                                                                                                                                                                                SHA-256:834F3197C0F110B3DC4E99A4227CEAEB075FAA92DB62F09407DF10F9E9AC5044
                                                                                                                                                                                                SHA-512:3DCD6CAD69060D65D4D5CB738ED0BC4CD609D43D0FCC2C2B27E1E57D0B8763202782B6D27756207ED8BE5269028E9F8750E6BC77B13C740339CE6B3509445317
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.f.....R.f.P...R.Rich..R.PE..d....e.........." .........P...............................................p............`.......................................................... .. M...........R..h(...........................................................................................rdata..p...........................@..@.rsrc... M... ...N..................@..@.....e........T........................rdata......T....rdata$zzzdbg.... .......rsrc$01........P>...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58502
                                                                                                                                                                                                Entropy (8bit):5.1812314517893
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Wa1PT+/hKYoI7PxvGVyv5Nfq1JruBSnFV6Nm3xqIRYwH:Wa9a/ZvGVyvmVFVzhqIRYu
                                                                                                                                                                                                MD5:6C66B3054E13019D52007239D0516116
                                                                                                                                                                                                SHA1:E682AA270AD678F231331488BD48DCC80ABA5244
                                                                                                                                                                                                SHA-256:39C74F19BE477D7EF38AD8D9CB3AE6C3AD31715B485F37BEA6255C74BC54891C
                                                                                                                                                                                                SHA-512:AD5F3C08F160BB5A25A76B5158DFA4FCB97BC2041E170280E1AE9CC04B47A04B05F1E52BC800613DE0B2760C23FF5F6BA5119D4F02190A0FB76F6DA2C9668E24
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# ID line follows -- this is updated by SVN.# $Id: $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2022-03-20 22:23+0100\n"."Last-Translator: Jadran Rudec <jrudec@gmail.com>\n"."Language-Team: Slovenian <jrudec@gmail.com>\n"."Language: sl_SI\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100>=3 && n%100<=4 ? 2 : 3);\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."X-Generator: Poedit 3.0.1\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_SLOVENIAN, SUBLANG_SLOVENIAN"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "6500
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text, with very long lines (302)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60483
                                                                                                                                                                                                Entropy (8bit):5.1267124843958785
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:WeYdzbITVazVyll0DhTZ+dL4emaQXa7WqhRLkuIOU:WeYhHzVyll09TZiL4e+MLkVl
                                                                                                                                                                                                MD5:A2E97FAE64E59DFC0847EBAB810E7FA0
                                                                                                                                                                                                SHA1:E8E8D67CD98322A95C75CBD6BACDEFA6A3A5E4C9
                                                                                                                                                                                                SHA-256:13A7373AF166E25AF5EF69824F6998B55AEAF527B374788627AC37FD382F31F9
                                                                                                                                                                                                SHA-512:85EB26CC9DFAC5A9A5E7F9D0A2CA0FD8247C88BE6CD2B31EDCB59922F2F5A3F0470C3FF8F02F94FBE0F379178843014ADE98C5582F5D551887FB95012D484F27
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * freddydelanuit <fred.dec@free.fr>.# * Lolo S. <slolo2000 at hotmail.com>.# * Need74 <need74 at free.fr>.#.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: 2022-11-06 12:47+0000\n"."PO-Revision-Date: 2023-12-18 19:57:19+0100\n"."Last-Translator: Lolo S. <slolo2000@hotmail.com>\n"."Language-Team: freddydelanuit <fred.dec@free.fr>\n"."Language: fr\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."X-Generator: Poedit 3.4.1\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_FRENCH, SUBLANG_FRENCH_FR"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "65001"..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64502
                                                                                                                                                                                                Entropy (8bit):5.870848118629421
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:W8GzIC3vhYCFa3C5WQPLMcei5Ius7xOZh:W8G751Fa30WhtiKuO6
                                                                                                                                                                                                MD5:2071A691473D6BF74E6EE5AF0F50FC2E
                                                                                                                                                                                                SHA1:BB3B2C456706A44AEDB29B69F97869C797F88502
                                                                                                                                                                                                SHA-256:26DE1CFF6EFBAC44B67B7C5D8C613359D2D9F1035F40552A3506B66DB8B8795E
                                                                                                                                                                                                SHA-512:9A2EB0868436C9C7289811ED3DC8D8A1A2ADDB067893DFD244E35BAB2C4017E36053516EE3F213DAE52C8F0B11EA2808628664C80BEF8F68CDE96DAD50857B87
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Takashi Sawanaka <sawanaka@d1.dion.ne.jp>.#.# ID line follows -- this is updated by SVN.# $Id: ja.po 697 2009-06-10 11:30:30Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?"."group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2018-05-03 00:00+0900\n"."Last-Translator: Takashi Sawanaka <sawanaka@d1.dion.ne.jp>\n"."Language-Team: German <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."Language: ja\n"."X-Generator: Poedit 2.0.7\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_JAPANESE, SUBLANG_JAPANESE"..#. Codepage.#: heksedit.rc:6.#, c-format.m
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64502
                                                                                                                                                                                                Entropy (8bit):5.870848118629421
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:W8GzIC3vhYCFa3C5WQPLMcei5Ius7xOZh:W8G751Fa30WhtiKuO6
                                                                                                                                                                                                MD5:2071A691473D6BF74E6EE5AF0F50FC2E
                                                                                                                                                                                                SHA1:BB3B2C456706A44AEDB29B69F97869C797F88502
                                                                                                                                                                                                SHA-256:26DE1CFF6EFBAC44B67B7C5D8C613359D2D9F1035F40552A3506B66DB8B8795E
                                                                                                                                                                                                SHA-512:9A2EB0868436C9C7289811ED3DC8D8A1A2ADDB067893DFD244E35BAB2C4017E36053516EE3F213DAE52C8F0B11EA2808628664C80BEF8F68CDE96DAD50857B87
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Takashi Sawanaka <sawanaka@d1.dion.ne.jp>.#.# ID line follows -- this is updated by SVN.# $Id: ja.po 697 2009-06-10 11:30:30Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?"."group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2018-05-03 00:00+0900\n"."Last-Translator: Takashi Sawanaka <sawanaka@d1.dion.ne.jp>\n"."Language-Team: German <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."Language: ja\n"."X-Generator: Poedit 2.0.7\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_JAPANESE, SUBLANG_JAPANESE"..#. Codepage.#: heksedit.rc:6.#, c-format.m
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):57930
                                                                                                                                                                                                Entropy (8bit):5.071981644281668
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:WN/z4mcvm6DFa76oAgAEQ6ms6MevcKFZQRtneODcCE:WNcrNFa76dEIFZQiOK
                                                                                                                                                                                                MD5:DA8954AB979960689708F792430ECA76
                                                                                                                                                                                                SHA1:5230A24CAEE1467D2682FEAF4B974EF7F9687E29
                                                                                                                                                                                                SHA-256:35D8E9B7C38FDF70926CE41E3758C5596CD89638162F6482F7C1E033EDA3194C
                                                                                                                                                                                                SHA-512:B80429D0998A2A23A094E3CA0DC896359847744B6F959C6347699A29B7C376C7EF4ABCAD9CE28D1289F0F89C3D753F4F5DA539A866C13C53AC5C5FB2EB024513
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Thomas De Rocker <thomasderocker@yahoo.com>.#.# ID line follows -- this is updated by SVN.# $Id: nl.po 715 2009-06-14 18:12:29Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: 2009-06-10 14:28+0000\n"."PO-Revision-Date: \n"."Last-Translator: Thomas De Rocker <thomasderocker@yahoo.com>\n"."Language-Team: Dutch <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-Language: Dutch\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../\n"."X-Poedit-Country: BELGIUM\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_DUTCH, SUBLANG_DUTCH"..#. Codepage.#: heksedit.rc:6.#, c-format.msg
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58502
                                                                                                                                                                                                Entropy (8bit):5.1812314517893
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Wa1PT+/hKYoI7PxvGVyv5Nfq1JruBSnFV6Nm3xqIRYwH:Wa9a/ZvGVyvmVFVzhqIRYu
                                                                                                                                                                                                MD5:6C66B3054E13019D52007239D0516116
                                                                                                                                                                                                SHA1:E682AA270AD678F231331488BD48DCC80ABA5244
                                                                                                                                                                                                SHA-256:39C74F19BE477D7EF38AD8D9CB3AE6C3AD31715B485F37BEA6255C74BC54891C
                                                                                                                                                                                                SHA-512:AD5F3C08F160BB5A25A76B5158DFA4FCB97BC2041E170280E1AE9CC04B47A04B05F1E52BC800613DE0B2760C23FF5F6BA5119D4F02190A0FB76F6DA2C9668E24
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# ID line follows -- this is updated by SVN.# $Id: $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2022-03-20 22:23+0100\n"."Last-Translator: Jadran Rudec <jrudec@gmail.com>\n"."Language-Team: Slovenian <jrudec@gmail.com>\n"."Language: sl_SI\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100>=3 && n%100<=4 ? 2 : 3);\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."X-Generator: Poedit 3.0.1\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_SLOVENIAN, SUBLANG_SLOVENIAN"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "6500
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):425064
                                                                                                                                                                                                Entropy (8bit):6.213051440649337
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:x7m4rMSKTqiE8kaTL3x+Z4YrnwT377PghLECTsSsIhEoQ1keKUK2mZ28d+QU9NR0:eSKPkmxjvghICzsIhpekBUorsvRPc
                                                                                                                                                                                                MD5:A1A8DFCEC0AA980B88AD997B6ACEB2C4
                                                                                                                                                                                                SHA1:CFC8E6861A365B10EF8DF537CE6E008CC6317F85
                                                                                                                                                                                                SHA-256:8CF0E9F7D3B2C3B282752A23EEF25F787733DE6853A31A015043140C287AD4D1
                                                                                                                                                                                                SHA-512:2174F8C529B1A61D55D6F5BCED5560F85465877345205511C543C4A45326F4AFBF7318628C03C3184A3A49F24E6D83A4F90867F436BCA92CBC853963F1129EAA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......[8.i.Y.:.Y.:.Y.:..O:.Y.:..M:.Y.:..L:.Y.:M1.;;Y.:M1.;.Y.:M1.;.Y.:.!=:.Y.:.!9:.Y.:.!6:.Y.:.!-:.Y.:.Y.:]X.:.0.;$Y.:.0.;.Y.:.0A:.Y.:.0.;.Y.:Rich.Y.:........................PE..d....e.........." .....:...>............................................................`..........................................'......<(..................l0...T..h(......t.......T...........................0................P...............................text....9.......:.................. ..`.rdata.. ....P.......>..............@..@.data...d8...P.......8..............@....pdata..l0.......2...J..............@..@.rsrc................|..............@..@.reloc..t............L..............@..B........................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18327
                                                                                                                                                                                                Entropy (8bit):4.734251349778708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lq2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDT2:lzun1iYWrTXo0UDT2
                                                                                                                                                                                                MD5:537A8603E1EDA9DE80EE34F607C0CB09
                                                                                                                                                                                                SHA1:9871A6FC4895037B02AC04978AB4A21D9BA4030C
                                                                                                                                                                                                SHA-256:D3533C10B656BEC2782600B05B471ABE3AC916E228B27929CDA1F83C49D7E7A5
                                                                                                                                                                                                SHA-512:5DDFA15A89DCF147072A442C05AA16AF6A215FE8A3811E5A71007099D260687929A5505373F96B9F70EF21E101DC7042345CD358150367905C4CBA18E5DA32B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed........ Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free software, we are referring to freedom, not..price. Our General Publi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):425064
                                                                                                                                                                                                Entropy (8bit):6.213051440649337
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:x7m4rMSKTqiE8kaTL3x+Z4YrnwT377PghLECTsSsIhEoQ1keKUK2mZ28d+QU9NR0:eSKPkmxjvghICzsIhpekBUorsvRPc
                                                                                                                                                                                                MD5:A1A8DFCEC0AA980B88AD997B6ACEB2C4
                                                                                                                                                                                                SHA1:CFC8E6861A365B10EF8DF537CE6E008CC6317F85
                                                                                                                                                                                                SHA-256:8CF0E9F7D3B2C3B282752A23EEF25F787733DE6853A31A015043140C287AD4D1
                                                                                                                                                                                                SHA-512:2174F8C529B1A61D55D6F5BCED5560F85465877345205511C543C4A45326F4AFBF7318628C03C3184A3A49F24E6D83A4F90867F436BCA92CBC853963F1129EAA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......[8.i.Y.:.Y.:.Y.:..O:.Y.:..M:.Y.:..L:.Y.:M1.;;Y.:M1.;.Y.:M1.;.Y.:.!=:.Y.:.!9:.Y.:.!6:.Y.:.!-:.Y.:.Y.:]X.:.0.;$Y.:.0.;.Y.:.0A:.Y.:.0.;.Y.:Rich.Y.:........................PE..d....e.........." .....:...>............................................................`..........................................'......<(..................l0...T..h(......t.......T...........................0................P...............................text....9.......:.................. ..`.rdata.. ....P.......>..............@..@.data...d8...P.......8..............@....pdata..l0.......2...J..............@..@.rsrc................|..............@..@.reloc..t............L..............@..B........................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5720
                                                                                                                                                                                                Entropy (8bit):7.947394525856063
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:YkOCKIR48KSroaHR4c1VJlbB98L6/50xQDt06wIqHLOYz4syrt/eu6DJxFZ74pfQ:Tphfx6c1q6QQDt06wIsz40u4J5qfIr
                                                                                                                                                                                                MD5:21145408985267F224425F18CCDD96AE
                                                                                                                                                                                                SHA1:DF0FF01BBCA144309DBDC69CBF8DB1B907D511D8
                                                                                                                                                                                                SHA-256:79545A24803B150F573D37D9D497F91612384A5CDFB909CC82D8A12CAC50797B
                                                                                                                                                                                                SHA-512:BD2764BF6BBF056FF827BFD370380DF1E812C5A8571B65F37965712652D9C642BD2576247A448BFE4BBDE098F2A80B9318E62EB4667F3BE56E784FABA6C9A585
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.PNG........IHDR.............<.q.....IDATx..............eX....j.X..X .b!...X..b!.b.X..XpZ,......B,......h..t....s..3.....r.?f,?fffffffff*3.9)&m....{~{FZ3..M...vu.^k.#9./gK..|....&CbL...q....-.....U*km...R....p..Y...l\L.g.?../...O..EL.P..Xw..s....._.d:G#.X...m....0b..`|-.....b....>......k./....}.....).m$.Y...EK!T4..).).....kl...;M.......u)X.....R,........G.{....Gbo....=P.....mYW3.$Y..HjS...T.u...y..Gl}.2..p....=.r....f^z...\.y.c.x....+/....X......PU.E..TM.w..3.Vz..*....T...z..C..Y`X2=.5......<..9.Wo.....z.so.....X..S%..:..N.q.D.&...lW.kb..J.9...P..<..)..}....f..|../^.....4...u..&.d=.v..d.7..H.PUH'.s.0.Z...i.F.R=.....q.!.G.....c.+....9..;..~..~.....g?...].vOx..V.f..!..H..".QPHbOP.5J..3.J.1...5}.....V..cn24...,._.cF{..l=.........._....y.....k..?t.(.t..!.|..<...T..Nq.7.TWu.:.:.{jT...Fgl.hL~.(v..R(Y:...$..GX=.....Q.b......{.MO:.Q........P.@.....'.*|.<."c@.T.Up.Pp.s.x5S.j-G..L.....b....!.. ....1./..o..%.U..Bhy..f,..G>.'.]..7.t.P.D.\....K
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2931
                                                                                                                                                                                                Entropy (8bit):7.913972384188757
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:0lwit+d0ShTLH8siGM1I2oAF4GeJQulmwuj8nJMDWTirKXU3nPXD:0uit+2Spbix15rVnN7YJMoUb
                                                                                                                                                                                                MD5:175F96CDF159010C6CE1C67A7F58B144
                                                                                                                                                                                                SHA1:A5A4907906F14A8977049EE0FCDB67242B3CD25B
                                                                                                                                                                                                SHA-256:62B6CDF2A71F447561F9EF4D822225E802F863A68D7F3041700E33B0050218DC
                                                                                                                                                                                                SHA-512:49D008B22F97A462C1F3669A5EDDBBEA078B2A99479444D10EEECE58EF65E7F65B09B70C0FE31655C95904BBE2B2EEB14A226EA53AFD34EFF69FCE96780D677A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.PNG........IHDR...F...F.....q.....:IDATx...p.I.....#..;...Z.3/.1..2.........TaXf^;.X.L.s<..../.].W..=..0.|.mI..@'.a.D.L>:`:`:`:`:`:`:`:`:`:`:.....p.b.~box....P.....w1.....W8.../.x....x.9.q......z...m....K7_....x..;.x....yb.c..O.f.7.......s.b.Y'...5..s.m.............Ld.p]...X#..i_m....~.....z....l_>.'...S.t....uM.....u.dZ.qF.7..I.i....}jM:..W+...4..}{.....[....D../..-8...5B.{.IjA#........`U..0g.0.9....!.bc?....<W....}Ax..if.t9C.*3"K.J.M.7.U..&.C#...e...e|.7......w[.x.%.x.\......^.2g....z!VOs.b.4m.V...`..{FFbV..[.....0..{8.9....<.....{..~.....`$5.D..*>..[..g.....7.<8\..N..O...F..]`..}....<...`....W=.........z.6.\..F......WbQ.1..D.1xM.N.....p..5.J..N....;.9.........J.|..v........h-.S..qp.?..o..g_ume.8..b......@..SC.*.Z..I.e.....+U.nxdd...y./.8xo.......n.....?...........{.&.[...c...U.$..z.].|...?..9.P...k...{...'......:a\i*.<\..'._.1k.v..'v..?Y..g~}+..{......w....$....{c".q.g=..>.9..=.f.U...A?.8..=....Xc...TI.|...rD..0.o.;.:..Ix..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2931
                                                                                                                                                                                                Entropy (8bit):7.913972384188757
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:0lwit+d0ShTLH8siGM1I2oAF4GeJQulmwuj8nJMDWTirKXU3nPXD:0uit+2Spbix15rVnN7YJMoUb
                                                                                                                                                                                                MD5:175F96CDF159010C6CE1C67A7F58B144
                                                                                                                                                                                                SHA1:A5A4907906F14A8977049EE0FCDB67242B3CD25B
                                                                                                                                                                                                SHA-256:62B6CDF2A71F447561F9EF4D822225E802F863A68D7F3041700E33B0050218DC
                                                                                                                                                                                                SHA-512:49D008B22F97A462C1F3669A5EDDBBEA078B2A99479444D10EEECE58EF65E7F65B09B70C0FE31655C95904BBE2B2EEB14A226EA53AFD34EFF69FCE96780D677A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.PNG........IHDR...F...F.....q.....:IDATx...p.I.....#..;...Z.3/.1..2.........TaXf^;.X.L.s<..../.].W..=..0.|.mI..@'.a.D.L>:`:`:`:`:`:`:`:`:`:`:.....p.b.~box....P.....w1.....W8.../.x....x.9.q......z...m....K7_....x..;.x....yb.c..O.f.7.......s.b.Y'...5..s.m.............Ld.p]...X#..i_m....~.....z....l_>.'...S.t....uM.....u.dZ.qF.7..I.i....}jM:..W+...4..}{.....[....D../..-8...5B.{.IjA#........`U..0g.0.9....!.bc?....<W....}Ax..if.t9C.*3"K.J.M.7.U..&.C#...e...e|.7......w[.x.%.x.\......^.2g....z!VOs.b.4m.V...`..{FFbV..[.....0..{8.9....<.....{..~.....`$5.D..*>..[..g.....7.<8\..N..O...F..]`..}....<...`....W=.........z.6.\..F......WbQ.1..D.1xM.N.....p..5.J..N....;.9.........J.|..v........h-.S..qp.?..o..g_ume.8..b......@..SC.*.Z..I.e.....+U.nxdd...y./.8xo.......n.....?...........{.&.[...c...U.$..z.].|...?..9.P...k...{...'......:a\i*.<\..'._.1k.v..'v..?Y..g~}+..{......w....$....{c".q.g=..>.9..=.f.U...A?.8..=....Xc...TI.|...rD..0.o.;.:..Ix..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5720
                                                                                                                                                                                                Entropy (8bit):7.947394525856063
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:YkOCKIR48KSroaHR4c1VJlbB98L6/50xQDt06wIqHLOYz4syrt/eu6DJxFZ74pfQ:Tphfx6c1q6QQDt06wIsz40u4J5qfIr
                                                                                                                                                                                                MD5:21145408985267F224425F18CCDD96AE
                                                                                                                                                                                                SHA1:DF0FF01BBCA144309DBDC69CBF8DB1B907D511D8
                                                                                                                                                                                                SHA-256:79545A24803B150F573D37D9D497F91612384A5CDFB909CC82D8A12CAC50797B
                                                                                                                                                                                                SHA-512:BD2764BF6BBF056FF827BFD370380DF1E812C5A8571B65F37965712652D9C642BD2576247A448BFE4BBDE098F2A80B9318E62EB4667F3BE56E784FABA6C9A585
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.PNG........IHDR.............<.q.....IDATx..............eX....j.X..X .b!...X..b!.b.X..XpZ,......B,......h..t....s..3.....r.?f,?fffffffff*3.9)&m....{~{FZ3..M...vu.^k.#9./gK..|....&CbL...q....-.....U*km...R....p..Y...l\L.g.?../...O..EL.P..Xw..s....._.d:G#.X...m....0b..`|-.....b....>......k./....}.....).m$.Y...EK!T4..).).....kl...;M.......u)X.....R,........G.{....Gbo....=P.....mYW3.$Y..HjS...T.u...y..Gl}.2..p....=.r....f^z...\.y.c.x....+/....X......PU.E..TM.w..3.Vz..*....T...z..C..Y`X2=.5......<..9.Wo.....z.so.....X..S%..:..N.q.D.&...lW.kb..J.9...P..<..)..}....f..|../^.....4...u..&.d=.v..d.7..H.PUH'.s.0.Z...i.F.R=.....q.!.G.....c.+....9..;..~..~.....g?...].vOx..V.f..!..H..".QPHbOP.5J..3.J.1...5}.....V..cn24...,._.cF{..l=.........._....y.....k..?t.(.t..!.|..<...T..Nq.7.TWu.:.:.{jT...Fgl.hL~.(v..R(Y:...$..GX=.....Q.b......{.MO:.Q........P.@.....'.*|.<."c@.T.Up.Pp.s.x5S.j-G..L.....b....!.. ....1./..o..%.U..Bhy..f,..G>.'.]..7.t.P.D.\....K
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1891840
                                                                                                                                                                                                Entropy (8bit):6.29517110582479
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:CmnN6yAgaTr17cdftN0+ju1zzHiDefMyUz/uDIVAlan:BnN34Th7criCDeUyXDiua
                                                                                                                                                                                                MD5:0009BD5E13766D11A23289734B383CBE
                                                                                                                                                                                                SHA1:913784502BE52CE33078D75B97A1C1396414CF44
                                                                                                                                                                                                SHA-256:3691ADCEFC6DA67EEDD02A1B1FC7A21894AFD83ECF1B6216D303ED55A5F8D129
                                                                                                                                                                                                SHA-512:D92CD55FCEF5B15975C741F645F9C3CC53AE7CD5DFFD5D5745ADECF098B9957E8ED379E50F3D0855D54598E950B2DBF79094DA70D94DFD7FC40BDA7163A09B2B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..........................................l................h.............................Rich....................PE..d.....rf.........." .....8...z...... .....................................................`.....................................................x.......p........=..............."...................................................P...............................text....6.......8.................. ..`.rdata..Q....P.......<..............@..@.data...............................@....pdata...=.......>..................@..@.rsrc...p...........................@..@.reloc..\5.......6..................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6210
                                                                                                                                                                                                Entropy (8bit):4.906576204359403
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:JB/W8Ncd1ccFoYjOvyQn5Oo615C94ghyBmIJeuoCueabLBQNksrWgd1kB6b5WlIm:J55UScE5UToWWioSwhbULfTvm4/qxzfN
                                                                                                                                                                                                MD5:553A02739D516379833451440076F884
                                                                                                                                                                                                SHA1:27A428D5EB9F961D6461F94AA3E414F0E3697296
                                                                                                                                                                                                SHA-256:83B1AE6D3486C2653766A28806AC110C9A0AFDE17020CA6AA0B7550A2F10E147
                                                                                                                                                                                                SHA-512:BE3CFF1E392F4216310B455D73E86B485245EBD9C94BC370233C130E14FC97F92FA1C74567025F506D42EADFC21CC1D7F845D76607BB933A1C654FB7A493796F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:HISTORY of the 7-Zip..--------------------....This file contains information about changes for latest versions of 7-Zip...The full changelog file can be downloaded here:..https://7-zip.org/history.txt......24.07 2024-06-19..-------------------------..- The bug was fixed: 7-Zip could crash for some incorrect ZSTD archives.......24.06 2024-05-26..-------------------------..- The bug was fixed: 7-Zip could not unpack some ZSTD archives.......24.05 2024-05-14..-------------------------..- New switch -myv={MMNN} to set decoder compatibility version for 7z archive creating... {MMNN} is 4-digit number that represents the version of 7-Zip without a dot... If -myv={MMNN} switch is specified, 7-Zip will only use compression methods that can.. be decoded by the specified version {MMNN} of 7-Zip and newer versions... If -myv={MMNN} switch is not specified, -myv=2300 is used, and 7-Zip will only.. use compression methods that can be decoded by 7-Zip 23.00 and newer v
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4621
                                                                                                                                                                                                Entropy (8bit):4.969434576878072
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:bdDW+Wz9my7MIlXq2sQqpxjOsgEGh4YdVDpZfir99v7+bv:sfwy7XlXq2sfpxjOsRGhfVDpZfCji
                                                                                                                                                                                                MD5:DF216FAE5B13D3C3AFE87E405FD34B97
                                                                                                                                                                                                SHA1:787CCB4E18FC2F12A6528ADBB7D428397FC4678A
                                                                                                                                                                                                SHA-256:9CF684EA88EA5A479F510750E4089AEE60BBB2452AA85285312BAFCC02C10A34
                                                                                                                                                                                                SHA-512:A6EEE3D60B88F9676200B40CA9C44CC4E64CF555D9B8788D4FDE05E05B8CA5DA1D2C7A72114A18358829858D10F2BEFF094AFD3BC12B370460800040537CFF68
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Petri Jooste.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Afrikaans.Afrikaans.401.OK.Kanselleer....&Ja.&Nee.A&fsluit.Hulp..&Gaan voort.440.Ja vir &almal.Nee vir a&lmal.Stop.Herbegin.&Agtergrond.&Voorgrond.&Wag.Wagtend.Is u seker dat u wil kanselleer?.500.&L.er.R&edigeer.&Vertoon.G&unstelinge.&Gereedskap.&Hulp.540.&Open.Open &Binne.Open B&uite.&Wys.R&edigeer.Her&noem.&Kopieer na....&Verskuif na....Ve&rwyder.Ver&deel l.er....Kom&bineer l.ers....E&ienskappe.Komme&ntaar...Maak gids.Maak l.er.A&fsluit.600.Selekteer &alles.Deselekteer a&lles.Keer &seleksie om.Selekteer....Deselekteer....Selekteer op Soort.Deselekteer op Soort.700.&Groot ikone.&Klein ikone.&Lys.&Detail.730.Ongesorteer..&2 Panele.&Nutsbalke.Maak wortelgids oop.Een vlak ho.r.Gidse geskiedenis....&Verfris.750.Argiveernutsbalk.Standaardnutsbalk.Groot knoppies.Wys teks op knoppies.800.Voeg gids by gunstelinge &as.Boekmerk.900.&Opsies....&Normtoetsing.960.&Inhoud....&Aangaande 7-Zip....1003.Pad.Naam.Uitgang.Gids.G
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7372
                                                                                                                                                                                                Entropy (8bit):4.909894601165032
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:/iCx+nicrSC2WgvUZ8I/MbcGr74hjN8H7+UeT5xMWcZlFi6lCg6l+Rl2NIqpClH5:/OnVInvQ5kN74nK+febFi6Yg62I7bPFI
                                                                                                                                                                                                MD5:F16218139E027338A16C3199091D0600
                                                                                                                                                                                                SHA1:DA48140A4C033EEA217E97118F595394195A15D5
                                                                                                                                                                                                SHA-256:3AB9F7AACD38C4CDE814F86BC37EEC2B9DF8D0DDDB95FC1D09A5F5BCB11F0EEB
                                                                                                                                                                                                SHA-512:B2E99D70D1A7A2A1BFA2FFB61F3CA2D1B18591C4707E4C6C5EFB9BECDD205D646B3BAA0E8CBD28CE297D7830D3DFB8F737266C66E53A83BDBE58B117F8E3AE14
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Feliciano Mart.nez Tur.; 9.07 : Juan Pablo Mart.nez.;.;.;.;.;.;.;.;.;.0.7-Zip.Aragonese.Aragon.s.401.Acceptar.Cancelar....&S..&No.&Zarrar.Aduya..&Continar.440.S. a &tot.No a t&ot.Aturar.Tornar a empecipiar.Se&gundo plano.P&rimer plano.&Pausa.Aturau.Yes seguro que quiers cancelar?.500.&Fichero.&Editar.&Veyer.&Favoritos.&Ferramientas.Ad&uya.540.&Ubrir.Ubrir &adintro.Ubrir &difuera.&Veyer.&Editar.Re&nombrar.&Copiar en....&Mover ta....&Borrar.Di&vidir o fichero....C&ombinar os fichers....&Propiedatz.Comen&tario.Calcular a suma de comprebaci.n.Diff.Creyar carpeta.Creyar fichero.&Salir.600.Seleccionar-lo &tot.Deseleccionar-lo tot.&Invertir selecci.n.Seleccionar....Deseleccionar....Seleccionar por tipo.Deseleccionar por tipo.700.Iconos g&rans.&Iconos chicotz.&Lista.&Detalles.730.Desordenau.Anvista plana.&2 panels.&Barras de ferramientas.Ubrir a carpeta radiz.Carpeta mai.Historial de carpetas....&Esviellar.750.Barra de ferramientas d'archivo.Barras de ferr
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12299
                                                                                                                                                                                                Entropy (8bit):4.279828923149653
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Z/YybL3XSV+HYFBLRTRZgZCjWg6IvLDlaJQZmbghr0MhI05z:F3XIBLRMZCjWgfvLpGQZcghrvIC
                                                                                                                                                                                                MD5:5747381DC970306051432B18FB2236F2
                                                                                                                                                                                                SHA1:20C65850073308E498B63E5937AF68B2E21C66F3
                                                                                                                                                                                                SHA-256:85A26C7B59D6D9932F71518CCD03ECEEBA42043CB1707719B72BFC348C1C1D72
                                                                                                                                                                                                SHA-512:3306E15B2C9BB2751B626F6F726DE0BCAFDC41487BA11FABFCEF0A6A798572B29F2EE95384FF347B3B83B310444AAEEC23E12BB3DDD7567222A0DD275B0180FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 9.07 :............:... ..-.... ........; 9.07 : Awadh A Al-Ghaamdi.;.; 15.00 : 2016-08-28 : ..... ...... .......: ... .... .......; 15.00 : 2016-08-28 : Saif H Al-asadi (edited and corrected).; 20.00 : 2020-04-01 : Ammar Kurd (Edits and corrections).;.;.;.;.;.0.7-Zip.Arabic......401............ .........&....&...&................&........440.... ....... ................ .........&..........&.....&..... .......... ......... ... ..... .. .........500.&....&......&........&......&......&.......540.&....&.... .........&... .......&....&.........&.. ...........&.. .......&.. ....&....&..... ...........&. ..............&..........&..... .... ..........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4967
                                                                                                                                                                                                Entropy (8bit):5.026921958239907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:FlZTprnge/nJYeoPyWxx6aXaNpx4pRfOvFE5Z2k3z7DWdyy/kYZTsJ:FnZ/n2eoPlxxRqNpx4jfOvFE5Ykq/o
                                                                                                                                                                                                MD5:1CF6411FF9154A34AFB512901BA3EE02
                                                                                                                                                                                                SHA1:958F7FF322475F16CA44728349934BC2F7309423
                                                                                                                                                                                                SHA-256:F5F2174DAF36E65790C7F0E9A4496B12E14816DAD2EE5B1D48A52307076BE35F
                                                                                                                                                                                                SHA-512:B554C1AB165A6344982533CCEED316D7F73B5B94CE483B5DC6FB1F492C6B1914773027D31C35D60AB9408669520EA0785DC0D934D3B2EB4D78570FF7CCBFCF9C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Dinamiteru.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Asturian.Asturianu.401.Val.Torgar....&Si.&Non.&Zarrar.Axuda..&Siguir.440.Si a &Too.Non a T&oo.Parar.Reentamar.&De fondu.&En primer planu.&Posar.Posao..Tas fixu que quies paralo?.500.F&icheru.&Remanar.&Ver.F&avoritos.&Ferramientes.A&xuda.540.&Abrir.Abrir &Dientro.Abrir F&uera.&Ver.&Remanar.Reno&mar.&Copiar a....&Mover a....&Borrar.&Partir ficheru....Com&binar ficheros....P&ropiedaes.Come&ntariu...Crear carpeta.Crear ficheru.Co&lar.600.Seleicionar &Too.Deseleicionar too.&Invertir seleici.n.Seleicionar....Deseleicionar....Seleicionar por Tipu.Deseleicionar por Tipu.700.Miniatures &Grandes.&Miniatures Peque.es.&Llista.&Detalles.730.Ens.n Ordenar..&2 Paneles.&Barres de Ferramientes.Abrir Carpeta Raiz.Xubir Un Nivel.Hestorial de Carpetes....Actualiza&r.750.Barra Ferramientes d.Archivu.Barra Ferramientes Normal.Botones Grandes.Amosar Testu nos Botones.800.&A.edir carpeta a Favoritos como.Marca.900.&Opciones....&Bancu d
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9604
                                                                                                                                                                                                Entropy (8bit):5.370172151079095
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ze8r7alD8BavrdGWTTB6wSOzGYcf4j0GgbX8SvggPrPnt:6eAD8Born6pAGYcfvbXQgDPt
                                                                                                                                                                                                MD5:3C297FBE9B1ED5582BEABFC112B55523
                                                                                                                                                                                                SHA1:C605C20ACF399A90AC9937935B4DBDB64FAD9C9F
                                                                                                                                                                                                SHA-256:055EC86AED86ABBDBD52D8E99FEC6E868D073A6DF92C60225ADD16676994C314
                                                                                                                                                                                                SHA-512:417984A749471770157C44737EE76BFD3655EF855956BE797433DADC2A71E12359454CC817B5C31C6AF811067D658429A8706E15625BF4CA9F0DB7586F0AE183
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : F@rhad.; 15.02 : 2015-03-29 : .. ........; 23.01 : 2023-06-25 : Az.r.;.;.;.;.;.;.;.;.0.7-Zip.Azerbaijani.Az.rbaycanca.401.OLDU..mtina....&B.li.&Xeyr.&Ba.lamaq.K.m.k..&Davam.440.&Ham.s.na B.li.Ha&m.s.na Xeyr.Dayan.Yenid.n ba.lamaq.&Arxa planda..&nd..F&asil..Fasil.d..H.qiq.t.n .m.liyyat. dayand.rmaq ist.yirsiniz?.500.&Fayl.&D.z.li..&G.r.n...S&e.ilmi.l.r.&Vasit.l.r.&Aray...540.&A.maq.&Daxild. A.maq.B&ay.rda a.maq.&Bax...&D.z.li..Ye&nid.n Adland.rmaq.&N.sx.l.m.k....&K...rm.k....&Silm.k.Fayl. &B.lm.k....Fayllar. B&irl..dirm.k....X&.susiyy.tl.r...r&h....Yoxlama C.mi.M.qayis..Qovluq Yaratmaq.Fayl Yaratmaq..&.x....stinad.&.v.zedici Ax.nlar.600.&Ham.s.n. Se.m.k.Se.imin L..vi.&Se.imi .evirm.k.Se.m.k....Se.imin L..vi....N.v.n. G.r. Se.m.k.N.v.n. G.r. Se.imin L..vi.700.&B.y.k ..ar.l.r.K&i.ik ..ar.l.r.&Siyah..&C.dv.l.730..e.idsiz.M
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10837
                                                                                                                                                                                                Entropy (8bit):4.643195839265694
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:EG9NeKlSU9fV6kPtwusVom5DvB4UlBFXCsMu:EG9FlSU9fV6kPt+hvBPLFXCE
                                                                                                                                                                                                MD5:387FF78CF5F524FC44640F3025746145
                                                                                                                                                                                                SHA1:8480E549D00003DE262B54BC342AF66049C43D3B
                                                                                                                                                                                                SHA-256:8A85C3FCB5F81157490971EE4F5E6B9E4F80BE69A802EBED04E6724CE859713F
                                                                                                                                                                                                SHA-512:7851633EE62C00FA2C68F6F59220A836307E6DDE37EAE5E5DCA3CA254D167E305FE1EB342F93112032DADAFE9E9608C97036AC489761F7BDC776A98337152344
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20 : Haqmar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Bashkir...........401........... ......&....&...&..........&......440......... .. .&.....&...... .. ............... ......&..... ........&... .......&........ ............... .... ....... .. ...... ............?.500.&.......&.....&.........&...........&.......&........540.&.......&...... .......&..... .........&....&..............&...... ............&................&...........&............. &.............. ...&...............&.........&................ .....Diff.... ............ &.........&.......600.&....... .. ............&..... .... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11457
                                                                                                                                                                                                Entropy (8bit):4.3994562592493125
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:voiIwxssHdMMybRMIc++NBGC4ci/4f/iv1GBSHlzdRCU39ixod9t:voJ4s8SKs+NBDkA/m1GBSHlzdvMEX
                                                                                                                                                                                                MD5:B1DD654E9D8C8C1B001F7B3A15D7B5D3
                                                                                                                                                                                                SHA1:5A933AE8204163C90C00D97BA0C589F4D9F3F532
                                                                                                                                                                                                SHA-256:32071222AF04465A3D98BB30E253579AA4BECEAEB6B21AC7C15B25F46620BF30
                                                                                                                                                                                                SHA-512:0137900AEB21F53E4AF4027EA15EED7696ED0156577FE6194C2B2097F5FB9D201E7E9D52A51A26AE9A426F8137692154D80676F8705F335FED9AE7E0E1D0A10E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Kirill Gulyakevitch.; 9.07 : 2011-03-15 : Drive DRKA.;.;.;.;.;.;.;.;.;.0.7-Zip.Belarusian............401.OK...........&....&...&...................&...........440.... ... &....... ... .&....................&......&.. ....... .....&........ ........ ........ ....... .......... ........?.500.&.....&.......&.......&.........&......&........540.&............... &.................. .&..............&...............&........&......... .....&........... .....&...........&..... .........&.'...... ............&..........&................ .....Diff.&........ .........&..... ......&.....600......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17574
                                                                                                                                                                                                Entropy (8bit):4.148567429680087
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:MZ2tO2YSwozmsZ9mFL7AsbjftmxprJ4kgy0j7u4ybq:dCz7lbjaVgyCufq
                                                                                                                                                                                                MD5:2D0C8197D84A083EF904F8F5608AFE46
                                                                                                                                                                                                SHA1:5AE918D2BB3E9337538EF204342C5A1D690C7B02
                                                                                                                                                                                                SHA-256:62C6F410D011A109ABECB79CAA24D8AEB98B0046D329D611A4D07E66460EEF3F
                                                                                                                                                                                                SHA-512:3243D24BC9FDB59E1964E4BE353C10B6E9D4229EF903A5ACE9C0CB6E1689403173B11DB022CA2244C1EF0F568BE95F21915083A8C5B016F07752026D332878A4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : chavv.; : icobgr.; 4.65: Vassia Atanassova.; 23.01: Dimitar Mihaylov.;.;.;.;.;.;.;.0.7-Zip.Bulgarian...........401.OK..........&...&...&...................&.......440... .. &......... .. &.............. .......&..... ......&........ ......&........ .............. .. ....... .. ..........?.500.&.....&............&..........&.......&............&......540.&................. &.......... &......&..........&................&.........&........ ........&........ .......&.........&........ .. .........&.......... .. ...........&............&................. .. ......... ...................... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14633
                                                                                                                                                                                                Entropy (8bit):3.957046613501519
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:haD8h70Oi+7V+y+FJNgquLCnt/SD4mKYGn940nWXmJTQOdLrRMs:hKm5f7V+y+FJNgquIt/64tnSmJciLNMs
                                                                                                                                                                                                MD5:771C8B73A374CB30DF4DF682D9C40EDF
                                                                                                                                                                                                SHA1:46AA892C3553BDDC159A2C470BD317D1F7B8AF2A
                                                                                                                                                                                                SHA-256:3F55B2EC5033C39C159593C6F5ECE667B92F32938B38FCAF58B4B2A98176C1FC
                                                                                                                                                                                                SHA-512:8DCC9CC13322C4504EE49111E1F674809892900709290E58A4E219053B1F78747780E1266E1F4128C0C526C8C37B1A5D1A452EEFBA2890E3A5190EEBE30657BA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.46 : Team Oruddho (Fahad Mohammad Shaon, Mahmud Hassan).;.;.;.;.;.;.;.;.;.;.0.7-Zip.Bangla.......401.... .............&......&...&.... .............&...... ......440.&....... .... .......&...... .... ............ .....&.......& ......&............. .............. ..... .... ......?.500.&.....&.................&.&......&.......&.......540.&........ ....7-zip-. ........ .......... ........ ....&.........&............ .........&....... ...............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4953
                                                                                                                                                                                                Entropy (8bit):5.026642087390098
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:uyzeGsp9Qb9PzXHsRu2aPm68ZMvpZkul6Wg1AQQYBgJ0ZQBGBl6agPNH20qIvUkw:FzeGsbSu9y8WvpZR6W+AQQYG8LgFW01S
                                                                                                                                                                                                MD5:07504A4EDAB058C2F67C8BCB95C605DD
                                                                                                                                                                                                SHA1:3E2AE05865FB474F10B396BFEFD453C074F822FA
                                                                                                                                                                                                SHA-256:432BDB3EAA9953B084EE14EEE8FE0ABBC1B384CBDD984CCF35F0415D45AABBA8
                                                                                                                                                                                                SHA-512:B3F54D695C2A12E97C93AF4DF09CE1800B49E40302BEC7071A151F13866EDFDFAFC56F70DE07686650A46A8664608D8D3EA38C2939F2F1630CE0BF968D669CCC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : KAD-Korvigello. An Drouizig.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Breton.Brezhoneg.401.Mat eo.Nulla.....&Ya.&Ket.&Serri..Skoazell..&Kenderc'hel.440.Ya be&pred.Ket &bepred.Paouez.Adloc'ha..&Drekleur.&Rakleur.&Ehan.Ehanet.Ha fellout a ra deoc'h nulla. ?.500.&Restr.&Aoza..&Gwelout.Di&babo..&Ostilho..&Skoazell.540.&Digeri..Digeri. a-zia&barzh.Digeri. a-zia&vaez.&Gwelout.&Aoza..Adenv&el.&Kopia. diwar....&Dilec'hia. diwar....D&ilemel.&Troc'ha. restr....&Kendeuzi. restro.....P&erzhio..Evezhia&denn...Sevel un teul.Sevel ur restr.&Kuitaat.600.Diuz pep &tra.Diziuz pe tra.Lakaat an &diuzad war an tu gin.Diuz....Diziuz....Diuz diouzh ar rizh.Diziuz diouzh ar rizh.700.Arlunio. &bras.Arlunio. &bihan.&Roll.&Munudo..730.Dirummet..&2 brenestr.&Barrenno. ostilho..Digeri. an teul gwrizienn.Teul kerent.Roll istor an teul....Fresk&aat.750.Barrenn ziell.Barrenn skouerek.Meudellio. bras.Diskouez an destenn.800.&Ouzhpenna. ar c'havlec'h d'ar sinedo..Sined.900.&Di
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8803
                                                                                                                                                                                                Entropy (8bit):4.986977159662758
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3nw9pDahG/twoHcW5W3PpCPa5zRHKDBZ0EeKIl3d10aeKY8FDiM:yDGG/twoHJ5Wf9i0EpTAiM
                                                                                                                                                                                                MD5:264FB4B86BCFB77DE221E063BEEBD832
                                                                                                                                                                                                SHA1:A2EB0A43EA4002C2D8B5817A207EB24296336A20
                                                                                                                                                                                                SHA-256:07B5C0AC13D62882BF59DB528168B6F0FFDF921D5442FAE46319E84C90BE3203
                                                                                                                                                                                                SHA-512:8D1A73E902C50FD390B9372483EBD2EC58D588BACF0A3B8C8B9474657C67705B6A284BB16BBA4326D314C7A3CC11CAF320DA38D5ACB42E685ED2F8A8B6F411F4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Josep Casals, Marc Folch.;.17.01.: Benet..BennyBeat..R..i.Camps.;.;.;.;.;.;.;.;.;.0.7-Zip.Catalan.Catal..401.D'acord.Cancel.la....&S..&No.Tan&ca.Ajuda..&Continua.440.S. a &tot.No a t&ot.Atura.Re&inicia.Rere&fons.Prim&er pla.&Pausa.Pausat.Segur que voleu cancel.lar?.500.&Fitxer.&Edita.&Visualitza.&Preferits.E&ines.Aj&uda.540.&Obre.Obre d&ins.Obre &fora.&Visualitza.&Edita.Reanom&ena.&Copia a....&Mou a....&Suprimeix.&Divideix el fitxer....Com&bina el fitxer....P&ropietats.Come&ntari.Calcula la suma de verificaci..Compara.Crea una carpeta.Crea un fitxer.S&urt.Enlla&..Flux &alternatiu.600.Seleccion&a-ho tot.No seleccionis res.&Inverteix la selecci..Selecciona....Desselecciona....Selecciona per tipus.Desselecciona per tipus.700.Icones g&rans.Icones petites.&Llista.&Detalls.730.No ordenat.Vista plana.&2 Panells.&Barres d'eines.Obre la carpeta arrel.Carpeta pare.Historial de carpetes....&Actualitza.Actualitza autom.ticament.750.Barra d'eines afege
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11444
                                                                                                                                                                                                Entropy (8bit):4.995289206779897
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:arUs6wOYcVCr1oX7A18zsuX/Y0Nf+6X5gOiAKNWw9BfpN5uc7Fd5:arWwzTr1oM1fuPJNf+26ORwAYH
                                                                                                                                                                                                MD5:DE64842F09051E3AF6792930A0456B16
                                                                                                                                                                                                SHA1:498B92A35F2A14101183EBE8A22C381610794465
                                                                                                                                                                                                SHA-256:DCFB95B47A4435EB7504B804DA47302D8A62BBE450DADF1A34BAEA51C7F60C77
                                                                                                                                                                                                SHA-512:5DABEED739A753FD20807400DFC84F7BF1EB544704660A74AFCF4E0205B7C71F1DDCF9F79AC2F7B63579735A38E224685B0125C49568CBDE2D9D6ADD4C7D0ED8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-04-06 : Patriccollu di Santa Maria . Sich. (Latest Update).; 22.00 : 2022-06-21 : Patriccollu di Santa Maria . Sich. (Update).; 15.00 : 2015-04-26 : Patriccollu di Santa Maria . Sich. (Update).; 9.20 : 2010-12-12 : Patriccollu di Santa Maria . Sich. (Creation).;.;.;.;.;.;.;.0.7-Zip.Corsican.Corsu.401.Vai.Abbandun.....&S..&N..&Chjode.Aiutu..&Cuntinu..440.S. per &tutti.N. per t&utti.Piant..Rilanci..Tacca di &fondu.&Primu pianu.&Pausa.In pausa.Vulete veramente annull..?.500.&Schedariu.&Mudific..&Affiss..&Favuriti.A&ttrezzi.Ai&utu.540.&Apre.Apre in &7-Zip.Apre in l.espluratore Windows.&Fighj. (esad.).&Mudific..&Rinumin..&Cupi. versu..&Dispiazz. versu..S&quass..&Sparte u schedariu..&Unisce i schedarii..&Prupriet..Cumme&ntu..Calcul. a somma di cuntrollu.Paragun. e sfarenze (Diff).Cre. un cartulare.Cre. un schedariu.&Esce.Liame.Flussi a&lternativi.600.&Tuttu selezziun...n selezziun. &nunda.&Arritrus. a selezzi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9597
                                                                                                                                                                                                Entropy (8bit):5.372211824470281
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:iqJoMyxE8vGIrd+ic1OT1o+SXhbStCBJjSvcQKiw:iEXYBeIrQiEOT1o+SXotsJjmK7
                                                                                                                                                                                                MD5:DBDCFC996677513EA17C583511A5323B
                                                                                                                                                                                                SHA1:D655664BC98389ED916BED719203F286BAB79D3C
                                                                                                                                                                                                SHA-256:A6E329F37ACA346EF64F2C08CC36568D5383D5B325C0CAF758857ED3FF3953F2
                                                                                                                                                                                                SHA-512:DF495A8E8D50D7EC24ABB55CE66B7E9B8118AF63DB3EB2153A321792D809F7559E41DE3A9C16800347623AB10292AAC2E1761B716CB5080E99A5C8726F7CC113
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!..; 4.30 : Milan Hrub...; 4.33 : Michal Molhanec..; 9.07 : Ji.. Mal.k..; 15.00 : Kry.tof .ern...; 23.01 : 2023-06-20 : Patrik (Pa4k) .pa.o..;..;..;..;..;..;..;..0..7-Zip..Czech...e.tina..401..OK..Storno........&Ano..&Ne..Zav..&t..N.pov.da....Po&kra.ovat..440..Ano na &v.echno..N&e na v.echno..Zastavit..Spustit znovu..&Pozad...P&op.ed...Po&zastavit..Pozastaveno..Jste si jist., .e to chcete stornovat?..500..&Soubor...pr&avy..&Zobrazen...&Obl.ben...&N.stroje..N.po&v.da..540..&Otev..t..Otev..t u&vnit...Otev..t &mimo..&Zobrazit..&Upravit..&P.ejmenovat..Kop.rovat &do.....P.&esunout do.....Vymaza&t..&Rozd.lit soubor.....&Slou.it soubory.....Vlast&nosti..Pozn.mk&a..Vypo..tat kontroln. sou.et..Porovnat soubory..Vytvo.it slo.ku..Vytvo.it soubor..&Konec..Odk.zat..&Alternativn. toky..600..Vybrat &v.e..Zru.it v.b.r v.e..&Invertovat v.b.r..Vybrat.....Zru.it v.b.r.....Vybrat podle typu..Zru.it v.b.r podle typu..700.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4812
                                                                                                                                                                                                Entropy (8bit):5.061169016847165
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:8VTu+i2nCrWTXAwQGjC6IF5/uNXlziug14+UFxmeeqYgzf7Edm+8VR:8VTTCqTRC6Iv/uzg14+UFxJYgzTR
                                                                                                                                                                                                MD5:6BDF25354B531370754506223B146600
                                                                                                                                                                                                SHA1:C2487C59EEEAA5C0BDB19D826FB1E926D691358E
                                                                                                                                                                                                SHA-256:470EAF5E67F5EAD5B8C3ECC1B5B21B29D16C73591EB0047B681660346E25B3FB
                                                                                                                                                                                                SHA-512:C357B07C176175CC36A85C42D91B0CADA79DBFB584BDF57F22A6CB11898F88AECF4392037D5CEA3E1BC02DF7493BB27B9509226F810F1875105BBC33C6AE3F20
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Owain Lewis.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Welsh.Cymraeg.401.Iawn.Canslo....&Iawn.&Na.&Cau.Cymorth..P&arhau.440.Iawn i'r &Cwbwl.Na i'r C&wbwl.Stopio.Ailgychwyn.&Cefndir.&Blaendir.&Pwyllo.Pwyllo.Ydych chi am canslo?.500.&Ffeil.&Golygu.Gwe&ld.Ff&efrynnau.&Offer.&Cymorth.540.&Agor.Agor tu &Mewn.Agor tu &Fas.Gwe&ld.&Golygu.A&ilenwi.&Cop.o i....&Symud i....&Dileu.&Hollti ffeil....Cy&funo ffeilau....&Priodweddau.Syl&wad.Cyfrifo swm-gwirio..Creu Ffolder.Creu Ffeil.Alla&n.600.Dewis y C&yfan.Dad-ddewis y Cyfan.Gwrt&hdroi'r Dewis.Dewis....Dad-ddewis....Dewis trwy Math.Dad-ddewis trwy Math.700.Eiconau &Mawr.Eiconau &Bach.&Rhestr.Ma&nylion.730.Dad-dosbarthu.Golwg Flat.&2 Paneli.Bariau &Offer.Agor Ffolder Gwraidd.Lan Un Lefel.Hanes Ffolderi....&Adnewyddu.750.Bar Offer Archif.Bar Offer Arferol.Botwmau Fawr.Dangos Testun Botwmau.800.&Ychwanegu ffolder i Ffefrynnau fel.Llyfrnod.900.&Dewisiadau....&Meincnod.960.&Cynnwys....&Manylion 7-Zip....1003.Llwybr.Enw.Estyniad.Ffolder.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7870
                                                                                                                                                                                                Entropy (8bit):5.005099076386227
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3vn3kbZyZSXQVPLCXiG8gYnJYZDAHZE9xM7T9kur4Yc6Fw9KHl:3v3tSAVPG8gYnJYZk+g7T9kur4PUwG
                                                                                                                                                                                                MD5:C397E8AC4B966E1476ADBCE006BB49E4
                                                                                                                                                                                                SHA1:3E473E3BC11BD828A1E60225273D47C8121F3F2C
                                                                                                                                                                                                SHA-256:5CCD481367F7D8C544DE6177187AFF53F1143AE451AE755CE9ED9B52C5F5D478
                                                                                                                                                                                                SHA-512:CBBECE415D16B9984C82BD8FA4C03DBD1FEC58ED04E9EF0A860B74D451D03D1C7E07B23B3E652374A3B9128A7987414074C2A281087F24A77873CC45EC5AADD2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; : Jakob Schmidt.; 9.07 : Kian Andersen, J.rgen Rasmussen.; 15.00 : 2016-11-25 : scootergrisen.;.;.;.;.;.;.;.;.0.7-Zip.Danish.Dansk.401.OK.Annuller....&Ja.&Nej.&Luk.Hj.lp..&Forts.t.440.Ja til &alle.Nej til a&lle.Stop.Genstart.&Baggrund.&Forgrund.&Pause.Sat p. pause.Er du sikker p., at du vil annullere?.500.&Filer.R&ediger.&Vis.F&avoritter.Funk&tioner.&Hj.lp.540.&.bn..bn &inden i..bn &uden for.&Vis.&Rediger.O&md.b.&Kopier til....&Flyt til....S&let.&Opdel fil....Kom&biner filer....&Egenskaber.Komme&ntar....Udregn checksum.Sammenlign.Opret mappe.Opret fil.&Afslut.Opret/rediger henvisning.&Alternative str.mme.600.V.lg &alle.Frav.lg alle.&Omvendt markering.V.lg....Frav.lg....V.lg efter type.Frav.lg efter type.700.Sto&re ikoner.S&m. ikoner.&Liste.&Detaljer.730.Usorteret.Flad visning.&2 paneler.&V.rkt.jslinjer..bn rodmappe.Et niveau op.Mappehistorik....&Opdater.Opdater automatisk.750.Arkivlinje.Standardlinje.Store knapper.Vis knappernes tekst.800.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10040
                                                                                                                                                                                                Entropy (8bit):5.05587204070323
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:AOIdBgDuDCfSGltxkRtDgfglyLCoMUGfZsDZIXl7OuKtgAZOKY3gTFFGFe6muWxW:/GgD9Si+bDgfgly4vZ3l7OuKOTgbGFkg
                                                                                                                                                                                                MD5:1E30A705DA680AAECEAEC26DCF2981DE
                                                                                                                                                                                                SHA1:965C8ED225FB3A914F63164E0DF2D5A24255C3D0
                                                                                                                                                                                                SHA-256:895F76BFA4B1165E4C5A11BDAB70A774E7D05D4BBDAEC0230F29DCC85D5D3563
                                                                                                                                                                                                SHA-512:FF96E6578A1EE38DB309E72A33F5DE7960EDCC260CA1F5D899A822C78595CC761FEDBDCDD10050378C02D8A36718D76C18C6796498E2574501011F9D988DA701
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : Soeren Finster.; 4.07 : JAK-Software.DE.; 9.07 : Joachim Henke.; 23.01 : Ren. Gennes.; 24.04 : Sandro Giallella.;.;.;.;.;.;.0.7-Zip.German.Deutsch.401.OK.Abbrechen....&Ja.&Nein.&Schlie.en.Hilfe..&Fortsetzen.440.Ja f.r &alle.Nein f.r a&lle.Stopp.Neustart.&Hintergrund.&Vordergrund.&Pause.Pause.M.chten Sie wirklich abbrechen?.500.&Datei.&Bearbeiten.&Ansicht.&Favoriten.&Extras.&Hilfe.540..&ffnen.I&ntern .ffnen.E&xtern .ffnen.&Ansehen.&Bearbeiten.&Umbenennen.&Kopieren nach....&Verschieben nach....&L.schen.Datei auf&splitten....Dateien &zusammenf.gen....E&igenschaften.K&ommentieren.&Pr.fsumme berechnen.Ver&gleichen.Ordner erstellen.Datei erstellen.Be&enden.Verkn.pfung....&Alternative Datenstr.me.600.Alles &markieren.Alles abw.hlen.Markierung &umkehren.Ausw.hlen....Auswahl aufheben....Nach Typ ausw.hlen.Nach Typ abw.hlen.700.&Gro.e Symbole.&Kleine Symbole.&Liste.&Details.730.Unsortiert.Alles in einer &Ebene.&Zweigeteiltes Fenster.&Symbolleiste
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18214
                                                                                                                                                                                                Entropy (8bit):4.4284329818199835
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WkmihmxWquSsgldTiXtY5FxrbM/7uo6txGZ+r6GjuXxQlzHd:tmlwyidYnxrU7u/xk+r6GjuXxQdHd
                                                                                                                                                                                                MD5:5894A446DF1321FBDDA52A11FF402295
                                                                                                                                                                                                SHA1:A08BF21D20F8EC0FC305C87C71E2C94B98A075A4
                                                                                                                                                                                                SHA-256:2DD2130F94D31262B12680C080C96B38AD55C1007F9E610EC8473D4BB13D2908
                                                                                                                                                                                                SHA-512:0A2C3D24E7E9ADD3CA583C09A63BA130D0088ED36947B9F7B02BB48BE4D30EF8DC6B8D788535A941F74A7992566B969ADF3BD729665E61BFE22B67075766F8DE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Vasileios Karakoidas, Jacaranda Bill, Vasilis Kosmidis.; 9.07 : SkyHi [HDManiacs Team].; 15.00 : 2015-05-07: Pete D.; 24.04 : 2024-04-05: John Stamatakis.;.;.;.;.;.;.;.0.7-Zip.Greek..........401.OK..........&.....&...&..................&.........440.... .. &....... .. .&...&...................... &.............. &..........&................... ........ ... ...... .. .........;.500.&.......&.............&..........&...........&.....&........540...&............. ... &.... ................ .. &... ..........&..........&...........&..............&.............&................&...&.......... ...........&........ ...........&......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4848
                                                                                                                                                                                                Entropy (8bit):5.0398900363287105
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:lcIh395xVDLRNvtj7ZjuJowdlKoF+M/LMtYUQs0xM3Hj8bH8fC:eg3Px9zt+d5ohGs0sHj88C
                                                                                                                                                                                                MD5:29CAAD3B73F6557F0306F4F6C6338235
                                                                                                                                                                                                SHA1:D4B3147F23C75DE84287AD501E7403E0FCE69921
                                                                                                                                                                                                SHA-256:A6EF5A5A1E28D406FD78079D9CACF819B047A296ADC7083D34F2BFB3D071E5AF
                                                                                                                                                                                                SHA-512:77618995D9CF90603C5D4AD60262832D8AD64C91A5E6944EFD447A5CC082A381666D986BB294D7982C8721B0113F867B86490CA11BB3D46980132C9E4DF1BD92
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Dmitri Gabinski.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Esperanto.Esperanto.401.B&one.Nuligu....&Jes.&Ne.&Fermu.Helpo..&Da.rigu.440.Jes por .&iuj.Ne por .i&uj.&Haltu.Restartigu.&Fono.&Malfono.&Pa.zo.Pa.zita..u vi vere volas nuligi?.500.&Dosiero.&Redakto.&Vido.&Favoritaj.&Agordoj.&Helpo.540.&Malfermu.Malfermu &ene.Malfermu ek&stere.&Vidigu.&Redaktu..&an.u nomon.&Kopiu en....M&ovu en....&Forigu.&Erigu dosierojn....Komb&inu dosierojn....A&tributoj.Ko&mentu.Kalkulu kontrolsumon..Kreu &dosierujon.Kre&u dos&ieron.E&liru.600.M&arku .iun.Ma&lmarku .iun.&Inversigu markon.Marku....Malmarku....Marku la. tipo.Malmarku la. tipo.700.&Grandaj bildetoj.&Malgrandaj bildetoj.&Listo.&Detale.730.&Neordigite.Ununivela vido.&2 paneloj.&Ilobretoj.Malfermu radikan dosierujon.Supren je unu nivelo.Dosierujhistorio.....&isdatigu.750.Ar.ivo-ilobreto.Norma ilobreto.Grandaj bildetoj.Montru butontekston.800.&Aldonu dosierujon al favorataj kiel.Legosigno.900.&Agordoj....&Etalono.960.&E
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10597
                                                                                                                                                                                                Entropy (8bit):4.894357872419177
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:5JD5oUEhpto75qEisSDlmED/UJ8Wn3bFEmL4FHjwjdBZ2QvcGFpo2ZI3v:5JtvEzG75qcSDlmcDw+EJBZFchFv
                                                                                                                                                                                                MD5:ED230F9F52EF20A79C4BED8A9FEFDF21
                                                                                                                                                                                                SHA1:EC0153260B58438AD17FAF1A506B22AD0FEC1BDC
                                                                                                                                                                                                SHA-256:7199B362F43E9DCA2049C0EEB8B1BB443488CA87E12D7DDA0F717B2ADBDB7F95
                                                                                                                                                                                                SHA-512:32F0E954235420A535291CF58B823BAACF4A84723231A8636C093061A8C64FCD0952C414FC5BC7080FD8E93F050505D308E834FEA44B8AB84802D8449F076BC9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Pablo Rodriguez.; : Jbc25.; : 2007-09-05 : Guillermo Gabrielli.; 9.07 : 2010-06-10 : Purgossu.; 2010-10-23 : Sergi Medina (corrected).; 18.00 : 2018-01-10 : Agust.n Bou (updated).; 22.00 : 2023-05-13 : To.o Calo (updated and minor fixes).; 24.04 : 2024-04-25 : MELERIX (updated and various fixes).;.;.;.0.7-Zip.Spanish.Espa.ol.401.Aceptar.Cancelar....&S..&No.&Cerrar.Ayuda..&Continuar.440.S. a &todo.No a t&odo.Detener.Reiniciar.&Segundo plano.&Primer plano.&Pausar.Pausado..Est.s seguro de querer cancelar?.500.&Archivo.&Editar.&Ver.F&avoritos.&Herramientas.&Ayuda.540.&Abrir.Abrir &dentro.Abrir f&uera.&Ver.&Editar.Reno&mbrar.&Copiar a....&Mover a....&Borrar.&Dividir archivo....Com&binar archivos....P&ropiedades.Come&ntario.Calcular suma de verificaci.n.Diferencia.Crear carpeta.Crear archivo.S&alir.Enlazar.Flujos &alternativos.600.Seleccionar &todo.Deseleccionar todo.&Invertir selecci.n.Seleccionar....Desel
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6667
                                                                                                                                                                                                Entropy (8bit):4.975280640991647
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:P2ecDQC5HNYvLSjKJCNdnziL1xWKvjgeNH:uecb82ICNFWL1xWKvseNH
                                                                                                                                                                                                MD5:D6A50C4139D0973776FC294EE775C2AC
                                                                                                                                                                                                SHA1:1881D68AE10D7EB53291B80BD527A856304078A0
                                                                                                                                                                                                SHA-256:6B2718882BB47E905F1FDD7B75ECE5CC233904203C1407C6F0DCDC5E08E276DA
                                                                                                                                                                                                SHA-512:0FD14B4FD9B613D04EF8747DCD6A47F6F7777AC35C847387C0EA4B217F198AA8AC54EA1698419D4122B808F852E9110D1780EDCB61A4057C1E2774AA5382E727
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.09 : Kaupo Suviste.; 9.07 : Mihkel T.nnov.;.;.;.;.;.;.;.;.;.0.7-Zip.Estonian.eesti keel.401.OK.Loobu....&Jah.&Ei.&Sulge.Abi..&J.tka.440.K.igile j&ah.K.igile e&i.Seiska.Restardi.&Taustal.&Esiplaanile.&Paus.Pausiks peatatud.Kas soovite kindlasti loobuda?.500.&Fail.&Redigeeri.&Vaade.&Lemmikud.&T..riistad.&Abi.540.&Ava.Ava s&ees.Ava v.ljasp&ool.Vaat&ur.&Redigeeri.&Nimeta .mber.&Kopeeri asukohta....&Teisalda asukohta....Ku&stuta.T.kel&da fail.....&henda failid....Atri&buudid.Ko&mmentaar....Arvuta kontrollsumma.V.rdle.Loo kaust.Loo fail.&V.lju.600.V&ali k.ik.T.hista k.ik valikud.&P..ra valik.Vali....T.hista valik....Vali t..bi j.rgi.T.hista t..bi j.rgi valik.700.&Suured ikoonid.V.ik&esed ikoonid.&Loend..ksikasja&d.730.Sortimata.Lame vaade.&Kaks paani.&T..riistaribad.Ava juurkaust.Taseme v.rra .les.Kaustaajalugu....&V.rskenda.750.Arhiiviriistariba.Standardnupuriba.Suured nupud.Kuva nupusildid.800.&Lisa kaust lemmikute hulka j.rjehoidj
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8399
                                                                                                                                                                                                Entropy (8bit):4.743579226754701
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ChNzKhWj2NvAG/UkpyRFJHbskP/jZKMOdp6EAEPW:ChNXj2uG/Ukpe/DEMOdp6Em
                                                                                                                                                                                                MD5:C90CD9F1E3D05B80ABA527EB765CBF13
                                                                                                                                                                                                SHA1:66D1E1B250E2288F1E81322EDC3A272FC4D0FFFC
                                                                                                                                                                                                SHA-256:A1C9D46B0639878951538F531BBA69AEDDD61E6AD5229E3BF9C458196851C7D8
                                                                                                                                                                                                SHA-512:439375D01799DA3500DFA48C54EB46F7B971A299DFEBFF31492F39887D53ED83DF284EF196EB8BC07D99D0EC92BE08A1BF1A7DBF0CE9823C85449CC6F948F24C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.12 : 2015-12-04 : Xabier Aramendi.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Basque.Euskara.401.&Ongi.E&zeztatu....&Bai.&Ez.It&xi.&Laguntza..&Jarraitu.440.Bai &Guztiari.Ez G&uztiari.Gelditu.Berrabiarazi.Ba&rrenean.&Gainean.&Pausatu.Pausatuta.Zihur zaude ezeztatzea nahi duzula?.500.&Agiria.&Editatu.&Ikusi.&Gogokoenak.&Tresnak.&Laguntza.540.&Ireki.Ireki &Barnean.Ireki &Kanpoan.Ik&usi.&Editatu.Berrize&ndatu.Kopiatu &Hona....&Mugitu Hona....E&zabatu.Banan&du agiria....Nahas&tu agiriak....Ezau&garriak.&Aipamena....Ka&lkulatu egiaztapen-batura.Ezber.Sortu Agiritegia.S&ortu Agiria.I&rten.Lotura.&Aldikatu Jarioak.600.Hautatu &Guztiak.Deshatutau G&uztiak.&Alderantzizkatu Hautapena.&Hautatu....&Deshautatu....Hautatu &Motaz.Deshautatu M&otaz.700.Ikur &Handiak.Ikur Txi&kiak.&Zerrenda.&Xehetasunak.730.Ant&olatugabe.Ik&uspegi Laua.&2 Panel.&Tresnabarrak.Ireki &Erro Agiritegia.Maila Bat &Gora.Agiritegi &Historia....&Berritu.Be&rez Berritu.750.Artxibo Tresnabarra.Tresnabarra Estandarra.Boto
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7317
                                                                                                                                                                                                Entropy (8bit):4.9782970287172175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:OpSxVzpOmch2EFMaoK1ibQuXgmDjExNxI/kudt+0/aqppl6jiapd9jpp:P5OtMEFMRDHMuKeaqpAic
                                                                                                                                                                                                MD5:459B9C72A423304FFBC7901F81588337
                                                                                                                                                                                                SHA1:0BA0A0D9668C53F0184C99E9580B90FF308D79BE
                                                                                                                                                                                                SHA-256:8075FD31B4EBB54603F69ABB59D383DCEF2F5B66A9F63BB9554027FD2949671C
                                                                                                                                                                                                SHA-512:033CED457609563E0F98C66493F665B557DDD26FAB9A603E9DE97978D9F28465C5AC09E96F5F8E0ECD502D73DF29305A7E2B8A0AD4EE50777A75D6AB8D996D7F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Miguel Angel.; 9.07 : Purgossu.;.;.;.;.;.;.;.;.;.0.7-Zip.Extremaduran.Estreme.u.401.Acetal.Cancelal....&S..&Nu.&Fechal.Ayua..A&continal.440.S. &a t..Nu a &t..Paral.Reinicial.Se&gundu pranu.&Primel pranu.&Paral.Parau.De siguru que quieri cancelal la operaci.n?.500.&Archivu.&Eital.&Vel.A&tihus.&Herramientas.A&yua.540.&Abril.Abril &dentru.Abril &huera.&Vel.&Eital.Renom&bral.&Copial a....&Movel pa....&Eliminal.De&sapartal ficheru....Com&binal ficherus....P&ropieais.Come&ntariu.Calculal suma e verificaci.n.Diff.Creal diret.riu.Creal ficheru.&Salil.600.Selecional &t..Deselecional t..&Invertil seleci.n.Selecional....Deselecional....Selecional pol tipu.Deselecional pol tipu.700.Iconus g&randis.Iconus caquerus.&Listau.&Detallis.730.Nu soportau.Vista prana.&2 panelis.Barra e herramien&tas.Abril diret.riu ra..Subil un nivel.Estorial de diret.rius....&Atualizal.750.Barra e herramientas 'archivu'.Barra e herramientas est.ndal.Botonis grandis.Muestral te
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13282
                                                                                                                                                                                                Entropy (8bit):4.417819769318221
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WDvyYrnbU6Eyx9Vx8f1gJNOaSgIPukCC3NaxktY7:WD9px8f1gJss2CCsxkK7
                                                                                                                                                                                                MD5:741E0235C771E803C1B2A0B0549EAC9D
                                                                                                                                                                                                SHA1:7839AE307E2690721AD11143E076C77D3B699A3C
                                                                                                                                                                                                SHA-256:657F2ACEB60D557F907603568B0096F9D94143FF5A624262BBFEB019D45D06D7
                                                                                                                                                                                                SHA-512:F8662732464FA6A20F35EDCCE066048A6BA6811F5E56E9CA3D9AA0D198FC9517642B4F659A46D8CB8C87E890ADC055433FA71380FB50189BC103D7FBB87E0BE5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Edris Naderan.; 4.53 : Mehdi Farhadi.; 9.22 : Hessam Mohamadi.; 22.00: Mohammad Ali Sohrabi.;.;.;.;.;.;.;.0.7-Zip.Farsi.......401.................&.&.......................440.... ... ...... ... ................... ......... .................... ........ ...... .. ... ........500..................................................540................ .. ............ .. ............................... ............ ............... ............... .............................. ..... ...... ......... ........ .......... ..........&........&......... ........600....... ....... ....... ......... .... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8517
                                                                                                                                                                                                Entropy (8bit):4.822359737427984
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:2dUdnzkcjnQjB54SpQzLFA2WFYicDA1MiV2ehLHq2MQvQM03jgoBHpbYqMeMioHQ:cUtkcjnsZARHicM32UhMeWcoZpcYMivv
                                                                                                                                                                                                MD5:A04B6A55F112679C7004226B6298F885
                                                                                                                                                                                                SHA1:06C2377AC6A288FE9EDD42DF0C52F63DCE968312
                                                                                                                                                                                                SHA-256:12CC4A2CEF76045E07DAFC7AEC7CF6F16A646C0BB80873EC89A5AE0B4844443B
                                                                                                                                                                                                SHA-512:88C7ED08B35558D6D2CD8713B5D045FBA366010B8C7A4A7E315C0073CD510D3DA41B0438F277D2E0E9043B6FCB87E8417EB5698AB18B3C3D24BE7FF64B038E38
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.08 : Ari Ryynanen.; 4.30 : Jarko P..; 4.42 : Juhani Valtasalmi.; 9.35 : T.Sakkara.; 15.05 : 2015-08-07 : Lauri Kentt..; 19.00 : 2020-12-28 : Sampo Hippel.inen.;.;.;.;.;.0.7-Zip.Finnish.Suomi.401.OK.Peruuta....&Kyll..&Ei.&Sulje.Ohje..&Jatka.440.Kyll. k&aikkiin.E&i kaikkiin.Pys.yt..Aloita uudelleen.&Tausta.&Edusta.&Tauko.Tauolla.Peruutetaanko toiminto?.500.&Tiedosto.&Muokkaa.&N.yt..&Suosikit.Ty.&kalut.&Ohje.540.&Avaa.Avaa s&is.isesti.Avaa ulkoisesti.&N.yt..&Muokkaa.Nime. &uudelleen.&Kopioi....&Siirr.....&Poista.&Jaa osiin....&Yhdist. tiedostoja....&Ominaisuudet.Komme&nttti....Laske tarkiste.Ero.Luo kansio.Luo tiedosto.&Lopeta.Linkit..Vaihtoehtoiset virrat.600.V&alitse kaikki.Poista &valinnat.&K..nteinen valinta.Valitse....Poista valinta....Valitse tyypeitt.in.Poista valinta tyypeitt.in.700.Suu&ret kuvakkeet.&Pienet kuvakkeet.&Luettelo.&Tiedot.730.Alkuper.inen j.rjestys.Tasainen n.kym..&Kaksi paneelia.&Ty.kalupalkit.Avaa p..kansio.Yks
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10868
                                                                                                                                                                                                Entropy (8bit):4.914669990065981
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Uk/px4B42mykLxrIppKQoYEgHVxX39tJzo2NXIWdE4hNvuaVkP51EUt:L/462mykLxkpp3odgHVxdtd5da4nvuSy
                                                                                                                                                                                                MD5:A49801879184C9200B408375FC4408D7
                                                                                                                                                                                                SHA1:763231BD9B883692C0E5127207CBFC6A2A29BC7D
                                                                                                                                                                                                SHA-256:397A3AF716EB7F0084F3AA04AD36EAB82AAB881589A359E7D6D4BE673E1789A8
                                                                                                                                                                                                SHA-512:F408203907594AFA116A2003D0B65D77C9BCA47663F7F6B26E9158B91DAD40569E92851BF788A39105298561F854264A8DC57611637745E04E68585B837702F2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Nicolas Sierro.; 9.07 : Philippe Berthault.; 15.14 : Sylvain St-Amand (SSTSylvain).; 22.00 : 2022-06-09 : Lolo S..; 23.01 : 2023-12-20 : Denis G (Need74).; 24.04 : 2024-04-29 : Lolo S..;.;.;.;.;.0.7-Zip.French.Fran.ais.401.OK.Annuler....&Oui.&Non.&Fermer.Aide..&Continuer.440.Oui pour &tous.Non pour t&ous.Arr.ter.Red.marrer.&Arri.re-plan.P&remier plan.&Pause.En pause..tes-vous sur de vouloir annuler ?.500.&Fichier.&.dition.Affic&hage.Fa&voris.&Outils.&Aide.540.&Ouvrir.Ouvrir dans le gestionnaire &7-Zip.Ouvrir dans l'Explorateur Windows.&Voir (hexa).&.dition.Reno&mmer.&Copier vers....&D.placer vers....S&upprimer.Diviser le &fichier....&Fusionner les fichiers....P&ropri.t.s.Comme&ntaire....Somme de contr.le.Comparaison des diff.rences (Diff).Cr.er un dossier.Cr.er un fichier.&Quitter.Connexion.Flux &alternatif.600.S.lectionner &tout.D.s.lectionner to&ut.&Inverser la s.lection.S.lectionner....D.s.lectionner....S.lectionner par type.D.s.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7113
                                                                                                                                                                                                Entropy (8bit):4.969992127036655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:M7Bz8oq24hcsQzhPDu1FnweRCV2RnnfI9Mw2yzryIclVXPWMcg:M7Bz7wcse7uvFFnQMw2yzryIgXP3cg
                                                                                                                                                                                                MD5:06B08FE12C0F075D317CF9A2A1DD96BC
                                                                                                                                                                                                SHA1:0062BA87B9207536B9088E94505D765268069F63
                                                                                                                                                                                                SHA-256:6BA88938C468E7217BD300B607D7A730530E63D1F97562604EC0BB00D66A06C9
                                                                                                                                                                                                SHA-512:9F9FB1C045D92C1F8035D547554457E3466AE861A04F1CD3F57965E4A92F0FC433B2A7B3E9E1E71588E97F8C73D5914A750DEDED5D3056E327D7EFE19A220198
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.60 : Andrea Decorte (Klenje) : secont l'ortografie ufici.l de Provincie di Udin.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Friulian.Furlan.401.Va ben.Scancele....&S..&No.&Siare.&Jutori..&Continue.440.S. &a ducj.No a &ducj.Ferme.Torne a invi..&Sfont.P&rin plan.&Pause.In pause.S.stu sig.r di vol. scancel.?.500.&File.&Modifiche.&Viodude.&Prefer.ts.&Imprescj.&Jutori.540.&Viar..Viar. dentri 7-&Zip.V&iar. f.r di 7-Zip.&Mostre.M&odifiche.Gambie &non.&Copie in....M.&f in....&Elimine.&Div.t file....Torne a &un. files....P&ropiet.ts.Comen&t.Calcole so&me di control..Cree cartele.Cree file.V&a f.r.600.Selezione d&ut.&Deselezione dut.&Invert.s selezion.Selezione....Deselezione....Selezione par gjenar.Deselezione par gjenar.700.Iconis &grandis.Iconis &pi.ulis.&Liste.&Detais.730.Cence ordin.Viodude plane.&2 panei.Sbaris dai impresc&j.Viar. cartele princip.l.Parsore di un nivel.Storic des cartelis....&Atualize.750.Sbare dai imprescj par l'archivi.Sbare dai imprescj sta
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6029
                                                                                                                                                                                                Entropy (8bit):4.993685353064603
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:TqjTBrLVXTzyIu8alVMSv5FbPtnG5kSksLzJ94KoD0vL0L5nsseiF3F3NPYrAE6g:Y1HyOmX5pPtnMzkYJ9HoD00xNPEAErS8
                                                                                                                                                                                                MD5:03D38F09189799A0D927727D071C54B6
                                                                                                                                                                                                SHA1:17FF3A2C83E6A0B0733F2A9A8CE6B83AF4F1B137
                                                                                                                                                                                                SHA-256:C1C050ED6FE2F8FBC048FD7D82944B8ADA784415B6E62316D590C3C7AA45E112
                                                                                                                                                                                                SHA-512:E511C1A271A3D78CB7F6111759EEC4D7CFC2D46F71F87AA3C4AC1BB11CD4E55E7D4DBE54F9C5107025FFE8C5FCADAD4359DC673BC802B82388E74A8F2FA60FF7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : Berend Ytsma.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Frisian.Frysk.401.Okee.Ofbrekke....&Jawis.&Nee.&Slute.Help..&Ferfetsje.440.Jawis foar &Alles.Nee foar A&lles.Stopje.Opnij begjinne.&Eftergr.n.&Foargr.n.&Skoftsje.Skoft.Binne jo wis dat jo .fbrekke wolle?.500.&Triem.&Bewurkje.&Byld.B&l.dwizers.&Ark.&Help.540.&Iepenje.Iepenje &yn.Iepenje b.&ten.&Byld.&Bewurkje.Omne&ame.&Kopiearje nei....&Ferpleats nei....&Wiskje.Triemmen &spjalte....Triemmen Kom&binearje....E&igenskippen.Komme&ntaar.Kontr.lesom berekenje..Map meitsje.Triem meitsje.U&tgong.600.&Alles selektearje.Alles net selektearje.&Seleksje omdraaien.Selektearje....Net selektearje....Selektearje neffens type.Net selektearje neffens type.700.Gru&tte Ikoanen.L&ytse Ikoanen.&List.&Details.730.Net Sortearre.Platte werjefte.&2 Panielen.&Arkbalke.Haadmap iepenje.Ien nivo omheech.Maphistoarje....&Ferfarskje.750.Argyf arkbalke.Standert arkbalke.Grutte knoppen.Knoptekst sjen litte.800.Map oan bl.dwizers &taheakje as.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7906
                                                                                                                                                                                                Entropy (8bit):4.861128874829787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ggtTHAKaGSwSssr6JRiCJHAnJVsNO1vjGlXl58jmFsjGJZv:gM0j56fuXjol
                                                                                                                                                                                                MD5:236CFC435288002763C68C4BBEE7B39D
                                                                                                                                                                                                SHA1:E74A2402C2CB744DBED8AC1C2154FB1DE38148F9
                                                                                                                                                                                                SHA-256:B18730124208D26E5E88B76BB99985BF61938D7A994B626B2DE5230557D2D8DD
                                                                                                                                                                                                SHA-512:FA6941594454CDA55E081F15F367F430559849D218895B0B157A2204E8B30AE95DB99C62981A9C30A152A63D1BDB8EDD975BF06EE5ADF1F31B42A2C10CF11580
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Sean.n . Coist.n.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Irish.Gaeilge.401.T. go maith.Cealaigh....&T..&N.l.&D.n.Cabhair..&Lean ar aghaidh.440.T. do gach ceann.N.l go gach ceann.Stad.Atosaigh.&C.lra.&Tulra.&Cuir ar sos.Ar sos.An bhfuil t. cinnte gur mian leat . a cheal.?.500.&Comhad.&Leagan.Am&harc.Cean.in.&Uirlis..&Cabhair.540.&Oscail.Oscail &istigh.Oscail &lasamuigh.&Amharc.&Eagar.Athainmnigh.&Macasamhlaigh go....&Bog go....S&crios.Scar an comhad....Cumascaigh na comhaid....Air.onna.N.ta tr.chta.R.omh an tsuim sheice.la.Diff.Cruthaigh fillte.n.Cruthaigh comhad.&Scoir.600.Roghnaigh &uile.D.roghnaigh uile.&Aisiompaigh an roghn.ch.n.Roghnaigh....D.roghnaigh....Roghnaigh de r.ir cine.l.D.roghnaigh de r.ir cine.l.700.&Deilbh.n. m.ra.&Deilbh.n. beaga.&Liosta.&Sonra..730.Neamhaicmithe.Gach rud in aon chiseal.&2 fhuinneog.&Barra. na n-uirlis..Oscail an fr.amhfhillte.n.Suas fillte.n amh.in.Oireas na bhfillte.n....Athnuaigh.750.Barra
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9099
                                                                                                                                                                                                Entropy (8bit):4.918696837936453
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:1W7Uw+zTCaVpRBbpgoeCb4wdHSYz2NufjbJTQewnpy:14N+zNpbbpgw4wdHxtXlipy
                                                                                                                                                                                                MD5:6CD7C2B4D6BBA163B1623035FEB4297D
                                                                                                                                                                                                SHA1:5DF07BCFD1EDBD448B566AEA5789EF251303DE69
                                                                                                                                                                                                SHA-256:9280AB90261B0C8F206EEF7196D7531E4E4932C9174AB899CEE4F8ED97CC87C6
                                                                                                                                                                                                SHA-512:7ED13085EBC2545B434F5671F958F7A5FAA1BC29F7C10721A972AFD2C886FC39F0A6E290E70F1F8EA798199CA26974257EAF9B8445652C9B02C789E198191A3E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : 2007-11-22 : Xos. Calvo.; 9.20 : 2014-11-26 : enfeitizador.; 15.00 : 2016-02-01 : enfeitizador.; 22.00 : 2023-05-13 : enfeitizador.;.;.;.;.;.;.;.0.7-Zip.Galician.Galego.401.De acordo.Cancelar....&Si.&Non.Pe&char.Axuda..&Continuar.440.Si &a todo.Non a &todo.Parar.Reiniciar.Po.er por de&baixo.Traer ao &fronte.&Pausa.Pausado.Queres cancelar?.500.&Ficheiro.&Editar.&Ver.F&avoritos.Ferramen&tas.A&xuda.540.&Abrir.Abr&ir dentro.Abrir &f.ra.&Ver.&Editar.Cambiar no&me.&Copiar a....&Mover a....&Eliminar.&Dividir ficheiro....Com&binar ficheiros....P&ropiedades.Come&ntario....Calcular suma de verificaci.n.Diferenzas.Crear cartafol.Crear ficheiro.Sa&.r.Ligaz.n.&Alternar fluxos.600.Seleccion&ar todo.Desmarcar todo.&Inverter selecci.n.Seleccionar....Desmarcar....Seleccionar por tipo.Desmarcar por tipo.700.Iconas lon&gas.Iconas &mi.das.&Lista.&Detalles.730.Sen orde.Vista plana.&2 paneis.Barras de ferramen&tas.Abrir cartafol ra.z.Subir un nivel.Hist.rico de carta
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17365
                                                                                                                                                                                                Entropy (8bit):3.8616190133381947
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:OOt7VWp6MKgd259LNca7DK2Br5Pyl2/2Z/2oVXBH1K2xSGK/v2eHOv2E2lgJVOqc:OQ15KZeGK/nJ
                                                                                                                                                                                                MD5:93CDC8832328A22E198920630D597268
                                                                                                                                                                                                SHA1:315E5B1C77FB4E2D0C3CC1F48B6DB4C79CE9488A
                                                                                                                                                                                                SHA-256:C6E54E2A93B821BC974209CD7E2D10E9FBC4FF07D238AE84F552E4ADE271702C
                                                                                                                                                                                                SHA-512:E8355A42F3A3B5F21D5D4C7A21324433C997AD39412B3BCDCF26EDBD5EF882179168B2B5618F9FE631B88407608AB1A83BF139DB05C09B608FDDF01694B710DF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma : .... ..... ...... .........;.;.;.;.;.;.;.;.;.;.0.7-Zip.Gujarati, Indian, ....................401...............&....&...&... .........&.... .....440.&... .... ....&... .... ............ .... ....&...........&........(.........).&.................... .... .... .... ... ... .... .... ..?.500.&......&.......&......&.......&.....&....540.&.....&.... .....&.... .....&......&.......&...: .......&... ... .........&... .. ...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10909
                                                                                                                                                                                                Entropy (8bit):3.91308688355158
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:v4MfocCqKNXU9shxj5fLniD65MfiZNUsQWzrSt3v+YGqzCoy8aMN:vzo5qK1U9sZfLiD65Mfip8vJzCoGu
                                                                                                                                                                                                MD5:0771F160D56B1890A1CDC2CA040D2616
                                                                                                                                                                                                SHA1:36E69202682BF6993273B521424EC082998F6CA9
                                                                                                                                                                                                SHA-256:03B4EA89CCE3AA4193A7E3E1E6180DAB8359388DF3B574379935EA39D7B8D723
                                                                                                                                                                                                SHA-512:B452C75292C7D365AA5759FB3F49DE674255E839CAA687436474B782F615B2AD86A11A58809A5BB60115B070C9B738A461DB24E70502598A3BFECCF373220DBB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : peterg.; : Gal Brill.; 9.13 : 2010-04-30 : Jonathan Lahav.; 19.00 : 2020-05-01 : ION.;.;.;.;.;.;.;.0.7-Zip.Hebrew.......401............&...&...&...........&.....440... .&..... &............. .....&....&......&...........?.. ... .... .... .... .....500.&.....&......&......&........&......&....540..&...... .&........ .&....&....&.....&... .......&. ......&.. ...&.......&. ......&... ......&............&...... ..... ................. .......... .....&..........&..... ........600.... &....... ..... ....&.... ............... ......... ... ....... ..... ... ....700........ &.............. &....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17467
                                                                                                                                                                                                Entropy (8bit):3.84721481389097
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:wNAsf6IflsHX7q4IqKz+QCzaRDuAlTz8tw2+xE3ZAXsF:wjDGGeF
                                                                                                                                                                                                MD5:18D9C82F12E07B71E03D6086DEBA0DC3
                                                                                                                                                                                                SHA1:C6C11C6F1FC00A25DD53E1C78F207F6C8C8B8B13
                                                                                                                                                                                                SHA-256:5F79AE167A917860F95F73E5ED007FE250F30AF794BCFCE17941F9EF87D22A05
                                                                                                                                                                                                SHA-512:196A859D52A1A742B98460EAF113552DCE2CFC63378B19D2902BEABC1E66CBD9E26BF37FC26453832AA10929AAF0196ED9211332E63C830B0E5946013C82BDC1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma : ...... .... ......;.;.;.;.;.;.;.;.;.;.0.7-Zip.Hindi, Indian, ...................401.... ...........&....&.....&... .........&.... ....440.&... .. .... ....&... .. .... .............. .... .....&...........&........(.........).&..................... .... .... ..... ... ....... .... .. ....?.500.&.....&.......&......&.......&.....&....540.&.....&.... .....&.... .....&......&.......&...: .......&... ... .........&... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8122
                                                                                                                                                                                                Entropy (8bit):5.01235026127091
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rhhdCkj7itccEuzIS1xTXiV8JBLRsusqrKhI:Vh/jfLupi+l1sqrKhI
                                                                                                                                                                                                MD5:9D8216183493AC2190A4D6E142ECAB9A
                                                                                                                                                                                                SHA1:E534EBB714DBAE2A9E12ACCBE96C6F2568B814C4
                                                                                                                                                                                                SHA-256:210AF273246D30CFDE87295CD5F4FF135B0BDFB04FE7173BB60F935E685B8E10
                                                                                                                                                                                                SHA-512:5B56560AD70652C9C6287F939B25676D8149C000C2388365197354DBE38C5CBA5C25F0A3A529F0601A5B5D964B7278AB3A668E8469CF0EC718821FDABCF044BC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Alan .imek.; 4.53 : Hasan Osmanagi..; 9.07 :.; 15.05 : 2015-06-15 : Stjepan Treger.;.;.;.;.;.;.;.0.7-Zip.Croatian.Hrvatski.401.U redu.Odustani....&Da.&Ne.&Zatvori.Pomo...Nastavi.440.Da za &Sve.Ne za Sv&e.&Stani.Ponovi.U pozadini.U prvom planu.&Pauza.Pauzirano.Poni.titi?.500.&Datoteke.&Ure.ivanje.&Izgled.Omiljene mape.&Alati.&Pomo..540.&Otvori.Ot&vori mapu.Otvori u &sustavu.Iz&gled.&Ure.ivanje.Prei&menuj.&Kopiraj u....Premje&sti u....O&bri.i.Podije&li datoteku....Spo&ji datoteke....Svojs&tva.Komentar.Izra.un kontrolnog zbroja.Uspore.ivanje.Stvo&ri mapu.Stvori &datoteku.&Izlaz.Poveznica.&Alternativni tokovi.600.Odaberi &sve.Poni.ti odabir.&Obrni odabir.Odaberi....Poni.ti odabir....Odabir po tipu.Poni.ti odabir tipa.700.&Velike ikone.&Male ikone.&Popis.&Detalji.730.Neso&rtirano.Sadr.aj mapa.&2 okna.Alatne &trake.&Korijen.&Nadmapa.Pro.&le mape....O&svje.i.Automatski osvje.i.750.Alatna traka arhiva.Standardna alatna traka.Velike tipke.Prika.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10373
                                                                                                                                                                                                Entropy (8bit):5.237599190210729
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:KnufEtXpRc/oaLZ8VK8Am3+JHSacVeRU6i1M2YqpXn6StxERV/NIlLPNJxv:+VXpbavxJHSaqeRUd1vYqpXnxtSRV/2b
                                                                                                                                                                                                MD5:A41E4D16C3B29603832FFD1BBB82283E
                                                                                                                                                                                                SHA1:15695A0BD98D429E9AB191CECB185B70CC492668
                                                                                                                                                                                                SHA-256:486A382483096E9A86CCF6CA02123E48025DE5055F1880AF7F001C5C3FA25114
                                                                                                                                                                                                SHA-512:413DD8C87015EDE7868F992C25D568DE66E1BD765C7A43066D8DA8CF350F3620C77091F075020862FF6BF7C980C6091E92C5C843B3D57957C7516F5B0F51BCA0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Jozsef Tamas Herczeg.; 9.16 : Nyilas MISY.; 15.00 : 2021-11-09 : Barnabas Kovacs.; 22.01 : 2022-07-15 : John Fowler.; 24.05 : 2024-05-16 : John Fowler.;.;.;.;.;.;.0.7-Zip.Hungarian.Magyar.401.OK.M.gsem....&Igen.&Nem.&Bez.r.s.S.g...&Folytat.s.440.I&gen, mindre.N&em, mindre.Le.ll.t.s..jraind.t.s.&H.tt.rben.&El.t.rben.&Sz.net.Sz.neteltetve.Biztos, hogy megszak.tja a folyamatot?.500.&F.jl.S&zerkeszt.s.&N.zet.Ked&vencek.&Eszk.z.k.&S.g..540.M&egnyit.s.Megnyit.s &bel.l.Megnyit.s k.&v.l.&F.jl megtekint.se.S&zerkeszt.s..tn&evez.s.M.s&ol.s mapp.ba.....t&helyez.s mapp.ba....&T.rl.s.F.jl&darabol.s....F.jl&egyes.t.s....T&ulajdons.gok.&Megjegyz.s.Checksum sz.mol.sa.K.l.nbs.g.Mappa l.trehoz.sa.F.jl l.trehoz.sa.&Kil.p.s.Link.Alternat.v adatfolyam.600.Min&d kijel.l.se.Kijel.l.s megsz.ntet.se.Kijel.l.s &megford.t.sa.Kijel.l.s....Megsz.ntet.s....Kijel.l.s t.pus alapj.n.Megsz.ntet.s t.pus a
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13636
                                                                                                                                                                                                Entropy (8bit):4.268145853042887
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:jdJl7z7sBsCD6dowOkSMVBVm6WymLJaOQjKOMI:jdJl/7NC2oofVmGoJBQjiI
                                                                                                                                                                                                MD5:FE73C2AACF07D5120AEDD08792CB8268
                                                                                                                                                                                                SHA1:2C6E7D2FF42C5F65EF5F4C27600819354CAA03B0
                                                                                                                                                                                                SHA-256:91AAC9368BD116AB11FDA0B70EE4D75911A65713A272A3BA55D1435C33250F5A
                                                                                                                                                                                                SHA-512:79DBD84FE71888B7C9FDBCD23F2D4735F731E3C2C7724FBD531C3CA531B1992E756B13B66889AF30EC46770D350FCFAEF2D7ABE607594A2B4B92F60ED326D537
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Gevorg Papikyan.; 15.00 : Hrant Ohanyan.;.;.;.;.;.;.;.;.;.0.7-Zip.Armenian.........401.................&....&...&..................&...........440.... ...... &........ ...... &..........................&..............&........&............ ... ............500.&.....&.........&.....&............&.........&...........540.&........... &............. ...&...........&............&........&............&.............&............& ..........&....... ...............&................&..................................&....... ..............&... ........&.........&.............. ......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8739
                                                                                                                                                                                                Entropy (8bit):4.85314782964051
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oO2E+zHrES/JnUR4TZnN627GyZbrstpaX+XTCsn:T2E+zHrESxURKZnNh91stpaPsn
                                                                                                                                                                                                MD5:BA3591CCF26438CBE93E9C1D56BD1818
                                                                                                                                                                                                SHA1:758619A702D5A0794E4412AA6AE93FC46EA3DFB9
                                                                                                                                                                                                SHA-256:90308689870AD079E1206A877157F7389BC4351A6B104FFA2BD9311409D6D92D
                                                                                                                                                                                                SHA-512:2E9066BD733CAAA9CEDDE2346BE543D4360BD796E01BCB669602C9E6450CA5A2718CB67613469C11A4D2AA8C458D7FE9C59AB8EB9BDE39846C195CE2CC22686B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-05-13 : FranZo.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Indonesian.Bahasa Indonesia.401.Oke.Batal....&Ya.&Tidak.&Tutup.Bantuan..&Lanjut.440.Ya untuk Semu&anya.Tidak untuk S&emuanya.Stop.Start Ulang.Latar &Belakang.Latar &Depan.&Jeda.Dijeda.Anda yakin ingin membatalkan?.500.&Berkas.&Edit.&Tilik.&Favorit.&Peralatan.Bant&uan.540.B&uka.Buka di &Dalam.Buka di &Luar.&Tilik.&Edit.&Nama Ulang.&Salin Ke....&Pindah Ke....&Hapus.Be&lah Berkas....&Gabung Berkas....P&roperti.K&omentar....Hitung checksum.Beda.Buat Folder.Buat Berkas.&Keluar.Tautan.Aliran Alternati&f Aliran.600.Pilih Semu&a.Batal Pilih Semua.P&ilih Sebaliknya.Pilih....Batal Pilih....Pilih berdasarkan Tipe.Batal Pilih berdasarkan Tipe.700.Ikon &Besar.Ikon &Kecil.Da&ftar.&Detail.730.Tidak Diurutkan.Tilik Datar.&2 Panel.Bilah Perala&tan.Buka Folder Akar.Naik Satu Tingkat.Riwayat Folder....&Segarkan.Segarkan Otomatis.750.Bilah Alat Arsip.Bilah Alat Standar.Tombol Besar.Perlihatkan Teks Tombol.800.&Tambah folder ke F
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4604
                                                                                                                                                                                                Entropy (8bit):4.906610885989285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:PkmgliBaKNUnQpg1uw7okwiPJ3npCW+71SwHel5Lt/8QNjyaKfO:PzBaF/1ukoMPZwn7gwHelNt/8QNjya+O
                                                                                                                                                                                                MD5:0861AE63DA2D00590369BB11B3857551
                                                                                                                                                                                                SHA1:8272F4761A3F2ACA2BFAEC6FCF08C82A9F36A65A
                                                                                                                                                                                                SHA-256:B87A4FCA8A0024A915AE86E36951CB7CEA442948D9982D4247E49492445BA664
                                                                                                                                                                                                SHA-512:70997D6775E1C91D021FDA2143C831FE8396094E50337DA3C4897DA70636B7F10B363F35B997213A462B467FE6754D2C33E009E84363063ECED871A2591CCE88
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.08 : iZoom.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Ido.Ido.401.B&one.Abandonar....&Yes.&No.&Klozez.Helpo..&Durez.440.Yes por &omni.No por o&mni.Haltez.Ristartez.&Fono.&Avanajo.&Pauzo.Pauzita.Kad vu ya volas abortar?.500.&Dosiero.&Redakto.&Aspekto.&Favoraji.&Utensili.&Helpo.540.&Apertigar.Apertigar int&erne.Apertigar e&xter.&Vidigar.&Redaktar.Ch&anjar nomo.Ko&piar aden....Transp&ozar aden....E&facar.F&endar dosiero....Komb&inar dosieri....In&heraji.Ko&mentar...Krear &dosieruyo.Krear dos&iero.E&kirar.600.Merk&ar omno.Des&merkar omno.&Inversigar merko.Merkar....Desmerkar....Merkar segun tipo.Desmerkar segun tipo.700.&Granda ikoneti.&Mikra ikoneti.&Listo.&Tabelo.730.&Nearanjite..&2 paneli.Utens&ila paneli.Apertigar radika dosieruyo.Ad-supre ye un nivelo.Dosieruya historio....R&inovigar.750.Utensila panelo di arkivo.Norma utensila panelo.Granda ikoneti.Videbla butontexto.800.&Adjuntar dosieruyo ad la favorata quale.Lektomerkajo.900.&Ajusti....&Experienco dil rapideso.960.&Konte
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4812
                                                                                                                                                                                                Entropy (8bit):5.061169016847165
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:8VTu+i2nCrWTXAwQGjC6IF5/uNXlziug14+UFxmeeqYgzf7Edm+8VR:8VTTCqTRC6Iv/uzg14+UFxJYgzTR
                                                                                                                                                                                                MD5:6BDF25354B531370754506223B146600
                                                                                                                                                                                                SHA1:C2487C59EEEAA5C0BDB19D826FB1E926D691358E
                                                                                                                                                                                                SHA-256:470EAF5E67F5EAD5B8C3ECC1B5B21B29D16C73591EB0047B681660346E25B3FB
                                                                                                                                                                                                SHA-512:C357B07C176175CC36A85C42D91B0CADA79DBFB584BDF57F22A6CB11898F88AECF4392037D5CEA3E1BC02DF7493BB27B9509226F810F1875105BBC33C6AE3F20
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Owain Lewis.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Welsh.Cymraeg.401.Iawn.Canslo....&Iawn.&Na.&Cau.Cymorth..P&arhau.440.Iawn i'r &Cwbwl.Na i'r C&wbwl.Stopio.Ailgychwyn.&Cefndir.&Blaendir.&Pwyllo.Pwyllo.Ydych chi am canslo?.500.&Ffeil.&Golygu.Gwe&ld.Ff&efrynnau.&Offer.&Cymorth.540.&Agor.Agor tu &Mewn.Agor tu &Fas.Gwe&ld.&Golygu.A&ilenwi.&Cop.o i....&Symud i....&Dileu.&Hollti ffeil....Cy&funo ffeilau....&Priodweddau.Syl&wad.Cyfrifo swm-gwirio..Creu Ffolder.Creu Ffeil.Alla&n.600.Dewis y C&yfan.Dad-ddewis y Cyfan.Gwrt&hdroi'r Dewis.Dewis....Dad-ddewis....Dewis trwy Math.Dad-ddewis trwy Math.700.Eiconau &Mawr.Eiconau &Bach.&Rhestr.Ma&nylion.730.Dad-dosbarthu.Golwg Flat.&2 Paneli.Bariau &Offer.Agor Ffolder Gwraidd.Lan Un Lefel.Hanes Ffolderi....&Adnewyddu.750.Bar Offer Archif.Bar Offer Arferol.Botwmau Fawr.Dangos Testun Botwmau.800.&Ychwanegu ffolder i Ffefrynnau fel.Llyfrnod.900.&Dewisiadau....&Meincnod.960.&Cynnwys....&Manylion 7-Zip....1003.Llwybr.Enw.Estyniad.Ffolder.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10328
                                                                                                                                                                                                Entropy (8bit):4.601143849904046
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:y/vuZGpufsiAAsiNSFT5JD7HahEPpBwwKOAmiyUSbD0A:y/vuZGMfjzRNGGhEP8DXyUSX0A
                                                                                                                                                                                                MD5:407130A212CFAC68FA4873B0381B2CB1
                                                                                                                                                                                                SHA1:C0C9B84CC79619D27536E9F50F25D81237B234D3
                                                                                                                                                                                                SHA-256:F813EAC0B284EDCE156DD1E6B7EA75B027F4342E04D8B8DB1131894A227A4562
                                                                                                                                                                                                SHA-512:E80AFDF726CCC5D495F62A9B289EE31703F151EA01EBA32AD7D2DA306C2C07DE2F9049DC6592C3C962B7CC2CBE352B8B7A19E9DBCF7B3C6B61DCC4026B70C151
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Arslan Beisenov, Arman Beisenov.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kazakh.........401......................&...&....&...............&...........440....... &......... &................. .... .....&......&....... .........&.......................... ....... ..... ..?.500.&.....&......&........&..........&......&.........540.&.......... &............ ..........&........... .....&..........&...........&.......... ................... ...........................&................. .......Diff.&..... .......... ...........600...... ..................... ........&........... ...................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10142
                                                                                                                                                                                                Entropy (8bit):5.350645745471363
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:xPc6gARXHeJlbbciOeh3rykpqMmEIN5U91n8:N3gARX+Jlbbfh3ryvTEIN5Un8
                                                                                                                                                                                                MD5:3FDECAE1FF188894295759380B0378DA
                                                                                                                                                                                                SHA1:935A4797540CE26828569C50924BAAE230F2D41E
                                                                                                                                                                                                SHA-256:B53FE26795B01F3347B614EAA499D28770D94EB5B51005C842386E97D8344CB6
                                                                                                                                                                                                SHA-512:F5B87DEFB1837E98EA46E1E37E13180976C5910F13E18A178397C530E6F15C585CF55E54048206D1A343C298BFE136E0CCF259657B29D7A8C5A9EE2537288AED
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Tomas Tomasek.; 9.07 : Pavel Deve.ka.; 9.38 beta : 2015-01-11 : Roman Horv.th.; 24.02 : Milan .alka.;.;.;.;.;.;.;.0.7-Zip.Slovak.Sloven.ina.401.OK.Zru.i.....&.no.&Nie.&Zavrie..Pomocn.k..Po&kra.ova..440..no na &v.etko.Nie na v.&etko.Zastavi..Re.tartova..&Pozadie.P&opredie.Po&zastavi..Pozastaven..Ste si ist., .e chcete akciu zru.i.?.500.&S.bor.&Upravi..&Zobrazi..&Ob..ben..&N.stroje.&Pomocn.k.540.&Otvori..O&tvori. vn.tri.Ot&vori. externe.&Zobrazi..&Upravi..&Premenova..&Kop.rova. do....P&resun.. do....O&dstr.ni..Ro&zdeli. s.bor....Zl..&i. s.bory....V&lastnosti.Ko&ment.r.Vypo..ta. kontroln. s..et.Rozdiel (Diff).Vytvori. prie.inok.Vytvori. s.bor.Uko&n.i..Odkaz....&Alternat.vne streamy.600.Ozna.i. v.etko.Odzna.i. v.etko.Invertova. ozna.enie.Ozna.i.....Odzna.i.....Ozna.i. pod.a typu.Odzna.i. pod.a typu.700.&Ve.k. ikony.&Mal. ikony.&Zoznam.&Podrobnosti.730.Netriedi..Ploch. vzh
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7317
                                                                                                                                                                                                Entropy (8bit):4.9782970287172175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:OpSxVzpOmch2EFMaoK1ibQuXgmDjExNxI/kudt+0/aqppl6jiapd9jpp:P5OtMEFMRDHMuKeaqpAic
                                                                                                                                                                                                MD5:459B9C72A423304FFBC7901F81588337
                                                                                                                                                                                                SHA1:0BA0A0D9668C53F0184C99E9580B90FF308D79BE
                                                                                                                                                                                                SHA-256:8075FD31B4EBB54603F69ABB59D383DCEF2F5B66A9F63BB9554027FD2949671C
                                                                                                                                                                                                SHA-512:033CED457609563E0F98C66493F665B557DDD26FAB9A603E9DE97978D9F28465C5AC09E96F5F8E0ECD502D73DF29305A7E2B8A0AD4EE50777A75D6AB8D996D7F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Miguel Angel.; 9.07 : Purgossu.;.;.;.;.;.;.;.;.;.0.7-Zip.Extremaduran.Estreme.u.401.Acetal.Cancelal....&S..&Nu.&Fechal.Ayua..A&continal.440.S. &a t..Nu a &t..Paral.Reinicial.Se&gundu pranu.&Primel pranu.&Paral.Parau.De siguru que quieri cancelal la operaci.n?.500.&Archivu.&Eital.&Vel.A&tihus.&Herramientas.A&yua.540.&Abril.Abril &dentru.Abril &huera.&Vel.&Eital.Renom&bral.&Copial a....&Movel pa....&Eliminal.De&sapartal ficheru....Com&binal ficherus....P&ropieais.Come&ntariu.Calculal suma e verificaci.n.Diff.Creal diret.riu.Creal ficheru.&Salil.600.Selecional &t..Deselecional t..&Invertil seleci.n.Selecional....Deselecional....Selecional pol tipu.Deselecional pol tipu.700.Iconus g&randis.Iconus caquerus.&Listau.&Detallis.730.Nu soportau.Vista prana.&2 panelis.Barra e herramien&tas.Abril diret.riu ra..Subil un nivel.Estorial de diret.rius....&Atualizal.750.Barra e herramientas 'archivu'.Barra e herramientas est.ndal.Botonis grandis.Muestral te
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8111
                                                                                                                                                                                                Entropy (8bit):5.364411458818708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:EpyG/WRw/t50jb9+lrFwm9HIb4He0Wtd2iYNo+rRkRLTEMqbfMu9854Il2cqXK:Ekhw/tmlScwlni8CSku9bW
                                                                                                                                                                                                MD5:A0612FA9EB8196659D15C67AC965A5E6
                                                                                                                                                                                                SHA1:AE733BBAEF962F3A10C5855ED30B6D084C8C5D5F
                                                                                                                                                                                                SHA-256:C73634402C3EFFDB2750AB5CF6F1083ABD8771529BFF6F7E513D646E0FCDAE23
                                                                                                                                                                                                SHA-512:74991149573FBC7B5D9BEF36B0F8CB00951BEBE959F2D9058C227F3E75A874E22C8AA6219BBD643E483E0D969674A9CA9004E33F116BC923A30C872FC3F7909C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : : Tran Hong Ha.; 4.42 : : Le Vu Hoang.; 4.48 : : Nguyen Hong Quan.; 9.07 : 2011-04-12 : Vietnamize Team.;.;.;.;.;.;.;.0.7-Zip.Vietnamese.Ti.ng Vi.t.401...ng ..H.y b.....C..Kh.ng...ng.Gi.p ....Ti.p t.c.440.C. t.t c..Kh.ng t.t c..D.ng.L.m l.i.Ch.y n.n.Ch. .. .u ti.n.D.ng... d.ng.B.n ch.c ch.n mu.n h.y b.?.500.T.p tin.Bi.n t.p.Xem..a th.ch.C.ng c..Gi.p ...540.M..M. t.i ..y.M. trong c.a s. kh.c.Xem.Bi.n t.p...i t.n.Sao ch.p ..n....Di chuy.n ..n....Xo..Chia c.t t.p n.n....N.i t.p n.n....Thu.c t.nh.Ch. th.ch.T.nh checksum (md5).So s.nh.T.o th. m.c.T.o t.p n.n.Tho.t.600.Ch.n t.t c..B. ch.n t.t c....o l.a ch.n.Ch.n....B. ch.n....Ch.n theo lo.i.B. ch.n theo lo.i.700.Bi.u t..ng l.n.Bi.u t..ng nh..Danh s.ch.Chi ti.t.730.Kh.ng s.p x.p.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5649
                                                                                                                                                                                                Entropy (8bit):5.023150217249099
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Q1XbkTUCIRe/Ldwrrs0C9t5oOhCtF5Iw7YXjuaPJ6Z7cfjsfcQRQ:EATdIEOrrs0C9t5oOh6bb7QuaPJ6Kfjl
                                                                                                                                                                                                MD5:3B1958DA0544A6C318D18EF5779E81F5
                                                                                                                                                                                                SHA1:67E991A6525DA165145C4584C3D9B398583D7E68
                                                                                                                                                                                                SHA-256:F349529EA4584EBA51CD519B8A1D535D2DAEC762CD7369673B237FA03A526CC7
                                                                                                                                                                                                SHA-512:E9B5E76FC908BC193738781FDBEBD894AE310F6693F7B52D4369BC4F979A8EC9E2201E5A2056FBFC380FDAD3143F3E5A3BC00D7CCB00CEC078BC0E8CAF318861
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.45 : Jostein Christoffer Andersen.; : Kjetil Hjartnes.; : Robert Gr.nning.;.;.;.;.;.;.;.;.0.7-Zip.Norwegian Bokmal.Norsk Bokm.l.401.OK.Avbryt....&Ja.&Nei.&Lukk.Hjelp..&Fortsett.440.Ja til &alt.Nei til a&lt.Stopp.Start p. nytt.&Bakgrunn.&Forgrunn.&Stopp.Stoppet.Vil du avbryte?.500.&Fil.&Rediger.&Vis.&Bokmerker.Verk&t.y.&Hjelp.540.&.pne..pne &internt..pne &eksternt.&Vis.&Rediger.Gi nytt &navn.&Kopier til ..&Flytt til ..S&lett.&Del opp arkiv ..&Sett sammen arkiv ..E&genskaper.&Kommentar ..Beregn sjekksum..Ny &mappe ..Ny f&il ..&Avslutt.600.Merk &alle.Merk i&ngen.Merk &omvendt.Merk ..Merk &ikke ..Merk &valgt type.Merk i&kke valgt type.700.&Store ikoner.S&m. ikoner.&Liste.&Detaljer.730.Usortert.&Flat visning.&To felt.&Verkt.ylinjer.Rotmappe.G. opp et niv..Mappelogg ..&Oppdater.750.Arkivverkt.ylinje.Standardverkt.ylinje.Store knapper.Knappetekst.800.&Bokmerk denne mappen som.Bokmerke.900.&Innstillinger ..&Ytepr.ve ..9
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12052
                                                                                                                                                                                                Entropy (8bit):4.593559236039092
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:EVt6Fm0NMfdCluobJcX4/xBjnBmeevaMHYXk8ogjES+UntpdLCKmYcBp7a:EVSm0NMfdClucJcX4/xBVmKM4Xk8oJSj
                                                                                                                                                                                                MD5:E50C04D913DC92251AA6781C02E0BD45
                                                                                                                                                                                                SHA1:57E68C80B23A9B1BD689CCD81CBCD91E0CAE6AAC
                                                                                                                                                                                                SHA-256:9A9E4DDACC494EAAA386F1220837020F332A49E7FFF7F0BF8C38C847390DAB18
                                                                                                                                                                                                SHA-512:C428CAF314F79D533246CEE4015411102ED836D0173F67F3B2F4C61C3F3F81BE7FB2FFF7D3E863E999617BA05FD6F7FEF4B67CFF8557E1D0C86035ED29DAA2CE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20 : Kalil uulu Bolot.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kyrgyz..........401.OK..........&.....&....&..............&........440..... &........... .&...... ................ ........&......&....... .......&..................... ... ... .......... ........... ..... ......?.500.&.....&......&.....&...........&......&.......540.&........&... ..........&... ...........&................& .........&.... ...........&.... ..... ...........&.........&... ...............&........ ............&..........&................. .........Diff.&...... ...........&. .........&.....600....... .&..............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14632
                                                                                                                                                                                                Entropy (8bit):4.341973950530399
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:LzDXSHvMCtcY7SbE1BgUmOTfhEUDgkoSa4pTG++3slxxgYbgDfvCPKpTWO4z+dWE:uMC2YubdUmsKEAcb+3QbgDEK9KyQ2f
                                                                                                                                                                                                MD5:EA08A1D73A4A150D7EC590B094D4E0D5
                                                                                                                                                                                                SHA1:E4F3172CF52DB8DA27F7D95CFBA2EACFAB12D533
                                                                                                                                                                                                SHA-256:E029F34DDEA8B1358E1F519526EF643D79BE37CFCE55BB5EA21B4BD0D026F9D3
                                                                                                                                                                                                SHA-512:3661EC554C82F3608099E08808E5151B8D7BCCA385CF09D0FD4181073A52E1E835485DF0684F5091D0F5EF487A07298286DB463C3971E3986A6AD9B0BF7784C2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-20 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tajik........401..................&.....&...&..............&..........440..... ..... &........ ..... &............... .......&.......&.. ... ........&............ ............. ....... ......, .. ......... .... ...... .......?.500.&.....&.......&.......&......................&........540.&........... ..... &........... ..... ...............&............. ......&............ ......&........ ......&.... ................ ..... &.........&..... ....... ................................... ...... .............. .......&...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8251
                                                                                                                                                                                                Entropy (8bit):5.19488137916907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:IHrcQOp6UkYC3kMQVtxXYrqYlMtiMeQIFTYENLlr7mAzNtcjpuqd/WWQse:IH3OpXBUMeQIFTYGr9NtycmW
                                                                                                                                                                                                MD5:C8F31D6ADEE368CA0AA00350DF0D82DF
                                                                                                                                                                                                SHA1:4146C7C62DD46B2C43C92CDF33E45FA7E2272D04
                                                                                                                                                                                                SHA-256:DC61090369E1269A68C75E472D863AAF42207F702B3D3E12CA48D2852E1478E3
                                                                                                                                                                                                SHA-512:758AF54A33DC243992324974F01707C8027BE7BDC7D07187A28038F4C9D8F7681D989B66F56A13B86E99C8BC74D80A70FA44BD5DD9532C99B78DF7985B397ED8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 19.02 : 2019-11-12 : Stef.n .rvar Sigmundsson.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Icelandic..slenska.401.. lagi.H.tta vi.....&J..&Nei.&Loka.Hj.lp..&Halda .fram.440.&J. vi. .llu.&Nei vi. .llu.St..va.Endurr.sa.&Bakgrunnur.&Forgrunnur.&Gera hl... hl.i.Ert .. viss um a. .. viljir h.tta vi.?.500.&Skr..&Breyta.&Sko.a.&Upp.hald.&Verkf.ri.&Hj.lp.540.&Opna.&Opna a. innanver.u.&Opna a. utanver.u.&Sko.a.&Breyta.&Endurnefna.&Afrita .....&F.ra .....&Ey.a.&Klj.fa skr.....&Sameina skr.r....&Eiginleikar.&Gera athugasemd....Reikna samt.lu.Mismunur.Skapa m.ppu.Skapa skr..&H.tta.Tengill.&V.xlstraumar.600.&Velja allt.&Afvelja allt.&Umsn.a vali.Velja....Afvelja....Velja eftir tegund.Afvelja eftir tegund.700.&St.rar t.knmyndir.&Sm.ar t.knmyndir.&Listi.&Sm.atri.i.730..flokka..Flats.n.&2 spj.ld.&Verkf.rastikur.Opna r.tarm.ppu.Upp um eitt stig.M.ppusaga....&Endurgl..a.Sj.lfendurgl..un.750.Safnverkf.rastika.St..lu. verkf.rastik
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):4.288162718572465
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:TmGK+SCI5WUrVarSC0sgvy995DoVdhpWQl9y5pwVt1tX8aEFPGH0IU4smVxa:fSJHBqS7/69HSdHWaZsaEFP6nm
                                                                                                                                                                                                MD5:447E681A030C82C3832DBA0B51CC790D
                                                                                                                                                                                                SHA1:401BF38C2122AE2493470820C92D069F3F6C7606
                                                                                                                                                                                                SHA-256:3E76BC88DB5CB108CF8750B01BDABBB3772DBF2BF14592C6AB18B7339817D6EE
                                                                                                                                                                                                SHA-512:D17EF32A1DE17EC1C9D6CAE6199E6623DB700B18E43B3B85EF403A60EC11B9EFC0AC0BB188B03D13F7895DFCF4ED37D1F40C1BFC4BEE469742B712ED5DE70722
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-04-05 : Igor Pavlov.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Russian.........401.OK...........&...&....&................&...........440... ... &........ ... .&....................&......&.. ........ .....&........ ........ ............. ...... ........ ........?.500.&.....&.......&....&...........&......&........540.&............... &.............. .....&............&...................&.........&.......... .....&........... .....&..........&..... .........&......... ............&...........&..................... ...............&....... ..........&... ......&............&...........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10395
                                                                                                                                                                                                Entropy (8bit):3.978171082486284
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:HosRVPp67cdE3hwwQtbgUaecHQFyMce+VWLeKhJHZgr:1RNphG3IRBwHoJbLeYJHi
                                                                                                                                                                                                MD5:B681F52BC54B1B340A3184CDE7FF59C2
                                                                                                                                                                                                SHA1:BA8D38155C0C81416233A360F7387EAF48C57DB2
                                                                                                                                                                                                SHA-256:F6D67CE2EAE4C125BBF54C04AC783005BDDC07007398CABD3B9603020AF67BFD
                                                                                                                                                                                                SHA-512:82FDB75B2F2A06E3CBBEAF1DFE84B196908286B9518194485DBBB168777181FA86A7E37136756544ACC98165860E8CA61B83545F6CD1F13EE91BFA995A5DF0D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.42 : ...... ..... ....... (Subodh Gaikwad).;.;.;.;.;.;.;.;.;.;.0.7-Zip.Marathi.......401.............&...&.....&.........&.....440.&.... .. ...&.... .. ................. .... ....&.... .....&.... ....&........................ .... .......... ...... ... ..?.500.&.....&.......&.......&.....&......&....540.&.....&.... .....&..... .....&......&.......... ....&.............&........&......&.... ..... ........... ...............................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19786
                                                                                                                                                                                                Entropy (8bit):3.4834684083480845
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:CcI/ZsPpGl9ZjeWe4vt/lx5qI4qwRXoFYvNCrSFbF7FdF+pIAZMijZdcdap4daBj:OUGxjeWe4vt/lvPIXTaGF+pPZZ7Ro/50
                                                                                                                                                                                                MD5:A10D62CB5875CC96D53E4BC02724F366
                                                                                                                                                                                                SHA1:BB8D2F73109084A9A11246733E5DA148D964D6EA
                                                                                                                                                                                                SHA-256:2E488EF05895B93ACA2B5F72EA08DA887722215D1B4CB85B12942EA32641DA2B
                                                                                                                                                                                                SHA-512:B01FCFA48883431BA98522C74A8AE9511BD6F122613E80A0439A049B8F509D689B89A59F280335532AF284A351C52F44313A4961EA5ACBFAF7EA2617AF75E797
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20:.; Saqirilatu Mongolqileb.; last updated: 2014-1-1.;.;.;.;.;.;.;.;.0.7-Zip.Mongolian (Unicode)....... .....401...................... (&Y)..... (&N)....... (&C)..................... (&C).440....... .... (&A)....... .... (&L)................ ........... ..... (&B)....... ..... (&F).......... (&P)........ .......... ...... ........ .. ..500...... (&F)............ (&E)...... (&V)........... (&A)....... (&T)........... (&H).540......... (&O)...... ..... ... ........ (&I)...... ..... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8399
                                                                                                                                                                                                Entropy (8bit):4.743579226754701
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ChNzKhWj2NvAG/UkpyRFJHbskP/jZKMOdp6EAEPW:ChNXj2uG/Ukpe/DEMOdp6Em
                                                                                                                                                                                                MD5:C90CD9F1E3D05B80ABA527EB765CBF13
                                                                                                                                                                                                SHA1:66D1E1B250E2288F1E81322EDC3A272FC4D0FFFC
                                                                                                                                                                                                SHA-256:A1C9D46B0639878951538F531BBA69AEDDD61E6AD5229E3BF9C458196851C7D8
                                                                                                                                                                                                SHA-512:439375D01799DA3500DFA48C54EB46F7B971A299DFEBFF31492F39887D53ED83DF284EF196EB8BC07D99D0EC92BE08A1BF1A7DBF0CE9823C85449CC6F948F24C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.12 : 2015-12-04 : Xabier Aramendi.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Basque.Euskara.401.&Ongi.E&zeztatu....&Bai.&Ez.It&xi.&Laguntza..&Jarraitu.440.Bai &Guztiari.Ez G&uztiari.Gelditu.Berrabiarazi.Ba&rrenean.&Gainean.&Pausatu.Pausatuta.Zihur zaude ezeztatzea nahi duzula?.500.&Agiria.&Editatu.&Ikusi.&Gogokoenak.&Tresnak.&Laguntza.540.&Ireki.Ireki &Barnean.Ireki &Kanpoan.Ik&usi.&Editatu.Berrize&ndatu.Kopiatu &Hona....&Mugitu Hona....E&zabatu.Banan&du agiria....Nahas&tu agiriak....Ezau&garriak.&Aipamena....Ka&lkulatu egiaztapen-batura.Ezber.Sortu Agiritegia.S&ortu Agiria.I&rten.Lotura.&Aldikatu Jarioak.600.Hautatu &Guztiak.Deshatutau G&uztiak.&Alderantzizkatu Hautapena.&Hautatu....&Deshautatu....Hautatu &Motaz.Deshautatu M&otaz.700.Ikur &Handiak.Ikur Txi&kiak.&Zerrenda.&Xehetasunak.730.Ant&olatugabe.Ik&uspegi Laua.&2 Panel.&Tresnabarrak.Ireki &Erro Agiritegia.Maila Bat &Gora.Agiritegi &Historia....&Berritu.Be&rez Berritu.750.Artxibo Tresnabarra.Tresnabarra Estandarra.Boto
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13050
                                                                                                                                                                                                Entropy (8bit):3.8543519831557473
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dNvZCtxUT2PoIhbW7dxmmWkcU0rwSdCsbW3UcSru1:d1vT2PoIRWMBwSY3Sr6
                                                                                                                                                                                                MD5:04CFC22F9293329C5EA7EC5C4A14D3BC
                                                                                                                                                                                                SHA1:57AA51DEC6BED50703054060F46918AA26AE0E4A
                                                                                                                                                                                                SHA-256:E016E8872F2DE7CBC1F4FC786C747CC26B2E250E6C1B8F1C46040B72C523D90F
                                                                                                                                                                                                SHA-512:5099E2A8B6BE04E2124280711AF1BF5807DCA5DF93DD33CCA416D56337ADAD19903AACEF3872F550D16A82F8F1471EC5D821D6E4E096E817A8C4D8340291D402
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Shiva Pokharel, Mahesh Subedi.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Nepali........401.... ...... .............&...&.....&.... .................&.... ...........440.&...... ...&...... ...................: .... ..........&..........&.........&.. ............ ............ .... .... .... ......... ?.500.&.....&....... ..........&...........&.........&......&......540.&..................... ..................... ...........&.........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5016
                                                                                                                                                                                                Entropy (8bit):5.202718875099834
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:UnbIMLOcn+2YYrzNOw/tglixPmncrwQMpp7urX:5MBQs9encsQCps
                                                                                                                                                                                                MD5:056327042B9CFD5FCB5F788F22112D62
                                                                                                                                                                                                SHA1:FAE6324417DC88E9A9BB0FBAC9B4D4CE61C1980E
                                                                                                                                                                                                SHA-256:533F9FF016E7BB36216665CCA1065139A35D8DA71651678814415FF457A9BE7D
                                                                                                                                                                                                SHA-512:FE853C2042251B3987C169F8241E0B3B0F1C3AE039DC7786B07E0DB07E8A6B0F89E1D478F27D3C8DFD69473E6C6118CE13A39D7DE84A22A3C2A660652B852660
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.10 : Armands Radzu.ka.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Latvian.Latvie.u.401.&Labi.&Atcelt....&J..&N..Aiz&v.rt.&Rokasgr.mata..&Turpin.t.440.J. &visiem.N. v&isiem.Stop.P.rstart.t.&Fon..&Priek.pl.n..Pa&uze.Pauz.ts.Vai piekr.tat p.rtraukt .o darb.bu?.500.&Fails.&Labo.ana.&Izskats.Ie&cien.t.s.&R.ki.&Pal.dz.ba.540.&Atv.rt.Atv.rt &iek.pus..Atv.rt .rp&us..Ap&skate.&Labot.P.&rd.v.t.&Kop.t uz....P.r&vietot uz....&Dz.st.&Sadal.t failu....Ap&vienot failus.....pa..&bas.&Piez.mes...Izveidot &mapi.Izveidot &failu.&Beigt.600.Iez.m.t &visu.Atcelt vis&u.I&nvert.t iez.m.jumu.Ie&z.m.t....&Atcelt....I&ez.m.t p.c tipa.A&tcelt p.c tipa.700.&Lielas ikonas.&Mazas ikonas.&Saraksts.S.&k.k.730.&Ne..irot..&2 pane.i.&R.ku joslas.&Atv.rt saknes mapi.L.meni &uz aug.u.Mapju &v.sture....&P.rlas.t.750.Arh.va r.ku josla.Standarta r.ku josla.Lielas pogas.Par.d.t pogu tekstu.800.&Pievienot mapi iecien.taj.m k..Iecien.t.s.900.&U
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7471
                                                                                                                                                                                                Entropy (8bit):4.976709314177123
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:21Oo14rh/0lXjPqDp2h+O0k2r/2T7tQpl:21OoqUDureT7tQpl
                                                                                                                                                                                                MD5:58FF044FE195453F797DD1AC6903ABF9
                                                                                                                                                                                                SHA1:4B8DAE21DD14AC6DAA1DECF804336A1AAE169AA9
                                                                                                                                                                                                SHA-256:D9BB6BFC127938C47B43290241378887085314AD1326095934A362CD9836B560
                                                                                                                                                                                                SHA-512:861300FE39FF0DACA00B4CB56C4075AFBA2BB3A1654BCF35713251237630206F06BC63D7F339ECFF040C9EA1F5B7094A11FE57C5848E91DB9000F48D166AB1BE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : GENOVES.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Ligurian.Zeneize.401.D'ac.rdio.Anulla....&Sci.&No.S.&ra.Agiutto..&Continoa.440.Sci pe &Tutti.No pe T&utti.Ferma.Inandia torna.Into &sfondo.&In primmo cian.&Paoza.In paoza.Ti . seguo de voei anul.?.500.&Archivio.&Modifica.&Vixoalizza.&Preferii.&Strumenti.A&giutto.540.&Arvi.Arvi into Manezat. d'archivi 7-Zip.Arvi inte Explorer.&Vixoalizza.&Modifica.Ri&nomina.&C.pia inte....&Sp.sta inte....Scancel&la.&Dividi l'archivio....&Unisci i archivi....P&ropiet..Comen&ta....Calcola somma de contr.llo.Dif.Crea cartella.Crea archivio.Sc&i.rti.600.Sele.ionn-a &tutto.Desele.ionn-a tutto.In&verti sele.ion.Sele.ionn-a....Desele.ionn-a....Sele.ionn-a pe tipo.Desele.ionn-a pe tipo.700.Figue &grende.Figue picinn-e.&Listin.&D.ti.730.Nisciun ordine.Vista ciatta.&2 barco.n.Bare di &Strumenti.Arvi cartella prin.ip..Livello supei..Cronologia....&Agiorna.750.Bara di strumenti Archivio.Bara di strumenti Normali.Figue grende.Mos
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7906
                                                                                                                                                                                                Entropy (8bit):4.861128874829787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ggtTHAKaGSwSssr6JRiCJHAnJVsNO1vjGlXl58jmFsjGJZv:gM0j56fuXjol
                                                                                                                                                                                                MD5:236CFC435288002763C68C4BBEE7B39D
                                                                                                                                                                                                SHA1:E74A2402C2CB744DBED8AC1C2154FB1DE38148F9
                                                                                                                                                                                                SHA-256:B18730124208D26E5E88B76BB99985BF61938D7A994B626B2DE5230557D2D8DD
                                                                                                                                                                                                SHA-512:FA6941594454CDA55E081F15F367F430559849D218895B0B157A2204E8B30AE95DB99C62981A9C30A152A63D1BDB8EDD975BF06EE5ADF1F31B42A2C10CF11580
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Sean.n . Coist.n.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Irish.Gaeilge.401.T. go maith.Cealaigh....&T..&N.l.&D.n.Cabhair..&Lean ar aghaidh.440.T. do gach ceann.N.l go gach ceann.Stad.Atosaigh.&C.lra.&Tulra.&Cuir ar sos.Ar sos.An bhfuil t. cinnte gur mian leat . a cheal.?.500.&Comhad.&Leagan.Am&harc.Cean.in.&Uirlis..&Cabhair.540.&Oscail.Oscail &istigh.Oscail &lasamuigh.&Amharc.&Eagar.Athainmnigh.&Macasamhlaigh go....&Bog go....S&crios.Scar an comhad....Cumascaigh na comhaid....Air.onna.N.ta tr.chta.R.omh an tsuim sheice.la.Diff.Cruthaigh fillte.n.Cruthaigh comhad.&Scoir.600.Roghnaigh &uile.D.roghnaigh uile.&Aisiompaigh an roghn.ch.n.Roghnaigh....D.roghnaigh....Roghnaigh de r.ir cine.l.D.roghnaigh de r.ir cine.l.700.&Deilbh.n. m.ra.&Deilbh.n. beaga.&Liosta.&Sonra..730.Neamhaicmithe.Gach rud in aon chiseal.&2 fhuinneog.&Barra. na n-uirlis..Oscail an fr.amhfhillte.n.Suas fillte.n amh.in.Oireas na bhfillte.n....Athnuaigh.750.Barra
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5370
                                                                                                                                                                                                Entropy (8bit):5.1403349462862655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:TF4kLCz94zsWXCgceerMLYVX0r/TL9PWE8OLBMTUgJiRNJ5zBD0N+VrmifAAec1T:94m3CjrMLY+LNPwOJgJiRj0tgAXc1jv
                                                                                                                                                                                                MD5:28E69DD6E397FA98C07088E4CDBEF1F4
                                                                                                                                                                                                SHA1:56E4A46B5C7360F609683562E617C75C28CD447C
                                                                                                                                                                                                SHA-256:57AE544F3F9E8BF5D96CE1F9CFE5648EB6C1E2F5604DA6EB0C80AE24BC1A40D7
                                                                                                                                                                                                SHA-512:6BDE04F3BBD42E73EA3E0A93E8EF69149F25DAE491051D1655A85718AF4D51F5247C610D87C20227F94BEEEBA038D54F7B213B0443382D080E87722485941AAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Rizoy. Xerz..;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kurdish.Kurd..401.Temam.Betal....&Er..&Na.Bi&gire.Al.kar...Bi&dom.ne.440.&Ji Bo Hem.y. Er..Ji &Bo Hem.y. Na.Raweste.D.sa Destp.ke.L%i Pi.t.Li &P...&Rawest.ne.Rawestiya -.Ma bila betal bibe?.500.&Dosya.&Bipergal.ne.&N..an Bide.Bi&jare.&Am.r.A&l.kar..540.&Veke.&Di Panel. De Veke.Di &Pacey. De Veke.&N..an Bide.&Sererast bike.&Navek. N. Bid..&Ji Ber Bigire.B&ar Bike.J. B&ibe.Par.e Bi&ke....Bike &Yek....&Taybet..Da&xuyan..checksum heseb bike..Pe&ldankeke N..Do&siyeke N..De&rkeve.600.&Hem.y. hilbij.re.He&m. hilijartin. rake.Be&revaj. w. hilbij.re.&Hilbij.re....Hilbijarti&n. Rake....V. curey. hilbij.re.Hilbijartina cure rake.700.&Daw.r.n Mezin.D&aw.r.n Bi..k.&L.ste.&H.ragah..730.B. Dor.xuyakirina sade.&2 Panelan veke.Da&rik. am.ran.Peldanka Kok Veke.Astek. Berjor.D.roka Peldank.....&N. Bike.750.Darik. ar..v..Darik. standart.Bi.kojk.n mezin.Bila niv.s
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4604
                                                                                                                                                                                                Entropy (8bit):4.906610885989285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:PkmgliBaKNUnQpg1uw7okwiPJ3npCW+71SwHel5Lt/8QNjyaKfO:PzBaF/1ukoMPZwn7gwHelNt/8QNjya+O
                                                                                                                                                                                                MD5:0861AE63DA2D00590369BB11B3857551
                                                                                                                                                                                                SHA1:8272F4761A3F2ACA2BFAEC6FCF08C82A9F36A65A
                                                                                                                                                                                                SHA-256:B87A4FCA8A0024A915AE86E36951CB7CEA442948D9982D4247E49492445BA664
                                                                                                                                                                                                SHA-512:70997D6775E1C91D021FDA2143C831FE8396094E50337DA3C4897DA70636B7F10B363F35B997213A462B467FE6754D2C33E009E84363063ECED871A2591CCE88
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.08 : iZoom.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Ido.Ido.401.B&one.Abandonar....&Yes.&No.&Klozez.Helpo..&Durez.440.Yes por &omni.No por o&mni.Haltez.Ristartez.&Fono.&Avanajo.&Pauzo.Pauzita.Kad vu ya volas abortar?.500.&Dosiero.&Redakto.&Aspekto.&Favoraji.&Utensili.&Helpo.540.&Apertigar.Apertigar int&erne.Apertigar e&xter.&Vidigar.&Redaktar.Ch&anjar nomo.Ko&piar aden....Transp&ozar aden....E&facar.F&endar dosiero....Komb&inar dosieri....In&heraji.Ko&mentar...Krear &dosieruyo.Krear dos&iero.E&kirar.600.Merk&ar omno.Des&merkar omno.&Inversigar merko.Merkar....Desmerkar....Merkar segun tipo.Desmerkar segun tipo.700.&Granda ikoneti.&Mikra ikoneti.&Listo.&Tabelo.730.&Nearanjite..&2 paneli.Utens&ila paneli.Apertigar radika dosieruyo.Ad-supre ye un nivelo.Dosieruya historio....R&inovigar.750.Utensila panelo di arkivo.Norma utensila panelo.Granda ikoneti.Videbla butontexto.800.&Adjuntar dosieruyo ad la favorata quale.Lektomerkajo.900.&Ajusti....&Experienco dil rapideso.960.&Konte
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8352
                                                                                                                                                                                                Entropy (8bit):4.184447797063497
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:6Bs6ZfGCRhROvyepYP3abUeXUlWDyos3d8K/FAK1MbNH1hjg:6BPrhRyfpYP3wCl+E8K/FAK1Mbl12
                                                                                                                                                                                                MD5:C16E6946F912B49963BFA7E44BE2F7A0
                                                                                                                                                                                                SHA1:496922AD3E59737AC64289EE685F2FADAA942755
                                                                                                                                                                                                SHA-256:90EFCA5F6B8E37B963F7E42F700938440171942E0DE0AB8BAEB08912C0952957
                                                                                                                                                                                                SHA-512:55FEEA50104ED2249E6F5018B6883F89ACBCC0396E80349653356F40329C4A420584B29734CD1CA8930E9A383DA427EC979815CC3DA3F6F59AD8948B2262E874
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Gabriel Stojanoski.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Macedonian............401..............&...&...&................&........440... &....... .&.........................&.......&.......&.................... ....... ...... .. ........?.500.&.........&......&.......&........&.......&......540.&............. &............. &.......&.......&......&............&....... ......&........ ......&........&...... ...............&....... ............&................&................. ................... .........&.......600........... &............... ...&....... ............................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9608
                                                                                                                                                                                                Entropy (8bit):4.880635467905247
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:XRVV/VctnsLlc+zMZUnYel4yj7FBjYAifM3k8i1sFB2ytqPbtY+0zonViwswzdUF:Xrk+IZ2YeigFReNgB2k2btgtl
                                                                                                                                                                                                MD5:E888911310C0B6D7A1932DE36AD27250
                                                                                                                                                                                                SHA1:928D9FBDB0C0C83042CAC9059FFDDE48EA4E9F71
                                                                                                                                                                                                SHA-256:4CB5F08449B5E22ED15F8A8CC038D021CDBCF56548587023D1AB31AB6CFC232D
                                                                                                                                                                                                SHA-512:56308E46914FD3B0EF62B33331F815FE95CA4A3CF122934DD0C506A041898D94A9ED6F3E1BAEF386EFB9AA949CD47002FA859B4843F2E32C186ECDB6055FF85F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Bert van Velsen.; 4.26 : Jeroen van der Weijde..; : Harm Hilvers.; 9.07 : Jeroen Tulp.; 15.00 : Jeroen Tulp.; 21.03 : Quinten Althues.; 21.05 : Jeroen Tulp.; 24.04 : Jeroen Tulp : 2024-05-13.;.;.;.0.7-Zip.Dutch.Nederlands.401.OK.Annuleren....&Ja.&Nee.A&fsluiten.Help..&Hervatten.440.Ja op &alles.Nee op a&lles.Stoppen.Herstarten.&Achtergrond.&Voorgrond.&Pauzeren.Gepauzeerd.Weet u zeker dat u wilt annuleren?.500.&Bestand.Be&werken.Bee&ld.&Favorieten.E&xtra.&Help.540.&Openen.Open b&innen.Open b&uiten.Be&kijken.&Bewerken.&Hernoemen.&Kopi.ren naar....&Verplaatsen naar....Verwij&deren.Bestand &opsplitsen....Bestanden &samenvoegen....&Eigenschappen.O&pmerking plaatsen....Controlegetal berekenen.Delta.Nieuwe map.Nieuw bestand.&Sluiten.Koppeling.&Alternatieve streams.600.&Alles selecteren.Alles deselecteren.Selectie &omkeren.&Selecteren....&Deselecteren....Selecteren op &type.Deselecteren op t&ype.700.&Grote pictogrammen.Kleine pictogra&mmen.&Lijst.&Details
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18706
                                                                                                                                                                                                Entropy (8bit):4.0202268271567725
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:oUocZSy4PE90cZ+B7H0eEcVN/Pc+SfuwOoq9LNVHS7PzYbZLg97/78BA5UmHezQu:pfSdRz0ezJc+OuwYhaPUudu36KKoMkBj
                                                                                                                                                                                                MD5:5203E172ECB9F384BCE04D243684551F
                                                                                                                                                                                                SHA1:5F6A09B52D729F3F6C95ABA9D29BFD6C7CD0340B
                                                                                                                                                                                                SHA-256:5405E5B04E670FF7A5B5242A3872803725053324FFDC31F71511EA6B2573F6E0
                                                                                                                                                                                                SHA-512:CE6B058891375577EB726A15E5430BCE4450A9C06D3F2D3361FFE5D39C0C47097B6D0E7CDC7B907A8E5F23FA8FA5A1866661A2AA3167D982FD5AEEC33FA39077
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : ...... ....... (Supun Budhajeewa).; 15.00 : ..... ..... (HelaBasa Group).;.;.;.;.;.;.;.;.;.0.7-Zip.Sinhala.......401...............&....&.....&............&........440.&........ ............ ............... .......&..........&..........&..................... ...... ..... .. ........?.500.&......&.........&.......&............&.......&.....540.&..... ......&..... ..... ......&....... ..... ......&.......&.........&... ... ......&... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11933
                                                                                                                                                                                                Entropy (8bit):4.4743589010781175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:FxV9LYmQ441Ye2LFuoWSD8T+srvk2VWpfLEwAcADwoA2FwP8PCsucC6LvS4tKs4f:Qml14LThvcpf+A2Fpg7Gip
                                                                                                                                                                                                MD5:8C3F9AD9C824DCF74A09C9D406DB22E7
                                                                                                                                                                                                SHA1:0C683BB56A13C3FBCA664F1E4C6C98D0F7AEC8BC
                                                                                                                                                                                                SHA-256:B8B7DB8C139B19D414CEF35AE96D854D5A8364C32B0C3FDC4CAC331B5AF44C16
                                                                                                                                                                                                SHA-512:DA33D4098679A14D2F434221EF968951407727126B12404C8B6C3E2AD6FA346D9D515DEA940F9109D5D196E648583124F31A1D27CF518AB19E3DCAD673C027CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Ara Bakhtiar.; 4.66 : Ara Qadir.;.;.;.;.;.;.;.;.;.0.7-Zip.Kurdish - Sorani.......401.......................&.....&......&................&.............440..... .. &........... .. ..&...........................&...........&.........&....................... .. ...............500.&.....&.........&.......&..........&...........&........540.&............... ..&... ............ .. &.......&......&.........&.........&............ ......&......... ......&........&........ .........&...... ....... ............&..................&............. checksum............ ................ .......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10982
                                                                                                                                                                                                Entropy (8bit):4.662514332505228
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Ca+X3gDVs7FuvI9w83Dce6oF3DSiskkSx6NGhu1c9:XAwpe53uUkSWlc9
                                                                                                                                                                                                MD5:47C628C679FF488DDF4E14C457D2FCA0
                                                                                                                                                                                                SHA1:E8DA632E677A92224B5095271087A68C60504B9C
                                                                                                                                                                                                SHA-256:7FD494130F9B96DFCA492D495EF3FD7B4EAACF59F075172898ECE5AEBD1F6FCE
                                                                                                                                                                                                SHA-512:A4A22D6FE3C01A3E3D93C6D555B840EEECD72F396F0BCB5AFD871292BCA5B86F2CA76E3CF44FA71DD6C1B08D6672C50D16D0FBA679A4AF4AA677993A9900E497
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : Sahran.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uyghur..........401........... .......(&Y)........(&N)....(&C)....................(&C).440........ ....(&A)........ ...(&L)............ ........... ....(&B)...... ....(&F)......... .....(&P)......... ................... ... ..........500.......(&F).......(&E)........(&V).......(&A)......(&T).......(&H).540....(&O).......... ........ ...(&I)..... ........ ...(&U)........(&V).......(&E).... .......(&M)........ .....(&C)........ .....(&M).......(&D)....... .......(&S)........ .........(&B)........(&R)........(&N)....... ............. ........... ............(&X).600..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9906
                                                                                                                                                                                                Entropy (8bit):4.823682778375202
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:0uk7PN270x4ndKLWwjJ8Y1+rUtOGj10KRuNnoyYe4Y8nEkglgSgZDaOIgmHqJ4V:GIwyeWtY1+AtOGRZyYe98EkglgSgZDaZ
                                                                                                                                                                                                MD5:AA7B46B6DDD673BC06BD90187E552743
                                                                                                                                                                                                SHA1:2C11A1E5F97AC1415073C2C953CD92018CF3EB93
                                                                                                                                                                                                SHA-256:EFB1AED5C52AF731A733C720B6F5479898C9DE28367A5DE4C80F697FB745546A
                                                                                                                                                                                                SHA-512:10C262122417B081D0403F9C917A4BEBA34078CA52E88478EBD2C0B6956AA6B61B34511FAC71E87578D56AE1F5ACDC265CDDAC8C92B9F14757DAA75042DFC7AA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Leandro Spagnol.; : Vincenzo Reale (some corrections).; 15.05 : 2015-06-17 : TJL73.; 17.00 : 2017-02-01 : Massimo Castiglia.; 18.03 : 2018-01-15 : POLAR.; 24.04 : 2024-04-05 : TJL73.;.;.;.;.;.0.7-Zip.Italian.Italiano.401.OK.Annulla....&S..&No.&Chiudi.Aiuto..&Continua.440.S. per &tutti.No per t&utti.Arresta.Riavvia.&In background.&In primo piano.&Pausa.In pausa.Sei sicuro di voler annullare?.500.&File.&Modifica.&Visualizza.&Preferiti.&Strumenti.&Aiuto.540.&Apri.Apri in &7-Zip File Manager.Apri in E&xplorer.&Visualizza.Modifica con l'&editor predefinito.Rino&mina.&Copia in....&Sposta in....&Elimina.Sud&dividi il file....&Unisci i file....&Propriet..Comme&nto....Calcola chec&ksum.Comparazione differenze (Diff).Crea cartella.Crea file.E&sci.Collegamento.&Alternate Data Streams.600.&Seleziona tutto.&Deseleziona tutto.In&verti selezione.Seleziona....Deseleziona....Seleziona per tipo.Deseleziona per tipo.700.Icone &grandi.Icone &piccole.&Elenco.&Dettagli
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9604
                                                                                                                                                                                                Entropy (8bit):5.370172151079095
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ze8r7alD8BavrdGWTTB6wSOzGYcf4j0GgbX8SvggPrPnt:6eAD8Born6pAGYcfvbXQgDPt
                                                                                                                                                                                                MD5:3C297FBE9B1ED5582BEABFC112B55523
                                                                                                                                                                                                SHA1:C605C20ACF399A90AC9937935B4DBDB64FAD9C9F
                                                                                                                                                                                                SHA-256:055EC86AED86ABBDBD52D8E99FEC6E868D073A6DF92C60225ADD16676994C314
                                                                                                                                                                                                SHA-512:417984A749471770157C44737EE76BFD3655EF855956BE797433DADC2A71E12359454CC817B5C31C6AF811067D658429A8706E15625BF4CA9F0DB7586F0AE183
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : F@rhad.; 15.02 : 2015-03-29 : .. ........; 23.01 : 2023-06-25 : Az.r.;.;.;.;.;.;.;.;.0.7-Zip.Azerbaijani.Az.rbaycanca.401.OLDU..mtina....&B.li.&Xeyr.&Ba.lamaq.K.m.k..&Davam.440.&Ham.s.na B.li.Ha&m.s.na Xeyr.Dayan.Yenid.n ba.lamaq.&Arxa planda..&nd..F&asil..Fasil.d..H.qiq.t.n .m.liyyat. dayand.rmaq ist.yirsiniz?.500.&Fayl.&D.z.li..&G.r.n...S&e.ilmi.l.r.&Vasit.l.r.&Aray...540.&A.maq.&Daxild. A.maq.B&ay.rda a.maq.&Bax...&D.z.li..Ye&nid.n Adland.rmaq.&N.sx.l.m.k....&K...rm.k....&Silm.k.Fayl. &B.lm.k....Fayllar. B&irl..dirm.k....X&.susiyy.tl.r...r&h....Yoxlama C.mi.M.qayis..Qovluq Yaratmaq.Fayl Yaratmaq..&.x....stinad.&.v.zedici Ax.nlar.600.&Ham.s.n. Se.m.k.Se.imin L..vi.&Se.imi .evirm.k.Se.m.k....Se.imin L..vi....N.v.n. G.r. Se.m.k.N.v.n. G.r. Se.imin L..vi.700.&B.y.k ..ar.l.r.K&i.ik ..ar.l.r.&Siyah..&C.dv.l.730..e.idsiz.M
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8407
                                                                                                                                                                                                Entropy (8bit):4.980893267908514
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:hTCvOZThlzUkVNOjf9FvELDTMerNJ+svj0hId:hTCv23NkrvS4MWo
                                                                                                                                                                                                MD5:722551A008A99008006AF6CE4161537A
                                                                                                                                                                                                SHA1:294ABEA21D393BF624A4A97C1B4DB63D3332C312
                                                                                                                                                                                                SHA-256:6B53FB390DA88BD79D76487FF30466AE972976D2EED030ADE6D9B93991B99CBC
                                                                                                                                                                                                SHA-512:4BDE588E3ADD4B20B3DD89953136A655E0521CF3EC97E72A7FF337BF64E41F3DA75F60E4E56C5B833B86D6C23FAFAA92EBB0EFFE1D063D499EF3992C60BAC8F0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 22.01 : 2022-07-17 : Jadran Rudec.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Slovenian.Sloven..ina.401.Vredu.Prekli.i....&Da.&Ne.&Zapri.Po&mo...&Nadaljuj.440.Da za &vse.Ne za v&se.Ustavi.Znova za.eni.Ozad&je.&Ospredje.Premor.Na premoru.Ali ste prepri.ani, da .elite preklicati?.500.Datoteka.Urejanje.&Prikaz.Priljubljene.Orodja.Pomo..540.&Odpri.Odpri &znotraj.Odpri zu&naj.P&rikaz.&Uredi.Prei&menuj.&Kopiraj....&Premakni....Iz&bri.i.&Razdeli datoteko....&Zdru.i datoteke....L&astnosti.Ko&mentar.Izra.unaj preizusno vsoto.Razlika.Ustvari mapo.Ustvari datoteko.&Izhod.Povezava.&Nadomestni tokovi.600.Izberi &vse.Razveljavi izbiro vseh.&Preobrni izbor.Izberi....Razveljavi izbiro....Izberi po vrsti.Razveljavi izbiro po vrsti.700.&Velike ikone.&Majhne ikone.&Seznam.&Podrobnosti.730.Nerazvr..eno.Ploski prikaz.&Dve podokni.&Orodne vrstice.Odpri korensko mapo.Eno raven navzgor.Zgodovina map....&Osve.i.Samodejno osve.i.750.Orodna vrstica arhiva.Srandardna orodna vrstica.Veliki gum
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16420
                                                                                                                                                                                                Entropy (8bit):4.346958198063598
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:IyFxzaETT1SP58Hs+5tgxe3+edU74njAMcpsN0RxRgxExJx2B6LZExRlRYhT:ZvTf/eJT
                                                                                                                                                                                                MD5:14C60B55D5400607C7B6443D10B0A37C
                                                                                                                                                                                                SHA1:B92D556FF934F83AC3BEEC3DE20FBB909D0E1AFB
                                                                                                                                                                                                SHA-256:262BCC4EBAE464D1C96FBFCCDCA7813E6F6CC8FDFD78FBB933DE72A2B7AC8367
                                                                                                                                                                                                SHA-512:BC5951287DBAE1BC775293B1CCC3FCE37C2776905FBCF9EC47E49E9A28E6F54B1349B49EBF65631D04617666EED483A91870E255FEDAAAF9A4269B985310EFE1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Andrij Ilechko.; : Mokiy Mazaylo.; : Sergiy Gontaruk.; : Misha Padalka.; 23.01 : 2023-06-20 : Yurii Petrashko.; 24.04 : 2024-04-17 : MrIkso.;.;.;.;.;.0.7-Zip.Ukrainian............401.OK..............&....&...&.................&...........440.... ... &....... ... ..&..........................&.. ........ ......&.. .......... ......&.................... ........, .. ....... ......... ........?.500.&.....&............&.......&...........&............&.........540.&................. .&................. &......&............&...............&..........&......... ..........&....... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17365
                                                                                                                                                                                                Entropy (8bit):3.8616190133381947
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:OOt7VWp6MKgd259LNca7DK2Br5Pyl2/2Z/2oVXBH1K2xSGK/v2eHOv2E2lgJVOqc:OQ15KZeGK/nJ
                                                                                                                                                                                                MD5:93CDC8832328A22E198920630D597268
                                                                                                                                                                                                SHA1:315E5B1C77FB4E2D0C3CC1F48B6DB4C79CE9488A
                                                                                                                                                                                                SHA-256:C6E54E2A93B821BC974209CD7E2D10E9FBC4FF07D238AE84F552E4ADE271702C
                                                                                                                                                                                                SHA-512:E8355A42F3A3B5F21D5D4C7A21324433C997AD39412B3BCDCF26EDBD5EF882179168B2B5618F9FE631B88407608AB1A83BF139DB05C09B608FDDF01694B710DF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma : .... ..... ...... .........;.;.;.;.;.;.;.;.;.;.0.7-Zip.Gujarati, Indian, ....................401...............&....&...&... .........&.... .....440.&... .... ....&... .... ............ .... ....&...........&........(.........).&.................... .... .... .... ... ... .... .... ..?.500.&......&.......&......&.......&.....&....540.&.....&.... .....&.... .....&......&.......&...: .......&... ... .........&... .. ...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10597
                                                                                                                                                                                                Entropy (8bit):4.894357872419177
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:5JD5oUEhpto75qEisSDlmED/UJ8Wn3bFEmL4FHjwjdBZ2QvcGFpo2ZI3v:5JtvEzG75qcSDlmcDw+EJBZFchFv
                                                                                                                                                                                                MD5:ED230F9F52EF20A79C4BED8A9FEFDF21
                                                                                                                                                                                                SHA1:EC0153260B58438AD17FAF1A506B22AD0FEC1BDC
                                                                                                                                                                                                SHA-256:7199B362F43E9DCA2049C0EEB8B1BB443488CA87E12D7DDA0F717B2ADBDB7F95
                                                                                                                                                                                                SHA-512:32F0E954235420A535291CF58B823BAACF4A84723231A8636C093061A8C64FCD0952C414FC5BC7080FD8E93F050505D308E834FEA44B8AB84802D8449F076BC9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Pablo Rodriguez.; : Jbc25.; : 2007-09-05 : Guillermo Gabrielli.; 9.07 : 2010-06-10 : Purgossu.; 2010-10-23 : Sergi Medina (corrected).; 18.00 : 2018-01-10 : Agust.n Bou (updated).; 22.00 : 2023-05-13 : To.o Calo (updated and minor fixes).; 24.04 : 2024-04-25 : MELERIX (updated and various fixes).;.;.;.0.7-Zip.Spanish.Espa.ol.401.Aceptar.Cancelar....&S..&No.&Cerrar.Ayuda..&Continuar.440.S. a &todo.No a t&odo.Detener.Reiniciar.&Segundo plano.&Primer plano.&Pausar.Pausado..Est.s seguro de querer cancelar?.500.&Archivo.&Editar.&Ver.F&avoritos.&Herramientas.&Ayuda.540.&Abrir.Abrir &dentro.Abrir f&uera.&Ver.&Editar.Reno&mbrar.&Copiar a....&Mover a....&Borrar.&Dividir archivo....Com&binar archivos....P&ropiedades.Come&ntario.Calcular suma de verificaci.n.Diferencia.Crear carpeta.Crear archivo.S&alir.Enlazar.Flujos &alternativos.600.Seleccionar &todo.Deseleccionar todo.&Invertir selecci.n.Seleccionar....Desel
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10373
                                                                                                                                                                                                Entropy (8bit):5.237599190210729
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:KnufEtXpRc/oaLZ8VK8Am3+JHSacVeRU6i1M2YqpXn6StxERV/NIlLPNJxv:+VXpbavxJHSaqeRUd1vYqpXnxtSRV/2b
                                                                                                                                                                                                MD5:A41E4D16C3B29603832FFD1BBB82283E
                                                                                                                                                                                                SHA1:15695A0BD98D429E9AB191CECB185B70CC492668
                                                                                                                                                                                                SHA-256:486A382483096E9A86CCF6CA02123E48025DE5055F1880AF7F001C5C3FA25114
                                                                                                                                                                                                SHA-512:413DD8C87015EDE7868F992C25D568DE66E1BD765C7A43066D8DA8CF350F3620C77091F075020862FF6BF7C980C6091E92C5C843B3D57957C7516F5B0F51BCA0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Jozsef Tamas Herczeg.; 9.16 : Nyilas MISY.; 15.00 : 2021-11-09 : Barnabas Kovacs.; 22.01 : 2022-07-15 : John Fowler.; 24.05 : 2024-05-16 : John Fowler.;.;.;.;.;.;.0.7-Zip.Hungarian.Magyar.401.OK.M.gsem....&Igen.&Nem.&Bez.r.s.S.g...&Folytat.s.440.I&gen, mindre.N&em, mindre.Le.ll.t.s..jraind.t.s.&H.tt.rben.&El.t.rben.&Sz.net.Sz.neteltetve.Biztos, hogy megszak.tja a folyamatot?.500.&F.jl.S&zerkeszt.s.&N.zet.Ked&vencek.&Eszk.z.k.&S.g..540.M&egnyit.s.Megnyit.s &bel.l.Megnyit.s k.&v.l.&F.jl megtekint.se.S&zerkeszt.s..tn&evez.s.M.s&ol.s mapp.ba.....t&helyez.s mapp.ba....&T.rl.s.F.jl&darabol.s....F.jl&egyes.t.s....T&ulajdons.gok.&Megjegyz.s.Checksum sz.mol.sa.K.l.nbs.g.Mappa l.trehoz.sa.F.jl l.trehoz.sa.&Kil.p.s.Link.Alternat.v adatfolyam.600.Min&d kijel.l.se.Kijel.l.s megsz.ntet.se.Kijel.l.s &megford.t.sa.Kijel.l.s....Megsz.ntet.s....Kijel.l.s t.pus alapj.n.Megsz.ntet.s t.pus a
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10909
                                                                                                                                                                                                Entropy (8bit):3.91308688355158
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:v4MfocCqKNXU9shxj5fLniD65MfiZNUsQWzrSt3v+YGqzCoy8aMN:vzo5qK1U9sZfLiD65Mfip8vJzCoGu
                                                                                                                                                                                                MD5:0771F160D56B1890A1CDC2CA040D2616
                                                                                                                                                                                                SHA1:36E69202682BF6993273B521424EC082998F6CA9
                                                                                                                                                                                                SHA-256:03B4EA89CCE3AA4193A7E3E1E6180DAB8359388DF3B574379935EA39D7B8D723
                                                                                                                                                                                                SHA-512:B452C75292C7D365AA5759FB3F49DE674255E839CAA687436474B782F615B2AD86A11A58809A5BB60115B070C9B738A461DB24E70502598A3BFECCF373220DBB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : peterg.; : Gal Brill.; 9.13 : 2010-04-30 : Jonathan Lahav.; 19.00 : 2020-05-01 : ION.;.;.;.;.;.;.;.0.7-Zip.Hebrew.......401............&...&...&...........&.....440... .&..... &............. .....&....&......&...........?.. ... .... .... .... .....500.&.....&......&......&........&......&....540..&...... .&........ .&....&....&.....&... .......&. ......&.. ...&.......&. ......&... ......&............&...... ..... ................. .......... .....&..........&..... ........600.... &....... ..... ....&.... ............... ......... ... ....... ..... ... ....700........ &.............. &....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8383
                                                                                                                                                                                                Entropy (8bit):6.039482945933355
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dIEm/UwNgrNf35q4H0PPTo0CCKL9xlDCrBYwlW/A2flOEBV:dxmMwN5LTo/CKJuBdMtNV
                                                                                                                                                                                                MD5:E6C38C199079BE58EE81E8DA55E783AC
                                                                                                                                                                                                SHA1:1AD09B0146F317786AFB0A09C7907E6CCB5C207E
                                                                                                                                                                                                SHA-256:76A17B0A97925E5D6DEB1EBE8AE14F83BD49957C492C3733A0EA178E28B0D74B
                                                                                                                                                                                                SHA-512:014D3FB64B22DA94D5AC7626B3E4BF9321FB05647BDB1BE3EEF79ADD3EFB06EF6B0FC1590031D4E781489AFC96BA4B7E4A86590BCE98C901812E890A4680ED02
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : Leon Tseng, sec2, ...; 9.07 - 24.04 : Jack Pang.;.;.;.;.;.;.;.;.;.0.7-Zip.Chinese Traditional......401...........(&Y)..(&N)...(&C).......(&C).440.....(&A).....(&L).............(&B).....(&F)...(&P)...........?.500...(&F)...(&E)...(&V).....(&A)...(&T)...(&H).540...(&O)......(&I)......(&U)...(&V)...(&E).....(&M)....(&C).......(&M)......(&D).....(&S)........(&B)......(&R)...(&N).........................(&X).........(&A).600...(&A).........(&I)............................700....(&G)....(&M)...(&L).....(&D).730.............(&2)....(&T)...........................(
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7698
                                                                                                                                                                                                Entropy (8bit):5.071278892240066
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:KoAZ/jQKbqhsAdNrd6FBf9vQqiQw9aBhbHTYJsVOxTSv:KoANnYsgLqi+BBHMJssxWv
                                                                                                                                                                                                MD5:FFC17520FB68FE464650B2F78E15AB5D
                                                                                                                                                                                                SHA1:2B83034AC04640160DDAA8E797FAA5D8C80F956B
                                                                                                                                                                                                SHA-256:24F7325271DD7AD2B63E977841D2F06ED0194BD9257F0DB460DF32BAEEEC4746
                                                                                                                                                                                                SHA-512:4F1483796A8EF95B2BE61811A6566EA2E19564F37733647B6EB4E1C82A8DA8FA927AFDF024A247FC7E70088F63133A7843FE6129B77B2ADA01E39A1E814429C7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Atabek Murtazaev.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Karakalpak - Latin.Qaraqalpaqsha - Lat.n.401.OK.Biykar etiw....&Awa.&Yaq.&Jab.w.Ja'rdem..&Dawam etiw.440.&Barl.g'.na awa.Ba&rl.g'.na yaq.Toqtat.w.Qaytadan baslaw.&Artq. fong'a.Ald.ng'. &fong'a.&Pauza.Pauza q.l.ng'an.An.q biykar etiwdi qa'leysizbe?.500.&Fayl.&Du'zetiw.&Ko'rinis.&Sayland.lar.A's&baplar.&Ja'rdem.540.&Ash.w.&.shinde ash.w.&S.rt.nda ash.w.&Ko'riw.&Du'zetiw.At.n o'&zgertiw.Bul jerge &nusqas.n al.w....Bul jerge ko'shiriw....O'shiriw.&Fayld. bo'liw....Fayllard. &biriktiriw....Sazlawla&r.Kom&mentariy....Qadag'alaw summas..Diff.Papka jarat.w.Fayl jarat.w.Sh&.g'.w.600.Barl.g'.n &saylaw.Saylawd. al.p taslaw.Saylawd. &teris awdar.w.Saylaw....Saylawd. al.p taslaw....Tu'ri boy.nsha saylaw.Tu'ri boy.nsha saylawd. al.p taslaw.700.U'&lken ikonalar.Kishi &ikonalar.&Dizim.&Keste.730.Ta'rtipsiz.Tegis ko'rinis.&2 panel.&A'sbaplar paneli.Derek papkas.n ash.w.Bir da'reje joqa
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14259
                                                                                                                                                                                                Entropy (8bit):4.017885484807124
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Y/e1CL/yBWxhjeGTRjDKRC+miO7X8D+PoLQoTvKbVs4R2wjw6tK/BHHwpW0:Y/ekejg7X8GuQ8IsXw06t1b
                                                                                                                                                                                                MD5:C9AD9D02C661644F79820E779A6D3F0F
                                                                                                                                                                                                SHA1:92BD000AF1EA18B2FE8941CA4DF15858B4B53106
                                                                                                                                                                                                SHA-256:E542C19640D39F3C56BF11A9EAADB554D7E74D8EC525D41A321E97C5AE5191C5
                                                                                                                                                                                                SHA-512:40D178A217DD51A188E5C2AC5EB59DB62DB95DD0A7063E39B1ECFAD0943BB54A118767890D3AA7A753D7316AA2F0494CEF8BD81512D611AC2856256C524A5D0F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : Gurmeet Singh Kochar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Punjabi, Indian........401.... ...... .......... (&Y)..... (&N).... ... (&C)........... ... (&C).440....... .. ... (&A)....... .. .... (&l)......... .... ............. (&B).......... (&F)..... (&P)..... ....... ..... ........ .. ... .... ....... ..?.500..... (&F).... (&E)..... (&V)........ (&a).... (&T)..... (&H).540..... (&O)..... .... (&I)..... .... (&u)...... (&V).... ... (&E).... .... (&m)..... ...... .. ... ..... (&C)........ ...... .. ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14672
                                                                                                                                                                                                Entropy (8bit):4.2852957756152215
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:2dRJSgU9qXjQ8Ob5bpXUa09uQEjvj1/vkW/J/Y/pfN15N:AU9qTQ8sZpXUa09uZp1BQRlB
                                                                                                                                                                                                MD5:0E053B461B1840743441F2B74D73E3EE
                                                                                                                                                                                                SHA1:C3F211F45C0702531C0BB09C13EAFE32634EE9CC
                                                                                                                                                                                                SHA-256:DD414D39F8DA2FBD5CAA0C7A7A9155C5F802B4D45F2E8828A79C7B4B63BD1179
                                                                                                                                                                                                SHA-512:8E2144242E9000290DAD52008B3DB9878B35C1C3182B74273965A5F7B4DC4AFE146D2C97A5318525ADE263753F08413A6FA45B7EC38F9C56D5042787D9E6C78E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-21 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uzbek-Cyrillic.........401......... ..........&...&....&.............&..... ......440....... &......... &.......................&......&..... .....&..... ............ ............. ..........?.500.&.....&............&........&.............&.........&......540.&......&........ ......&......... ......&........&............&..... .........&.......... ..............&.......... ............&.... .........&...... ..........&......... ................&............&.............. ...................... ........... .......&.....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9597
                                                                                                                                                                                                Entropy (8bit):5.372211824470281
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:iqJoMyxE8vGIrd+ic1OT1o+SXhbStCBJjSvcQKiw:iEXYBeIrQiEOT1o+SXotsJjmK7
                                                                                                                                                                                                MD5:DBDCFC996677513EA17C583511A5323B
                                                                                                                                                                                                SHA1:D655664BC98389ED916BED719203F286BAB79D3C
                                                                                                                                                                                                SHA-256:A6E329F37ACA346EF64F2C08CC36568D5383D5B325C0CAF758857ED3FF3953F2
                                                                                                                                                                                                SHA-512:DF495A8E8D50D7EC24ABB55CE66B7E9B8118AF63DB3EB2153A321792D809F7559E41DE3A9C16800347623AB10292AAC2E1761B716CB5080E99A5C8726F7CC113
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!..; 4.30 : Milan Hrub...; 4.33 : Michal Molhanec..; 9.07 : Ji.. Mal.k..; 15.00 : Kry.tof .ern...; 23.01 : 2023-06-20 : Patrik (Pa4k) .pa.o..;..;..;..;..;..;..;..0..7-Zip..Czech...e.tina..401..OK..Storno........&Ano..&Ne..Zav..&t..N.pov.da....Po&kra.ovat..440..Ano na &v.echno..N&e na v.echno..Zastavit..Spustit znovu..&Pozad...P&op.ed...Po&zastavit..Pozastaveno..Jste si jist., .e to chcete stornovat?..500..&Soubor...pr&avy..&Zobrazen...&Obl.ben...&N.stroje..N.po&v.da..540..&Otev..t..Otev..t u&vnit...Otev..t &mimo..&Zobrazit..&Upravit..&P.ejmenovat..Kop.rovat &do.....P.&esunout do.....Vymaza&t..&Rozd.lit soubor.....&Slou.it soubory.....Vlast&nosti..Pozn.mk&a..Vypo..tat kontroln. sou.et..Porovnat soubory..Vytvo.it slo.ku..Vytvo.it soubor..&Konec..Odk.zat..&Alternativn. toky..600..Vybrat &v.e..Zru.it v.b.r v.e..&Invertovat v.b.r..Vybrat.....Zru.it v.b.r.....Vybrat podle typu..Zru.it v.b.r podle typu..700.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4621
                                                                                                                                                                                                Entropy (8bit):4.969434576878072
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:bdDW+Wz9my7MIlXq2sQqpxjOsgEGh4YdVDpZfir99v7+bv:sfwy7XlXq2sfpxjOsRGhfVDpZfCji
                                                                                                                                                                                                MD5:DF216FAE5B13D3C3AFE87E405FD34B97
                                                                                                                                                                                                SHA1:787CCB4E18FC2F12A6528ADBB7D428397FC4678A
                                                                                                                                                                                                SHA-256:9CF684EA88EA5A479F510750E4089AEE60BBB2452AA85285312BAFCC02C10A34
                                                                                                                                                                                                SHA-512:A6EEE3D60B88F9676200B40CA9C44CC4E64CF555D9B8788D4FDE05E05B8CA5DA1D2C7A72114A18358829858D10F2BEFF094AFD3BC12B370460800040537CFF68
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Petri Jooste.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Afrikaans.Afrikaans.401.OK.Kanselleer....&Ja.&Nee.A&fsluit.Hulp..&Gaan voort.440.Ja vir &almal.Nee vir a&lmal.Stop.Herbegin.&Agtergrond.&Voorgrond.&Wag.Wagtend.Is u seker dat u wil kanselleer?.500.&L.er.R&edigeer.&Vertoon.G&unstelinge.&Gereedskap.&Hulp.540.&Open.Open &Binne.Open B&uite.&Wys.R&edigeer.Her&noem.&Kopieer na....&Verskuif na....Ve&rwyder.Ver&deel l.er....Kom&bineer l.ers....E&ienskappe.Komme&ntaar...Maak gids.Maak l.er.A&fsluit.600.Selekteer &alles.Deselekteer a&lles.Keer &seleksie om.Selekteer....Deselekteer....Selekteer op Soort.Deselekteer op Soort.700.&Groot ikone.&Klein ikone.&Lys.&Detail.730.Ongesorteer..&2 Panele.&Nutsbalke.Maak wortelgids oop.Een vlak ho.r.Gidse geskiedenis....&Verfris.750.Argiveernutsbalk.Standaardnutsbalk.Groot knoppies.Wys teks op knoppies.800.Voeg gids by gunstelinge &as.Boekmerk.900.&Opsies....&Normtoetsing.960.&Inhoud....&Aangaande 7-Zip....1003.Pad.Naam.Uitgang.Gids.G
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8739
                                                                                                                                                                                                Entropy (8bit):4.85314782964051
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oO2E+zHrES/JnUR4TZnN627GyZbrstpaX+XTCsn:T2E+zHrESxURKZnNh91stpaPsn
                                                                                                                                                                                                MD5:BA3591CCF26438CBE93E9C1D56BD1818
                                                                                                                                                                                                SHA1:758619A702D5A0794E4412AA6AE93FC46EA3DFB9
                                                                                                                                                                                                SHA-256:90308689870AD079E1206A877157F7389BC4351A6B104FFA2BD9311409D6D92D
                                                                                                                                                                                                SHA-512:2E9066BD733CAAA9CEDDE2346BE543D4360BD796E01BCB669602C9E6450CA5A2718CB67613469C11A4D2AA8C458D7FE9C59AB8EB9BDE39846C195CE2CC22686B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-05-13 : FranZo.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Indonesian.Bahasa Indonesia.401.Oke.Batal....&Ya.&Tidak.&Tutup.Bantuan..&Lanjut.440.Ya untuk Semu&anya.Tidak untuk S&emuanya.Stop.Start Ulang.Latar &Belakang.Latar &Depan.&Jeda.Dijeda.Anda yakin ingin membatalkan?.500.&Berkas.&Edit.&Tilik.&Favorit.&Peralatan.Bant&uan.540.B&uka.Buka di &Dalam.Buka di &Luar.&Tilik.&Edit.&Nama Ulang.&Salin Ke....&Pindah Ke....&Hapus.Be&lah Berkas....&Gabung Berkas....P&roperti.K&omentar....Hitung checksum.Beda.Buat Folder.Buat Berkas.&Keluar.Tautan.Aliran Alternati&f Aliran.600.Pilih Semu&a.Batal Pilih Semua.P&ilih Sebaliknya.Pilih....Batal Pilih....Pilih berdasarkan Tipe.Batal Pilih berdasarkan Tipe.700.Ikon &Besar.Ikon &Kecil.Da&ftar.&Detail.730.Tidak Diurutkan.Tilik Datar.&2 Panel.Bilah Perala&tan.Buka Folder Akar.Naik Satu Tingkat.Riwayat Folder....&Segarkan.Segarkan Otomatis.750.Bilah Alat Arsip.Bilah Alat Standar.Tombol Besar.Perlihatkan Teks Tombol.800.&Tambah folder ke F
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13636
                                                                                                                                                                                                Entropy (8bit):4.268145853042887
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:jdJl7z7sBsCD6dowOkSMVBVm6WymLJaOQjKOMI:jdJl/7NC2oofVmGoJBQjiI
                                                                                                                                                                                                MD5:FE73C2AACF07D5120AEDD08792CB8268
                                                                                                                                                                                                SHA1:2C6E7D2FF42C5F65EF5F4C27600819354CAA03B0
                                                                                                                                                                                                SHA-256:91AAC9368BD116AB11FDA0B70EE4D75911A65713A272A3BA55D1435C33250F5A
                                                                                                                                                                                                SHA-512:79DBD84FE71888B7C9FDBCD23F2D4735F731E3C2C7724FBD531C3CA531B1992E756B13B66889AF30EC46770D350FCFAEF2D7ABE607594A2B4B92F60ED326D537
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Gevorg Papikyan.; 15.00 : Hrant Ohanyan.;.;.;.;.;.;.;.;.;.0.7-Zip.Armenian.........401.................&....&...&..................&...........440.... ...... &........ ...... &..........................&..............&........&............ ... ............500.&.....&.........&.....&............&.........&...........540.&........... &............. ...&...........&............&........&............&.............&............& ..........&....... ...............&................&..................................&....... ..............&... ........&.........&.............. ......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6765
                                                                                                                                                                                                Entropy (8bit):4.998761539106251
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ebQDPq3odT/FQ66mJpo46+z6Khowcwz+/ODBs+sO+krfRZ:eqPq4N/FKmJ2N2FWmNdrfX
                                                                                                                                                                                                MD5:9E08D57D48B4D8CB16F98736C5C0511B
                                                                                                                                                                                                SHA1:85A597B74BCB1CBF918D6366705F0B0C0727DE31
                                                                                                                                                                                                SHA-256:D8C5223FE423129145C5B55A756E499D4680B1DF0A7115D72736F09E51C89C1F
                                                                                                                                                                                                SHA-512:13E431E00F5EC0373DE201897C68A55C91962BD3DF6CD693448D3D5D6EBB478B51A1834ECD37B456761DCE94DBC4E5214FD421FA7BAD3B5B8A51051D0D8D6964
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Lazar.; 9.07 : Ozzii.;.;.;.;.;.;.;.;.;.0.7-Zip.Serbian - Latin.Srpski - latinica.401.U redu.Otka.i....Da.Ne.Zatvori.Pomo...Nastavi.440.Da za sve.Ne za sve.Stani.Ponovo.Pozadina.Na vrhu.Pauza.Pauza.Da li ste sigurni da .elite da prekinete?.500.Datoteka.Ure.ivanje.Pregled.Omiljeno.Alati.Pomo..540.Pogledaj.Otvori sa 7-Zip-om.Otvori sa pridru.enom programom.Pregledaj.Promeni.Preimenuj.Kopiraj u....Premesti u....Obri.i.Podeli fajl....Spoj delove....Svojstva.Komentar.Izra.unajte provernu veli.inu.razlika.Nova fascikla.Nova datoteka.Izlaz.600.Izaberi sve.Poni.ti izbor svega.Obrnuti izbor.Izaberi....Poni.ti izbor....Izaberi po tipu.Poni.ti izbor po tipu.700.Ikone.Naporedno slaganje.Spisak.Detalji.730.Bez sortiranja.Ravan pregled.2 Prozora.Trake sa alatkama.Otvori po.etnu fasciklu.Gore za jedan nivo.Hronologija....Osve.avanje.750.Rad sa arhivama.Rad sa datotekama.Velika dugmad.Prika.i tekst ispod dugmadi.800.Dodaj.Izaberi.900.Opcije....Benchmark.960
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10267
                                                                                                                                                                                                Entropy (8bit):5.605372926696787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:X4S/0htQjcT2DFzg6Whd4FV6SLRVLrbqvTp4kCs1qeb:P/0ht0cT2DNyh2FJFVLPW4+ok
                                                                                                                                                                                                MD5:E85AE412871344211D00326D3DF2534D
                                                                                                                                                                                                SHA1:4A770EEE2EF9F302B8190C8BBE3988A5D7C90E5E
                                                                                                                                                                                                SHA-256:3EA103FFD2FF97E211C7ADE3A79A882B494FE416BC56BD05F42F2E82158A7A03
                                                                                                                                                                                                SHA-512:09EABFA3997F201F8402DC803319EE0DDC4007EF268AD44309FE78F9E2710D1A10930F2E89F2C0B201D1094C53F5CB7783E492503EB4737B2E3FDC1F39B69EF6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : ZannyLim (...).; : bzImage.; 4.52 : Hyeong il Kim (kurt Sawyer).; 9.07 : Dong-yoon Han (...).; 15.12 : Winterscenery (Ji-yong BAE).; 24.05 : Winterscenery (Ji-yong BAE).;.;.;.;.;.0.7-Zip.Korean.....401...........(&Y)....(&N)...(&C)........(&C).440... .(&A)... ...(&L)...... .........(&B)... ...(&F).....(&P).......... ........?.500...(&F)...(&E)...(&V).....(&A)...(&T)....(&H).540...(&O)... ..(&I)... ..(&U)... ..(&V)...(&E)... ...(&M)...(&C)......(&M)......(&D)... ..(&S)...... ..(&B)......(&R)...(&N)....... ........ ...... ......(&X)...... ...(&A).600... ..(&A)... .. ..... ..(&I)......... ......... .....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13282
                                                                                                                                                                                                Entropy (8bit):4.417819769318221
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WDvyYrnbU6Eyx9Vx8f1gJNOaSgIPukCC3NaxktY7:WD9px8f1gJss2CCsxkK7
                                                                                                                                                                                                MD5:741E0235C771E803C1B2A0B0549EAC9D
                                                                                                                                                                                                SHA1:7839AE307E2690721AD11143E076C77D3B699A3C
                                                                                                                                                                                                SHA-256:657F2ACEB60D557F907603568B0096F9D94143FF5A624262BBFEB019D45D06D7
                                                                                                                                                                                                SHA-512:F8662732464FA6A20F35EDCCE066048A6BA6811F5E56E9CA3D9AA0D198FC9517642B4F659A46D8CB8C87E890ADC055433FA71380FB50189BC103D7FBB87E0BE5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Edris Naderan.; 4.53 : Mehdi Farhadi.; 9.22 : Hessam Mohamadi.; 22.00: Mohammad Ali Sohrabi.;.;.;.;.;.;.;.0.7-Zip.Farsi.......401.................&.&.......................440.... ... ...... ... ................... ......... .................... ........ ...... .. ... ........500..................................................540................ .. ............ .. ............................... ............ ............... ............... .............................. ..... ...... ......... ........ .......... ..........&........&......... ........600....... ....... ....... ......... .... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10094
                                                                                                                                                                                                Entropy (8bit):4.985202993884915
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:miY9r9BfTV6g/+fY3W8qvyyMvfWMWqTtdkKM97n6O7Ugmpien9Ju1yZYX7579H:iZBTSaW8qapvf0OtiEgihy1vX7579H
                                                                                                                                                                                                MD5:F0CBDAA70D567EE71C685250958EC194
                                                                                                                                                                                                SHA1:2DB013E6608739AA45453D0F69BA953FCC78B14D
                                                                                                                                                                                                SHA-256:6B21924CAEA51B395EFA0B8FA5D7E2492CE6A6B86DCC08565A5A4DEE5C182167
                                                                                                                                                                                                SHA-512:3AE68CC6BE78D6BCA7304516B25733A516AAF2121FB8E62EBB9B6FD5194D261117F7AB0C142DBFB2EFE2016E189E7EBB1F5BE4A82253F087A34A59CFC41EF7B9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Francisco Jr.; 4.37 : Fabricio Biazzotto.; 24.06 : Atualizado por Felipe.;.;.;.;.;.;.;.;.0.7-Zip.Portuguese Brazilian.Portugu.s Brasileiro.401.OK.Cancelar....&Sim.&N.o.&Fechar.Ajuda..&Continuar.440.Sim pra &Todos.N.o pra T&odos.Parar.Reiniciar.&Em 2. plano.&Em 1. plano.&Pausar.Pausado.Voc. tem certeza que voc. quer cancelar?.500.&Arquivo.&Editar.&Visualizar.F&avoritos.&Ferramentas.&Ajuda.540.&Abrir.Abrir &por Dentro.Abrir p&or Fora.&Visualizar.&Editar.Re&nomear.&Copiar Para....&Mover Para....&Apagar.&Dividir arquivo....Com&binar arquivos....P&ropriedades.Comen&t.rio.Calcular checksum.Diff.Criar Pasta.Criar Arquivo.S&air.Link.&Correntes Alternantes.600.Selecionar &Tudo.Desmarcar Tudo.&Inverter Sele..o.Selecionar....Desmarcar....Selecionar por Tipo.Desfazer a Sele..o por Tipo.700..co&nes Grandes..c&ones Pequenos.&Lista.&Detalhes.730.Desorganizado.Visualiza..o Plana.&2 Pain.is.&Barra de Ferramentas.Abrir a Pasta Raiz.Um N.vel Acima.Hist.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8069
                                                                                                                                                                                                Entropy (8bit):4.491280092053577
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:4NYic61W9cfCzaAhqbMUrJt6klXVUatQT+0V2sS14/g1Pa7fC:Uc2nFrJ8IXBQCG7Qam
                                                                                                                                                                                                MD5:1088565A362EBAD250975F46F8A94328
                                                                                                                                                                                                SHA1:406593AC2E74B8911DDA720952B7AFF6C4B5C145
                                                                                                                                                                                                SHA-256:C6A6CC400EE7420BFB680D71B43A9BE1FBC75D7B98AE2B6FFE98229D5EEFADCA
                                                                                                                                                                                                SHA-512:500093986EF49C23829D99251F0ADCD20A6D348A91C74362E95E6D8E73B83F7AD665CB49DA3E47DA1EC671842ABCC2D824850D243EE8D39C41E3568F9C2C89C4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Bayar.; : Bayarsaikhan.;.;.;.;.;.;.;.;.;.0.7-Zip.Mongolian....... ....401.............&.....&.....&..............&...........440....&. ......... .&.............. ........&.. .....&.... ....&... ........ .......... ....... ..... ... ..... ..?.500.&.....&......&.........&..... .....&...........&........540.&.......... &.......... &.....&......&............. .&........... &................ &........&.......&.... ................... ...........&........ ........&............. ........... .........&....600........ ..&............. ......&......... ..................................... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4967
                                                                                                                                                                                                Entropy (8bit):5.026921958239907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:FlZTprnge/nJYeoPyWxx6aXaNpx4pRfOvFE5Z2k3z7DWdyy/kYZTsJ:FnZ/n2eoPlxxRqNpx4jfOvFE5Ykq/o
                                                                                                                                                                                                MD5:1CF6411FF9154A34AFB512901BA3EE02
                                                                                                                                                                                                SHA1:958F7FF322475F16CA44728349934BC2F7309423
                                                                                                                                                                                                SHA-256:F5F2174DAF36E65790C7F0E9A4496B12E14816DAD2EE5B1D48A52307076BE35F
                                                                                                                                                                                                SHA-512:B554C1AB165A6344982533CCEED316D7F73B5B94CE483B5DC6FB1F492C6B1914773027D31C35D60AB9408669520EA0785DC0D934D3B2EB4D78570FF7CCBFCF9C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Dinamiteru.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Asturian.Asturianu.401.Val.Torgar....&Si.&Non.&Zarrar.Axuda..&Siguir.440.Si a &Too.Non a T&oo.Parar.Reentamar.&De fondu.&En primer planu.&Posar.Posao..Tas fixu que quies paralo?.500.F&icheru.&Remanar.&Ver.F&avoritos.&Ferramientes.A&xuda.540.&Abrir.Abrir &Dientro.Abrir F&uera.&Ver.&Remanar.Reno&mar.&Copiar a....&Mover a....&Borrar.&Partir ficheru....Com&binar ficheros....P&ropiedaes.Come&ntariu...Crear carpeta.Crear ficheru.Co&lar.600.Seleicionar &Too.Deseleicionar too.&Invertir seleici.n.Seleicionar....Deseleicionar....Seleicionar por Tipu.Deseleicionar por Tipu.700.Miniatures &Grandes.&Miniatures Peque.es.&Llista.&Detalles.730.Ens.n Ordenar..&2 Paneles.&Barres de Ferramientes.Abrir Carpeta Raiz.Xubir Un Nivel.Hestorial de Carpetes....Actualiza&r.750.Barra Ferramientes d.Archivu.Barra Ferramientes Normal.Botones Grandes.Amosar Testu nos Botones.800.&A.edir carpeta a Favoritos como.Marca.900.&Opciones....&Bancu d
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5525
                                                                                                                                                                                                Entropy (8bit):4.991041089735878
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:ewwLOC33eUlHAlE7zRzo7JAIXFZmN8oczCrsJfYsJgLu/wfYlRxKXHM2pPf8vzp:DwLv+UVAi7zRzo7uqFYN8JCrsxYseywc
                                                                                                                                                                                                MD5:780514AF9E967D8AA65005365EFA7D78
                                                                                                                                                                                                SHA1:9E060F149B110D0A0675B75D4A7B960563ACCA05
                                                                                                                                                                                                SHA-256:DB540E1A6B8FFFF2497F9C1A63F85CB5F345F8CBA767F05377C0365ABAF7B7D4
                                                                                                                                                                                                SHA-512:F85FEEFF1E89A371EB1143D695C76FBF84AFEE3699221E6E6CE7703A91EA80AC01AF27D34635FA2B61B1D6D979CB91BB98AFFBDB1CDFAE6CD04251A095EEEC84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.45 : Robert Gr.nning.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Norwegian Nynorsk.Norsk Nynorsk.401.OK.Avbryt....&Ja.&Nei.&Lukke.Hjelp..&Hald fram.440.Ja til &alt.N&ei til alt.Stopp.Start p. nytt.&Bakgrunn.&Forgrunn.&Pause.Sett p. pause.Er du sikker p. du vil avbryte?.500.&Fil.&Redigere.&Vis.F&avorittar.Verk&t.y.&Hjelp.540.&Opna.Opna &Inni.Opna &Utanfor.&Vis.&Redigere.Endra &namn.&Kopiere til....&Flytt til....&Slett.&Del opp fil....Set saman filer....&Eigenskapar.Ko&mmentar.Rekna ut kontrollnummer..Opprett mappe.Opprett fil.&Avslutta.600.&Merk alle.Fjern alle markeringar.&Omvendt markering.Marker....Fjern markering....Merk etter type.Fjern markering etter type.700.S&tore ikon.S&m. ikon.&Lista.&Detaljar.730.Assortert.Flat vising.&2 felt.&Verkt.ylinjer.Opna kjeldemappa.Opp eit niv..Mappelogg....&Oppdatere.750.Arkiv verkt.ylinje.Standard verkt.ylinjer.Store knappar.Vis knappetekst.800.&Legg mappe til i favorittar som.Bokmerke.900.&Val....&Yting test.960.&Innhold....&Om
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17799
                                                                                                                                                                                                Entropy (8bit):3.496980139147961
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:E1OSMW33zMcaSwOgS6YQ9g/t+25rTHTIa5OVBUPSIqGA:EttJhq
                                                                                                                                                                                                MD5:C99E6572F5638599DBCA2CEAC337A320
                                                                                                                                                                                                SHA1:73C64554A00C6D5A3DAB8A2E7BD50426D6C7B6F4
                                                                                                                                                                                                SHA-256:8DD6073B585DD2E9D8CDD8E0FCE7DFEAF2F5A2D8BFC3059F67EAA3D8B5EB2D9E
                                                                                                                                                                                                SHA-512:CDE3D44793D1ABAB3B8D0BA71D1AF85C7CA49B37F4331B43D546D1F2022FC9CEDD1188869ACEE5BF9B74046788DAF26F4E4658AF86663065339103D2A602F7AA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.23 : 2011-09-25 : Translated by Giorgi Maghlakelidze, original translation by Dimitri Gogelia.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Georgian.........401.OK.............&.....&....&...................&...........440..... &............... ...&..........................&........&.... .......&.........&.................... ..... .......... ........?.500.&......&...........&......&........&............&..........540.&............. &............. ..&......&.............&......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9508
                                                                                                                                                                                                Entropy (8bit):4.956382401228677
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bFIzlmWIGz4txB2GnYESx8EvawZP7/uHCkU331:5bUzwxB2GfJwZP7/uHCkO31
                                                                                                                                                                                                MD5:1651078BE7CE617922904CA7941FAE20
                                                                                                                                                                                                SHA1:1FE33F74AAA6AF59B5055B968EF6424107544538
                                                                                                                                                                                                SHA-256:C0D985DEA02778276BA3D3DF96B50B33F7BA0C1EC7C62761F0DCD67A05B62270
                                                                                                                                                                                                SHA-512:E1721EE191E1BA24212E85C013497C66D35DB0E48DF464D2E86762B4A0855AC04FFEC59AF8C259F91DFF0924D977FFEB1FBA92A7C9A951D5F8FDDFD0B02BB67E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.26 : Tomas Miralles.; 4.44 : Fernando Verd..; 24.05 : 2024-05-23 : David Chova.;.;.;.;.;.;.;.;.0.7-Zip.Valencian.Valenci..401.Accepta.Cancel.la....&Si.&No.Tan&ca.Ajuda..&Continua.440.Si a &tot.No a t&ot.Atura.Reinicia.Segon pla.Primer pla.&Pausa.Parat.Esteu segur que voleu cancel.lar?.500.&Fitxer.&Edita.&Mostra.Favorits.Eines.Ajuda.540.&Obri.Obri d&ins.Obri fora.&Mostra.&Edita.Canvia &nom.&Copia a....&Despla.a a....&Suprimeix.&Separa fitxer....Com&bina fitxers....P&ropietats.Come&ntari.Calcula checksum.Difer.ncia.Nova carpeta.Nou fitxer.Ix.Vincula.Fluxos &alternatius.600.Seleccion&a-ho tot.Deselecciona-ho tot.&Inverteix selecci..Selecciona....No selecciones....Selecciona per tipus.No selecciones per tipus.700.Icones g&rans.Icones menudes.&Llista.&Detall.730.No ordenat.Vista plana.&2 Taules.&Barres d'eines.Obri directori arrel.Directori pare.Historial de carpetes....Actualit&za.Actualitza autom.ticament.750.Barra d'eines de Fitxer.Barra d'eines Est.nda
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8517
                                                                                                                                                                                                Entropy (8bit):4.822359737427984
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:2dUdnzkcjnQjB54SpQzLFA2WFYicDA1MiV2ehLHq2MQvQM03jgoBHpbYqMeMioHQ:cUtkcjnsZARHicM32UhMeWcoZpcYMivv
                                                                                                                                                                                                MD5:A04B6A55F112679C7004226B6298F885
                                                                                                                                                                                                SHA1:06C2377AC6A288FE9EDD42DF0C52F63DCE968312
                                                                                                                                                                                                SHA-256:12CC4A2CEF76045E07DAFC7AEC7CF6F16A646C0BB80873EC89A5AE0B4844443B
                                                                                                                                                                                                SHA-512:88C7ED08B35558D6D2CD8713B5D045FBA366010B8C7A4A7E315C0073CD510D3DA41B0438F277D2E0E9043B6FCB87E8417EB5698AB18B3C3D24BE7FF64B038E38
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.08 : Ari Ryynanen.; 4.30 : Jarko P..; 4.42 : Juhani Valtasalmi.; 9.35 : T.Sakkara.; 15.05 : 2015-08-07 : Lauri Kentt..; 19.00 : 2020-12-28 : Sampo Hippel.inen.;.;.;.;.;.0.7-Zip.Finnish.Suomi.401.OK.Peruuta....&Kyll..&Ei.&Sulje.Ohje..&Jatka.440.Kyll. k&aikkiin.E&i kaikkiin.Pys.yt..Aloita uudelleen.&Tausta.&Edusta.&Tauko.Tauolla.Peruutetaanko toiminto?.500.&Tiedosto.&Muokkaa.&N.yt..&Suosikit.Ty.&kalut.&Ohje.540.&Avaa.Avaa s&is.isesti.Avaa ulkoisesti.&N.yt..&Muokkaa.Nime. &uudelleen.&Kopioi....&Siirr.....&Poista.&Jaa osiin....&Yhdist. tiedostoja....&Ominaisuudet.Komme&nttti....Laske tarkiste.Ero.Luo kansio.Luo tiedosto.&Lopeta.Linkit..Vaihtoehtoiset virrat.600.V&alitse kaikki.Poista &valinnat.&K..nteinen valinta.Valitse....Poista valinta....Valitse tyypeitt.in.Poista valinta tyypeitt.in.700.Suu&ret kuvakkeet.&Pienet kuvakkeet.&Luettelo.&Tiedot.730.Alkuper.inen j.rjestys.Tasainen n.kym..&Kaksi paneelia.&Ty.kalupalkit.Avaa p..kansio.Yks
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18214
                                                                                                                                                                                                Entropy (8bit):4.4284329818199835
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WkmihmxWquSsgldTiXtY5FxrbM/7uo6txGZ+r6GjuXxQlzHd:tmlwyidYnxrU7u/xk+r6GjuXxQdHd
                                                                                                                                                                                                MD5:5894A446DF1321FBDDA52A11FF402295
                                                                                                                                                                                                SHA1:A08BF21D20F8EC0FC305C87C71E2C94B98A075A4
                                                                                                                                                                                                SHA-256:2DD2130F94D31262B12680C080C96B38AD55C1007F9E610EC8473D4BB13D2908
                                                                                                                                                                                                SHA-512:0A2C3D24E7E9ADD3CA583C09A63BA130D0088ED36947B9F7B02BB48BE4D30EF8DC6B8D788535A941F74A7992566B969ADF3BD729665E61BFE22B67075766F8DE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Vasileios Karakoidas, Jacaranda Bill, Vasilis Kosmidis.; 9.07 : SkyHi [HDManiacs Team].; 15.00 : 2015-05-07: Pete D.; 24.04 : 2024-04-05: John Stamatakis.;.;.;.;.;.;.;.0.7-Zip.Greek..........401.OK..........&.....&...&..................&.........440.... .. &....... .. .&...&...................... &.............. &..........&................... ........ ... ...... .. .........;.500.&.......&.............&..........&...........&.....&........540...&............. ... &.... ................ .. &... ..........&..........&...........&..............&.............&................&...&.......... ...........&........ ...........&......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9375
                                                                                                                                                                                                Entropy (8bit):4.996342947967769
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Kz9QG6nA1C574kEmsIO8M+M66rr6emGeHlOzsyqfP2diqPtVe3ydIINSAhy:U6nA1S1Em3O8M+M6RrGCyOmiqlVBSAU
                                                                                                                                                                                                MD5:238D20C2FD41EDEC7EFBFDA32B430156
                                                                                                                                                                                                SHA1:C63BB6DCEA0B453239EBEA6CBE004A0E07EE9AFF
                                                                                                                                                                                                SHA-256:B48DD5142C39C56D35F0BA673C3AFC706AF063040D7567D43B69345DDFA6E767
                                                                                                                                                                                                SHA-512:7749DB74A481539D997372C7931877C44C202137E9CE5E1EA1D32E61FA3EA851364C0F0FD0A57B4DE8FE50564D97C544007DB23093C7ED66841CE099F9D41B77
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Carlos Macao.; : Jo.o Alves.; : Jo.o Frade (100 NOME TR).; 4.46 : Rui Costa.; 9.17 : S.rgio Marques.; 15.00 : Rui Aguiar.; 15.00 : 2022-03-22 : Hugo Carvalho.; 22.00 : 2022-06-28 : Hugo Carvalho.;.;.;.0.7-Zip.Portuguese Portugal.Portugu.s.401.Aceitar.Cancelar....&Sim.&N.o.&Fechar.Ajuda..&Continuar.440.Sim a &tudo.N.o a t&udo.Parar.Reiniciar.&Segundo plano.P&rimeiro plano.&Pausar.Em pausa.Quer mesmo cancelar?.500.&Ficheiro.&Editar.&Ver.F&avoritos.Ferramen&tas.&Ajuda.540.&Abrir.Abrir &dentro.Abrir &fora.&Ver.&Editar.Mudar& o nome.&Copiar para....&Mover para....&Eliminar.&Dividir ficheiro....Com&binar ficheiros....P&ropriedades.Come&nt.rio.Calcular o checksum.Diff.Criar pasta.Criar ficheiro.&Sair.Liga..o.&Alternar fluxos.600.Seleccionar &tudo.Desseleccionar tudo.&Inverter selec..o.Seleccionar....Dessseleccionar....Seleccionar por tipo.Desseleccionar por tipo.700..cones &grandes..cones &pequenos.&Lista.&Detalhes.730.Desordenado.Vista
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10040
                                                                                                                                                                                                Entropy (8bit):5.05587204070323
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:AOIdBgDuDCfSGltxkRtDgfglyLCoMUGfZsDZIXl7OuKtgAZOKY3gTFFGFe6muWxW:/GgD9Si+bDgfgly4vZ3l7OuKOTgbGFkg
                                                                                                                                                                                                MD5:1E30A705DA680AAECEAEC26DCF2981DE
                                                                                                                                                                                                SHA1:965C8ED225FB3A914F63164E0DF2D5A24255C3D0
                                                                                                                                                                                                SHA-256:895F76BFA4B1165E4C5A11BDAB70A774E7D05D4BBDAEC0230F29DCC85D5D3563
                                                                                                                                                                                                SHA-512:FF96E6578A1EE38DB309E72A33F5DE7960EDCC260CA1F5D899A822C78595CC761FEDBDCDD10050378C02D8A36718D76C18C6796498E2574501011F9D988DA701
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : Soeren Finster.; 4.07 : JAK-Software.DE.; 9.07 : Joachim Henke.; 23.01 : Ren. Gennes.; 24.04 : Sandro Giallella.;.;.;.;.;.;.0.7-Zip.German.Deutsch.401.OK.Abbrechen....&Ja.&Nein.&Schlie.en.Hilfe..&Fortsetzen.440.Ja f.r &alle.Nein f.r a&lle.Stopp.Neustart.&Hintergrund.&Vordergrund.&Pause.Pause.M.chten Sie wirklich abbrechen?.500.&Datei.&Bearbeiten.&Ansicht.&Favoriten.&Extras.&Hilfe.540..&ffnen.I&ntern .ffnen.E&xtern .ffnen.&Ansehen.&Bearbeiten.&Umbenennen.&Kopieren nach....&Verschieben nach....&L.schen.Datei auf&splitten....Dateien &zusammenf.gen....E&igenschaften.K&ommentieren.&Pr.fsumme berechnen.Ver&gleichen.Ordner erstellen.Datei erstellen.Be&enden.Verkn.pfung....&Alternative Datenstr.me.600.Alles &markieren.Alles abw.hlen.Markierung &umkehren.Ausw.hlen....Auswahl aufheben....Nach Typ ausw.hlen.Nach Typ abw.hlen.700.&Gro.e Symbole.&Kleine Symbole.&Liste.&Details.730.Unsortiert.Alles in einer &Ebene.&Zweigeteiltes Fenster.&Symbolleiste
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9756
                                                                                                                                                                                                Entropy (8bit):5.222646559853333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:CKtangmNvbq5nFczPipu9FS1zPf6MHH2L6NyE8uP+G0O249bgCGLpO6u:RtangimWPieFSRPyE8uvLyo
                                                                                                                                                                                                MD5:CD44EF9F1C6526A18D9956517E510C16
                                                                                                                                                                                                SHA1:DD65DAD1B27F26B538CB3C8FC11895A7C6A81F20
                                                                                                                                                                                                SHA-256:D8DDEEC7A1D5F98BE9FE727D47F8BDF733E21693E988DCFE48089AC3344DCF30
                                                                                                                                                                                                SHA-512:51676AE9C163686DAD3748E2DEC7898ED218673D15AF741404C4EB30E8E8C23CC8C5BB7E33E1B7CC40DE56C1ACFE2639711F47BFAC9EF9FAE5703EAA889F924D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 24.04 : 2024-04-05 : Ahmet Murat .ZHAN.; 22.00 : 2023-05-28 : Emir SARI.; 15.00 : 2018-11-21 : Kaya Zeren.; 9.07 : 2009-09-22 : X-FoRcE.;.;.;.;.;.;.;.0.7-Zip.Turkish.T.rk.e.401.Tamam..ptal....&Evet.&Hay.r.&Kapat.Yard.m..&Devam.440.T.m.ne &Evet.T.m.ne &Hay.r.Durdur.Yeniden Ba.lat.&Arka Planda..&n Planda.&Duraklat.Duraklat.ld...ptal etmek istiyor musunuz?.500.&Dosya.&D.zen.&G.r.n.m.&S.k Kullan.lanlar.&Ara.lar.&Yard.m.540.&A..7-Zip ..i&nde A..&Varsay.lan Uygulamada A..&G.r.nt.le.&D.zenle.&Yeniden Adland.r.Klas.re &Kopyala....Klas.re &Ta......&Sil.Dosyay. &B.l....Dosyalar. Bi&rle.tir.....&zellikler.A..kla&ma.....Sa.lamalar. Hesapla.Fark.Klas.r Olu.tur.Dosya Olu.tur.&..k.Ba.lant..&Di.er Ak..lar.600.&T.m.n. Se..T.m.n.n Se.imini Kald.r.Se.imi &Tersine .evir.Se.....Se.imi Kald.r....T.re G.re Se..T.re G.re Se.imi Kald.r.700.&B.y.k Simgeler.&K...k Simgeler.&Liste.&Ayr.nt.lar.730.S.ralamas.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8888
                                                                                                                                                                                                Entropy (8bit):5.049104436584185
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:cNml3r3hrOfvZQY19CUfwb8NKLHnxA4vN5rBBb7U7folni:Sml3r3hrWvZQ69CUfwb84LHxAulBv0oE
                                                                                                                                                                                                MD5:4479712709B19297483D020D11164745
                                                                                                                                                                                                SHA1:ADBF9F8EF1C44E7F7D13EF5E0ABE1F49C4ED3F1B
                                                                                                                                                                                                SHA-256:D62F8D3E7AA1F2636A1AD1B2AEDE0DA9FD725941A5F81D24A9B0B7599CAF0F50
                                                                                                                                                                                                SHA-512:A857B93E9991AEE4CDD6730DE538AB3BFD13620D0A99AEA1F49859B0D479EF4F757C4D99846FC1754691802B5DAFD044FC306BD31C0429DCF15EB5DC3C0B9036
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-20 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uzbek.O.zbekcha.401.OK.Bekor qilmoq....&Ha.&Yo.q.&Yopmoq.Ko.mak..&Davom etmoq.440.Bariga &ha.Bariga &yo.q.To.xtatmoq.Qaytadan.&Fonda.&Fonda emas.&Pauza qilmoq.Pauza qilindi.Bekor qilinsinmi?.500.&Fayl.&Tahrirlamoq.&Ko.rinish.&Tanlanganlar.&Jihozlar.&Ko.mak.540.&Ochmoq.&Ichkarida ochmoq.&Tashqariga ochmoq.&Ko.rinish.&Tahrirlamoq.&Qayta nomlamoq.&Quyidagiga nusxalamoq....&Quyidagiga ko.chirmoq....&Olib tashlamoq.&Faylni bo.lmoq....&Fayllarni birlashtirmoq....&Xususiyatlar.&Sharh....Yakuniy summa.Taqqoslamoq.Jild tuzmoq.Fayl tuzmoq.&Dasturdan chiqmoq.Havola.&Muqobil oqimlar.600.&Barini tanlamoq.Barini tanlamaslik.&Teskari tanlash.Tanlamoq....Tanlamaslik....Turi bo.yicha tanlamoq.Turi bo.yicha tanlamaslik.700.&Yirik ikonkalarda.&Kichik ikonkalarda.&Ro.yxatsimon.&Tafsilotli.730.Saralamaslik.Bejirim ko.rinish.&2 ta panelda.&Jihozlar.Asosiy jildni ochmoq.Bir pog.ona yuqoriga
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5579
                                                                                                                                                                                                Entropy (8bit):5.039812534553965
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:P/3mbERgiJQCLlUBwpMBf4WV49vXJQX2Egzqlg+5RK6uxy4rcRQKktwlm80DCDHB:P/3sue8MOWyBXyX2tyj9RpGgigi6KwJ
                                                                                                                                                                                                MD5:69720A6D09230D9747BB2AA3C0EF650D
                                                                                                                                                                                                SHA1:4750E61EC19BA905D6F2BC5828510FD08D915AF8
                                                                                                                                                                                                SHA-256:B6EE3C8A14230AA7D1A17C5493E0A410C5C5C638BA7A9D81681FFED4A8DE6884
                                                                                                                                                                                                SHA-512:92230FEE3E5BC4B57013E359E43BF5F921DCFD9CAD4522E09B11EF8BF2F21F96555FC3AF72618A06D953F8D68050629358A8A7312A649489D6CA82780B793C88
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Mikel Hasko.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Albanian.Shqip.401.N. rregull.Anulim....&Po.&Jo.&Mbyll.Ndihm...&Vazhdim.440.Po p.r t. gjith&a.Jo p.r t. gjit&ha.Ndalo.Rinis.N. &sfond.N. pla&n t. par..&Pushim.N. pushim.Jeni t. sigurt se d.shironi ta anuloni?.500.&Skedari.&Redaktimi.&Pamja.&T. parap.lqyerit.&Veglat.&Ndihma.540.&Hap.Hap p.rbre&nda.Hap p.rjas&hta.&Pamja.&Redakto.Ri&em.rto.&Kopjo tek....&Zhvendos tek....&Fshi.N&daj skedarin....Kom&bino skedar.t....&Vetit..Ko&menti.Llogarit shum.n e verifikimit..Krijo nj. dosje.Krijo nj. skedar.&Dil.600.S&elekto t. gjith...se&lekto t. gjith..Anasill selekti&min.Selekto.....selekto....Selekto sipas tipit..selekto sipas tipit.700.Ikona t. &m.dha.Ikona t. &vogla.&List..&Detaje.730.&T. parenditur.Pamje e rrafsht..&2 panele.&Shiritat e veglave.Hap dosjen rr.nj..Nj. nivel m. lart..Historiku i dosjes....&Rifresko.750.Shiriti i veglave i arkivit.Shiriti standard i veglave.Butona t. m.dh
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8236
                                                                                                                                                                                                Entropy (8bit):4.571978993858432
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:XJLEhYBUC2Yz4e1uxLpnJ2Ega8W2uW55tmTG:FUC2YzJkxFnJ2ET8W2uW5H
                                                                                                                                                                                                MD5:23502D5CDD3671B634832D5F722CF5EA
                                                                                                                                                                                                SHA1:443FB98DF15B8BFD081802938E180A87EE24104D
                                                                                                                                                                                                SHA-256:FA12CA0BE49F4921D06268FAD673838C3A4644A70DC374A931997178F588E8F4
                                                                                                                                                                                                SHA-512:E1FC00A7AD4A817B32370F2C03EA10473070B9D2FEBC29BB87D95FF2670E8E47FF27B2C2B6D63396306DC0185E127A49F602E969166CB27073FEB735CFA47AF8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : 2007-12-26 : Pathanisation Project.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Pashto......401.................&...&......&...............&.440..... .. ..&..&... .. ......................&.......&......&........... ...... .... ..... .. ... .. .....500......&.....&....&..&...........&......&.540.........&.....& ............ .&...........&.....&...&............ .....&...... .....&......&......... ...&......... ...&...................&........ ........... ........... .......&....600.... ....&.... ............ .......&..................... ... ....... ... .......700...&. ...........&... ............&.........&.730..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8711
                                                                                                                                                                                                Entropy (8bit):5.0441606790922044
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oEiQ9ofFPhWwxTyaN+tu0okvFFr7S6IqOsc9gw8tjD7FuPNfOloU31QHvBcw:oEiQibWwjNT8cotjD8NfL
                                                                                                                                                                                                MD5:9A27F7E51E2143F4258AAC9975F78F60
                                                                                                                                                                                                SHA1:49DFFBD91FE27A81DA38BECDE87DE6B2DF28962F
                                                                                                                                                                                                SHA-256:233596E0D29DAD356CD31C302EB1EB3A263736F166F5A7628A753BD808668EBB
                                                                                                                                                                                                SHA-512:83C6464E05C776910552591D6D4B8DCB5CD0CC8C627519AEFB7B61672F4478E42FDB8E023B5BFD29C313A22DEEEE75FCF66BF638F8D48156E98694F110B7D324
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Andreas M Nilsson, Christoffer Enqvist.; 4.59 : Bernhard Eriksson.; 22.00 : (2022-06-20) Mikael Hiort af Orn.s.;.;.;.;.;.;.;.;.0.7-Zip.Swedish.Svenska.401.OK.Avbryt....&Ja.&Nej.&St.ng.Hj.lp..F&orts.tt.440.Ja till &alla.Nej till a&lla.Stoppa.Starta om.&Bakgrunden.&F.rgrunden.&Pausa.Pausad..r du s.ker p. att du vill avbryta?.500.&Arkiv.&Redigera.&Visa.&Favoriter.Verkt&yg.&Hj.lp.540.&.ppna..ppna &internt..ppna &externt.&Visa.&Redigera.&Byt namn.&Kopiera till....&Flytta till....&Ta bort.&Dela upp fil....&Sammanfoga filer....E&genskaper.Komme&ntera.Ber.kna kontrollsumma.Differens.Skapa mapp.Skapa fil.&Avsluta.Skapa l.nk.&Alternativa datastr.mmar.600.Markera &alla.Avmarkera alla.&Invertera markering.Markera....Avmarkera....Markera efter typ.Avmarkera efter typ.700.St&ora ikoner.Sm&. ikoner.&Lista.&Detaljerad lista.730.Osorterad.Platt vy.&Tv. paneler.&Verktygsf.lt..ppna rotmappen.Upp en niv..Mapphistorik....&Uppdatera.Uppdatera automatiskt.75
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12299
                                                                                                                                                                                                Entropy (8bit):4.279828923149653
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Z/YybL3XSV+HYFBLRTRZgZCjWg6IvLDlaJQZmbghr0MhI05z:F3XIBLRMZCjWgfvLpGQZcghrvIC
                                                                                                                                                                                                MD5:5747381DC970306051432B18FB2236F2
                                                                                                                                                                                                SHA1:20C65850073308E498B63E5937AF68B2E21C66F3
                                                                                                                                                                                                SHA-256:85A26C7B59D6D9932F71518CCD03ECEEBA42043CB1707719B72BFC348C1C1D72
                                                                                                                                                                                                SHA-512:3306E15B2C9BB2751B626F6F726DE0BCAFDC41487BA11FABFCEF0A6A798572B29F2EE95384FF347B3B83B310444AAEEC23E12BB3DDD7567222A0DD275B0180FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 9.07 :............:... ..-.... ........; 9.07 : Awadh A Al-Ghaamdi.;.; 15.00 : 2016-08-28 : ..... ...... .......: ... .... .......; 15.00 : 2016-08-28 : Saif H Al-asadi (edited and corrected).; 20.00 : 2020-04-01 : Ammar Kurd (Edits and corrections).;.;.;.;.;.0.7-Zip.Arabic......401............ .........&....&...&................&........440.... ....... ................ .........&..........&.....&..... .......... ......... ... ..... .. .........500.&....&......&........&......&......&.......540.&....&.... .........&... .......&....&.........&.. ...........&.. .......&.. ....&....&..... ...........&. ..............&..........&..... .... ..........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21169
                                                                                                                                                                                                Entropy (8bit):3.6500180773175783
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:NSzhkx60rKSu1t5tO2lV6rxhA/1bRRsMQSJNg4T4H84zQ9gZGvlLk2+ZuYbzw:Kkx6MqVUSJNVCw
                                                                                                                                                                                                MD5:2BE2F9C77556CA413B590B8477DF5499
                                                                                                                                                                                                SHA1:DD5CE617642C977470AA20C6DC6815728C779245
                                                                                                                                                                                                SHA-256:5A85CC532F802DA683374C3F4C98E3F37425CF304D6772BA554D2C49BAC7BE0B
                                                                                                                                                                                                SHA-512:3BA82549752E6BFE6C1F1706B205747D70F2F3106C49EA08D35E82047166C3D5B26457D6BF00FBBD0E9CAC4AE8EC38123F533DE3F68ED466F219C551B5417C40
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20:.; Saqirilatu Mongolqileb.; last updated: 2013-12-11.; Update and Spelling corrected Bayarsaikhan.;.;.;.;.;.;.;.0.7-Zip.Mongolian (MenkCode)......... .....401............................ (&Y)..... (&N)......... (&C)........................ (&C).440........ ..... (&A)........ .... (&L)................... ............ .... (&B)...... ... (&F).......... (&P)........ ............ ........ ............ .. ..500...... (&F).............. (&E)........ (&V)............. (&A)........ (&T)........... (&H).540..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4785
                                                                                                                                                                                                Entropy (8bit):4.860196348023919
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:0PK8d9PEVqGUK+ZY6yB42vdhut4A9ThBbRaP0Jk:wKKPEVqGnmSvdhruf9o
                                                                                                                                                                                                MD5:E3267C5ED8158DA2B7E2679107CE1394
                                                                                                                                                                                                SHA1:6550CDE7359A1B3450D8C0937AFFBF0252FA4B82
                                                                                                                                                                                                SHA-256:C88BC7EA0C20769847A0403E188E273A0897D1C77DD72CC4B45471FC67E0D5E1
                                                                                                                                                                                                SHA-512:63C185613C5855379DD4CAC3D2CF264D6BB2A0E9B483B22EAB93B7E8B9ABDA88BEE2F80FCD24F0E9BE0972A04F6C725CB20CAE678E3E4F61251721B5BDB1CDCD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.30 : Khairul Ridhwan Bin Omar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Malay.Bahasa Melayu.401.OK.Batal....&Ya.&Tidak.&Tutup.Bantuan..&Teruskan.440.Ya untuk Semua.Tidak untuk Semua.Henti.Mula Semula.&Latar belakang.&Latar depan.&Berehat.Berehat.Anda yakin untuk membatalkannya?.500.&Fail.&Edit.&Paparan.K&egemaran.&Alat.&Bantuan.540.&Buka.Buka di D&alam.Buka di L&uar.&Paparan.&Edit.Nam&akan semula.&Salin ke....&Pindahkan ke....Hapus.&Bahagi/belah Fail....Gab&ung Fail....P&roperti.Kom&en...Buat Folder.Buat Fail.K&eluar.600.Pilih &Semua.Jangan Pilih Semua.&Sonsangkan Pilihan.Pilih....Tidak Memilih....Pilih Berdasarkan Jenis.Tidak Memilih Berdasarkan Jenis.700.Ikon B&esar.Ikon K&ecil.&Senarai.&Butiran.730.Tidak Tersusun..&2 Panel.&Toolbar.Buka Root Folder.Ke atas Satu Aras.Folder Sejarah....&Segarkan Semula.750.Toolbar Arkib.Toolbar Standard.Bebutang Besar.Perlihatkan Teks Bebutang.800.&Tambah folder pada Kegemaran sebagai.Penanda Buku.900.&Opsyen....&Tanda Aras.960.&Kandungan..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14633
                                                                                                                                                                                                Entropy (8bit):3.957046613501519
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:haD8h70Oi+7V+y+FJNgquLCnt/SD4mKYGn940nWXmJTQOdLrRMs:hKm5f7V+y+FJNgquIt/64tnSmJciLNMs
                                                                                                                                                                                                MD5:771C8B73A374CB30DF4DF682D9C40EDF
                                                                                                                                                                                                SHA1:46AA892C3553BDDC159A2C470BD317D1F7B8AF2A
                                                                                                                                                                                                SHA-256:3F55B2EC5033C39C159593C6F5ECE667B92F32938B38FCAF58B4B2A98176C1FC
                                                                                                                                                                                                SHA-512:8DCC9CC13322C4504EE49111E1F674809892900709290E58A4E219053B1F78747780E1266E1F4128C0C526C8C37B1A5D1A452EEFBA2890E3A5190EEBE30657BA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.46 : Team Oruddho (Fahad Mohammad Shaon, Mahmud Hassan).;.;.;.;.;.;.;.;.;.;.0.7-Zip.Bangla.......401.... .............&......&...&.... .............&...... ......440.&....... .... .......&...... .... ............ .....&.......& ......&............. .............. ..... .... ......?.500.&.....&.................&.&......&.......&.......540.&........ ....7-zip-. ........ .......... ........ ....&.........&............ .........&....... ...............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11589
                                                                                                                                                                                                Entropy (8bit):4.212638798878335
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:b8TEDykT3a1oTLEKqX+KgU0XH9VL9dYALdOy7a+HSwOYAcvYxD/HI5wxhG9h2bZk:6VST0uKk9R9yAKcAcAxjJ6h8akS
                                                                                                                                                                                                MD5:D95E6FF9DAE7FA22083D9ED73588FE1A
                                                                                                                                                                                                SHA1:F061E9E1AFE02B7B92D626432CD9DA55BD8BC2DD
                                                                                                                                                                                                SHA-256:817D7A33F2ADB19F47F45F78C314F6AE6DF4CA4DA133C1F7A82703E0CDEE7E20
                                                                                                                                                                                                SHA-512:210BFDC206C2173BD680B6F319AFDA3228AC44CAF611C3846EF9AE0AD11701306BA923CCC9715086FF3CA5222F80713BF9FD6ABF61141232834DD95692EDC7C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Lazar.; 9.07 : Ozzii.;.;.;.;.;.;.;.;.;.0.7-Zip.Serbian - Cyrillic....... - .........401.. ............................................440... .. ...... .. ............................ ................... .. ... ....... .. ...... .. .........?.500................................................540................ .. 7-Zip-......... .. ........... ............................................. ............. .................. ............ ....................................... ........ ..................... ............. ...............600........ ........... ..... ........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17574
                                                                                                                                                                                                Entropy (8bit):4.148567429680087
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:MZ2tO2YSwozmsZ9mFL7AsbjftmxprJ4kgy0j7u4ybq:dCz7lbjaVgyCufq
                                                                                                                                                                                                MD5:2D0C8197D84A083EF904F8F5608AFE46
                                                                                                                                                                                                SHA1:5AE918D2BB3E9337538EF204342C5A1D690C7B02
                                                                                                                                                                                                SHA-256:62C6F410D011A109ABECB79CAA24D8AEB98B0046D329D611A4D07E66460EEF3F
                                                                                                                                                                                                SHA-512:3243D24BC9FDB59E1964E4BE353C10B6E9D4229EF903A5ACE9C0CB6E1689403173B11DB022CA2244C1EF0F568BE95F21915083A8C5B016F07752026D332878A4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : chavv.; : icobgr.; 4.65: Vassia Atanassova.; 23.01: Dimitar Mihaylov.;.;.;.;.;.;.;.0.7-Zip.Bulgarian...........401.OK..........&...&...&...................&.......440... .. &......... .. &.............. .......&..... ......&........ ......&........ .............. .. ....... .. ..........?.500.&.....&............&..........&.......&............&......540.&................. &.......... &......&..........&................&.........&........ ........&........ .......&.........&........ .. .........&.......... .. ...........&............&................. .. ......... ...................... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11457
                                                                                                                                                                                                Entropy (8bit):4.3994562592493125
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:voiIwxssHdMMybRMIc++NBGC4ci/4f/iv1GBSHlzdRCU39ixod9t:voJ4s8SKs+NBDkA/m1GBSHlzdvMEX
                                                                                                                                                                                                MD5:B1DD654E9D8C8C1B001F7B3A15D7B5D3
                                                                                                                                                                                                SHA1:5A933AE8204163C90C00D97BA0C589F4D9F3F532
                                                                                                                                                                                                SHA-256:32071222AF04465A3D98BB30E253579AA4BECEAEB6B21AC7C15B25F46620BF30
                                                                                                                                                                                                SHA-512:0137900AEB21F53E4AF4027EA15EED7696ED0156577FE6194C2B2097F5FB9D201E7E9D52A51A26AE9A426F8137692154D80676F8705F335FED9AE7E0E1D0A10E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Kirill Gulyakevitch.; 9.07 : 2011-03-15 : Drive DRKA.;.;.;.;.;.;.;.;.;.0.7-Zip.Belarusian............401.OK...........&....&...&...................&...........440.... ... &....... ... .&....................&......&.. ....... .....&........ ........ ........ ....... .......... ........?.500.&.....&.......&.......&.........&......&........540.&............... &.................. .&..............&...............&........&......... .....&........... .....&...........&..... .........&.'...... ............&..........&................ .....Diff.&........ .........&..... ......&.....600......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9030
                                                                                                                                                                                                Entropy (8bit):5.086332956902943
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3Lr7I2B5SmXxKKB7X47iyaljy7Peu1T96mo:3Lr1LBKKa7ipjy6ux96mo
                                                                                                                                                                                                MD5:B8056CBA4EDEB98D298D16EDBC34D678
                                                                                                                                                                                                SHA1:A4D39C3EDA31F8CE72C62E1DB91DEEABC884CEB0
                                                                                                                                                                                                SHA-256:9C15DB408E32DC699F598AAB30F539F91A212E5FBAEE2095022E24B3F1F09ECD
                                                                                                                                                                                                SHA-512:5C3FB76A5502C7C0312A32CFF38F99C303225C31C3E5C6041765BC2BEB0E9D5AC9CB4F543B80ECA969D54723A52122601B2074AFA8991AD64B92CFDA91104DC6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : Marius Navickas.; 4.57 : Domas Jokubauskis.; 15.05 : Vaidas777.;.;.;.;.;.;.;.;.0.7-Zip.Lithuanian.Lietuvi..401.Gerai.At.aukti....&Taip.&Ne.&U.daryti.Elektroninis .inynas..&T.sti.440.T&aip Visiems.Ne v&isiems.Sustabdyti.I. naujo.&Fone.&Pirminis procesas.&Laikinai sustabdyti.Laikinai sustabdyta.Ar j.s esate tikri, kad norite at.aukti?.500.&Failas.K&eisti.&Rodyti.M.gi&amiausi..ran&kiai.&Elektroninis .inynas.540.&Atverti.Atverti v&iduje.Atverti i.&or.je.&Rodyti.K&eisti.Pervadi&nti.&Kopijuoti .....&Perkelti ......alin&ti.&Skaidyti fail.....Jungti &failus....Savy&b.s.Kome&ntuoti.Skai.iuoti kontrolin. sum..Sulyginti.Sukurti aplank..Sukurti fail..I.ei&ti.Nuoroda.&Alternatyv.s srautai.600.Pa.ym.ti &visk..Nu.ym.ti visk..Atv&irk.tinis .ym.jimas.Parinkti....At.ym.ti....Pasirinkti pagal tip..At.ym.ti pagal tip..700.Did&el.s piktogramos.&Ma.os piktogramos.&S.ra.as.&I.samiai.730.Ner..iuotos.Nepaisyti aplank..&2 skydeliai.&
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15450
                                                                                                                                                                                                Entropy (8bit):3.943828079014395
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:NrQMVEpEJbIRgAOaN2gs1KM5LypJ0/vrvQYKSK46smKhjlCqRK5ZThNFdHL0eF9s:Nr3m6JbIRgzaN2gs1/+J4vrvQYzK46Pg
                                                                                                                                                                                                MD5:6BE5BA977C60F103B54C4289399CE43E
                                                                                                                                                                                                SHA1:48DFF625438573A366D56ECEF43BC43A10E124A8
                                                                                                                                                                                                SHA-256:A1967002746961CDC4F3AD4F5F081BBA6DB231660CDFD5F2AB4A572EB11DD67C
                                                                                                                                                                                                SHA-512:DA61AA3C5389B5096F1C899AD17EBC20125B18D959F8C74AAE10665F65DE4A3C2069AFE47380C093926180C952336FCBEFF71329809D7FA59AB490849B647DBB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Chayanon Ruamcharoen.; 4.10 : Zafire06.; 9.13 : Kom10.;.;.;.;.;.;.;.;.0.7-Zip.Thai.....401................&....&....&...............&.............440...................................&..................&..................&..................................................500.&.....&......&.......&...........&...........&..........540.&...........................................&.......&......&............&...............&
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8803
                                                                                                                                                                                                Entropy (8bit):4.986977159662758
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3nw9pDahG/twoHcW5W3PpCPa5zRHKDBZ0EeKIl3d10aeKY8FDiM:yDGG/twoHJ5Wf9i0EpTAiM
                                                                                                                                                                                                MD5:264FB4B86BCFB77DE221E063BEEBD832
                                                                                                                                                                                                SHA1:A2EB0A43EA4002C2D8B5817A207EB24296336A20
                                                                                                                                                                                                SHA-256:07B5C0AC13D62882BF59DB528168B6F0FFDF921D5442FAE46319E84C90BE3203
                                                                                                                                                                                                SHA-512:8D1A73E902C50FD390B9372483EBD2EC58D588BACF0A3B8C8B9474657C67705B6A284BB16BBA4326D314C7A3CC11CAF320DA38D5ACB42E685ED2F8A8B6F411F4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Josep Casals, Marc Folch.;.17.01.: Benet..BennyBeat..R..i.Camps.;.;.;.;.;.;.;.;.;.0.7-Zip.Catalan.Catal..401.D'acord.Cancel.la....&S..&No.Tan&ca.Ajuda..&Continua.440.S. a &tot.No a t&ot.Atura.Re&inicia.Rere&fons.Prim&er pla.&Pausa.Pausat.Segur que voleu cancel.lar?.500.&Fitxer.&Edita.&Visualitza.&Preferits.E&ines.Aj&uda.540.&Obre.Obre d&ins.Obre &fora.&Visualitza.&Edita.Reanom&ena.&Copia a....&Mou a....&Suprimeix.&Divideix el fitxer....Com&bina el fitxer....P&ropietats.Come&ntari.Calcula la suma de verificaci..Compara.Crea una carpeta.Crea un fitxer.S&urt.Enlla&..Flux &alternatiu.600.Seleccion&a-ho tot.No seleccionis res.&Inverteix la selecci..Selecciona....Desselecciona....Selecciona per tipus.Desselecciona per tipus.700.Icones g&rans.Icones petites.&Llista.&Detalls.730.No ordenat.Vista plana.&2 Panells.&Barres d'eines.Obre la carpeta arrel.Carpeta pare.Historial de carpetes....&Actualitza.Actualitza autom.ticament.750.Barra d'eines afege
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4953
                                                                                                                                                                                                Entropy (8bit):5.026642087390098
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:uyzeGsp9Qb9PzXHsRu2aPm68ZMvpZkul6Wg1AQQYBgJ0ZQBGBl6agPNH20qIvUkw:FzeGsbSu9y8WvpZR6W+AQQYG8LgFW01S
                                                                                                                                                                                                MD5:07504A4EDAB058C2F67C8BCB95C605DD
                                                                                                                                                                                                SHA1:3E2AE05865FB474F10B396BFEFD453C074F822FA
                                                                                                                                                                                                SHA-256:432BDB3EAA9953B084EE14EEE8FE0ABBC1B384CBDD984CCF35F0415D45AABBA8
                                                                                                                                                                                                SHA-512:B3F54D695C2A12E97C93AF4DF09CE1800B49E40302BEC7071A151F13866EDFDFAFC56F70DE07686650A46A8664608D8D3EA38C2939F2F1630CE0BF968D669CCC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : KAD-Korvigello. An Drouizig.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Breton.Brezhoneg.401.Mat eo.Nulla.....&Ya.&Ket.&Serri..Skoazell..&Kenderc'hel.440.Ya be&pred.Ket &bepred.Paouez.Adloc'ha..&Drekleur.&Rakleur.&Ehan.Ehanet.Ha fellout a ra deoc'h nulla. ?.500.&Restr.&Aoza..&Gwelout.Di&babo..&Ostilho..&Skoazell.540.&Digeri..Digeri. a-zia&barzh.Digeri. a-zia&vaez.&Gwelout.&Aoza..Adenv&el.&Kopia. diwar....&Dilec'hia. diwar....D&ilemel.&Troc'ha. restr....&Kendeuzi. restro.....P&erzhio..Evezhia&denn...Sevel un teul.Sevel ur restr.&Kuitaat.600.Diuz pep &tra.Diziuz pe tra.Lakaat an &diuzad war an tu gin.Diuz....Diziuz....Diuz diouzh ar rizh.Diziuz diouzh ar rizh.700.Arlunio. &bras.Arlunio. &bihan.&Roll.&Munudo..730.Dirummet..&2 brenestr.&Barrenno. ostilho..Digeri. an teul gwrizienn.Teul kerent.Roll istor an teul....Fresk&aat.750.Barrenn ziell.Barrenn skouerek.Meudellio. bras.Diskouez an destenn.800.&Ouzhpenna. ar c'havlec'h d'ar sinedo..Sined.900.&Di
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7870
                                                                                                                                                                                                Entropy (8bit):5.005099076386227
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3vn3kbZyZSXQVPLCXiG8gYnJYZDAHZE9xM7T9kur4Yc6Fw9KHl:3v3tSAVPG8gYnJYZk+g7T9kur4PUwG
                                                                                                                                                                                                MD5:C397E8AC4B966E1476ADBCE006BB49E4
                                                                                                                                                                                                SHA1:3E473E3BC11BD828A1E60225273D47C8121F3F2C
                                                                                                                                                                                                SHA-256:5CCD481367F7D8C544DE6177187AFF53F1143AE451AE755CE9ED9B52C5F5D478
                                                                                                                                                                                                SHA-512:CBBECE415D16B9984C82BD8FA4C03DBD1FEC58ED04E9EF0A860B74D451D03D1C7E07B23B3E652374A3B9128A7987414074C2A281087F24A77873CC45EC5AADD2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; : Jakob Schmidt.; 9.07 : Kian Andersen, J.rgen Rasmussen.; 15.00 : 2016-11-25 : scootergrisen.;.;.;.;.;.;.;.;.0.7-Zip.Danish.Dansk.401.OK.Annuller....&Ja.&Nej.&Luk.Hj.lp..&Forts.t.440.Ja til &alle.Nej til a&lle.Stop.Genstart.&Baggrund.&Forgrund.&Pause.Sat p. pause.Er du sikker p., at du vil annullere?.500.&Filer.R&ediger.&Vis.F&avoritter.Funk&tioner.&Hj.lp.540.&.bn..bn &inden i..bn &uden for.&Vis.&Rediger.O&md.b.&Kopier til....&Flyt til....S&let.&Opdel fil....Kom&biner filer....&Egenskaber.Komme&ntar....Udregn checksum.Sammenlign.Opret mappe.Opret fil.&Afslut.Opret/rediger henvisning.&Alternative str.mme.600.V.lg &alle.Frav.lg alle.&Omvendt markering.V.lg....Frav.lg....V.lg efter type.Frav.lg efter type.700.Sto&re ikoner.S&m. ikoner.&Liste.&Detaljer.730.Usorteret.Flad visning.&2 paneler.&V.rkt.jslinjer..bn rodmappe.Et niveau op.Mappehistorik....&Opdater.Opdater automatisk.750.Arkivlinje.Standardlinje.Store knapper.Vis knappernes tekst.800.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11444
                                                                                                                                                                                                Entropy (8bit):4.995289206779897
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:arUs6wOYcVCr1oX7A18zsuX/Y0Nf+6X5gOiAKNWw9BfpN5uc7Fd5:arWwzTr1oM1fuPJNf+26ORwAYH
                                                                                                                                                                                                MD5:DE64842F09051E3AF6792930A0456B16
                                                                                                                                                                                                SHA1:498B92A35F2A14101183EBE8A22C381610794465
                                                                                                                                                                                                SHA-256:DCFB95B47A4435EB7504B804DA47302D8A62BBE450DADF1A34BAEA51C7F60C77
                                                                                                                                                                                                SHA-512:5DABEED739A753FD20807400DFC84F7BF1EB544704660A74AFCF4E0205B7C71F1DDCF9F79AC2F7B63579735A38E224685B0125C49568CBDE2D9D6ADD4C7D0ED8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-04-06 : Patriccollu di Santa Maria . Sich. (Latest Update).; 22.00 : 2022-06-21 : Patriccollu di Santa Maria . Sich. (Update).; 15.00 : 2015-04-26 : Patriccollu di Santa Maria . Sich. (Update).; 9.20 : 2010-12-12 : Patriccollu di Santa Maria . Sich. (Creation).;.;.;.;.;.;.;.0.7-Zip.Corsican.Corsu.401.Vai.Abbandun.....&S..&N..&Chjode.Aiutu..&Cuntinu..440.S. per &tutti.N. per t&utti.Piant..Rilanci..Tacca di &fondu.&Primu pianu.&Pausa.In pausa.Vulete veramente annull..?.500.&Schedariu.&Mudific..&Affiss..&Favuriti.A&ttrezzi.Ai&utu.540.&Apre.Apre in &7-Zip.Apre in l.espluratore Windows.&Fighj. (esad.).&Mudific..&Rinumin..&Cupi. versu..&Dispiazz. versu..S&quass..&Sparte u schedariu..&Unisce i schedarii..&Prupriet..Cumme&ntu..Calcul. a somma di cuntrollu.Paragun. e sfarenze (Diff).Cre. un cartulare.Cre. un schedariu.&Esce.Liame.Flussi a&lternativi.600.&Tuttu selezziun...n selezziun. &nunda.&Arritrus. a selezzi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10469
                                                                                                                                                                                                Entropy (8bit):5.284564106594488
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:8F6LuxAINK+9IPpdcigPDojX4MmlmYplGPvxtdogal+7opiQRDev/4Fq/+ePRRtG:wxAELigPDoHITPjk6b9Fq/+1z
                                                                                                                                                                                                MD5:5D90F9C7771022E43C15A4393A0670CE
                                                                                                                                                                                                SHA1:689269A4B3AED23CDF59ED395732C592B515AC83
                                                                                                                                                                                                SHA-256:DE2497946932D806F822082C3CF9F2F26A18752D9973F9D09E0889A94CE4C28A
                                                                                                                                                                                                SHA-512:7A8BD040989CF66DD0F15BE68DFCF2799C34C491FDF900315AB82619938C79BE9F18C6A5B1A4AC7DF6BBA951B3B309DDAF4F5ED628A69B8B893406F68FBC9510
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 15.00 : 2015-03-29 : Ibrahim Oyekan.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Yoruba.Yoruba.401.O DAA.Pa re....&B..ni.&B..k..&P.d...r.nl.w...&T..-s.w.j..440.B..ni fun &gbogbo ..B..k. fun &gbogbo ..D.r....t.nb..r...&...h.n-.gb.h.n.&Oj.-.gb.h.n.&D.d.r...d.r...e . d.j. pe .nyin f.. paar..500.&Fa.li.&Tunk..&.w..&A.y..&Irin....&.r.nl.w..540.&.i..i &si .n...i &si .ta.&.w..&Tunk..&Tun oruk. k..&...d. si....&Gb. si....&Paar..&P.n fa.li...... .w.n fa.li k.p......&.b.d..&.r. .w.ye.....e i.iro checksum..y.t...D. .p. fa.li sil...D. fa.li sil...&P.d...t..kas..&Yiyan agbara d.t..600....y.n &gbogbo fa.li.Paa ...y.n gbogbo fa.li.&Yi ...y.n Pad.....y.n....Paa ...y.n.......y.n bi ir. fa.li.Paa ...y.n bi ir. fa.li.700.&.mi .l..&.mi K.ker..&Ak.j...&Aw.n alaye.730.Lai t. l.s.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9099
                                                                                                                                                                                                Entropy (8bit):4.918696837936453
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:1W7Uw+zTCaVpRBbpgoeCb4wdHSYz2NufjbJTQewnpy:14N+zNpbbpgw4wdHxtXlipy
                                                                                                                                                                                                MD5:6CD7C2B4D6BBA163B1623035FEB4297D
                                                                                                                                                                                                SHA1:5DF07BCFD1EDBD448B566AEA5789EF251303DE69
                                                                                                                                                                                                SHA-256:9280AB90261B0C8F206EEF7196D7531E4E4932C9174AB899CEE4F8ED97CC87C6
                                                                                                                                                                                                SHA-512:7ED13085EBC2545B434F5671F958F7A5FAA1BC29F7C10721A972AFD2C886FC39F0A6E290E70F1F8EA798199CA26974257EAF9B8445652C9B02C789E198191A3E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : 2007-11-22 : Xos. Calvo.; 9.20 : 2014-11-26 : enfeitizador.; 15.00 : 2016-02-01 : enfeitizador.; 22.00 : 2023-05-13 : enfeitizador.;.;.;.;.;.;.;.0.7-Zip.Galician.Galego.401.De acordo.Cancelar....&Si.&Non.Pe&char.Axuda..&Continuar.440.Si &a todo.Non a &todo.Parar.Reiniciar.Po.er por de&baixo.Traer ao &fronte.&Pausa.Pausado.Queres cancelar?.500.&Ficheiro.&Editar.&Ver.F&avoritos.Ferramen&tas.A&xuda.540.&Abrir.Abr&ir dentro.Abrir &f.ra.&Ver.&Editar.Cambiar no&me.&Copiar a....&Mover a....&Eliminar.&Dividir ficheiro....Com&binar ficheiros....P&ropiedades.Come&ntario....Calcular suma de verificaci.n.Diferenzas.Crear cartafol.Crear ficheiro.Sa&.r.Ligaz.n.&Alternar fluxos.600.Seleccion&ar todo.Desmarcar todo.&Inverter selecci.n.Seleccionar....Desmarcar....Seleccionar por tipo.Desmarcar por tipo.700.Iconas lon&gas.Iconas &mi.das.&Lista.&Detalles.730.Sen orde.Vista plana.&2 paneis.Barras de ferramen&tas.Abrir cartafol ra.z.Subir un nivel.Hist.rico de carta
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9911
                                                                                                                                                                                                Entropy (8bit):5.3108412818364545
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ovp0mydAiVui6B3+6hX+S5YELolHgMKJas99KWGmU/DbU0E1nUv3b:Ip0mydAq6A6hOS5pLoQzd0snUT
                                                                                                                                                                                                MD5:F8821C75507199F4EF041EEBA8B82281
                                                                                                                                                                                                SHA1:96759A3B826BB5DBC18730378D0F8BA08C1DF7E1
                                                                                                                                                                                                SHA-256:B4B96FDAA023A3988D514C1CB1E2914817CD538D3BB7F062778360338B73BA67
                                                                                                                                                                                                SHA-512:173D6F0437A4E315F4F890F67EF93936E53205F950A9B718B8B232F6FAF0ED7E33E6C72531E0C2613611F4B02F5FD1ED7CDE8CBD05F2256A68FE577DAE4D3A90
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : cienislaw.; : pixel.; 9.07 : F1xat.; 9.33 : .ukasz Maria P. Pastuszczak.; 22.00 : Micha. L..; 24.04 : Piter, Micha. L..;.;.;.;.;.0.7-Zip.Polish.Polski.401.OK.Anuluj....&Tak.&Nie.&Zamknij.Pomoc..&Kontynuuj.440.Ta&k na wszystkie.Ni&e na wszystkie.Zatrzymaj.Pon.w.&T.o.&Pierwszy plan.&Wstrzymaj.Wstrzymano.Czy na pewno chcesz anulowa.?.500.&Plik.&Edycja.&Widok.&Ulubione.&Narz.dzia.Pomo&c.540.&Otw.rz.Otw.rz &wewn.trz.Otw.rz na &zewn.trz.Pod&gl.d.&Edytuj.Zmie. &nazw..Kopiuj &do....&Przenie. do....&Usu..Podzie&l plik....Z..&cz pliki....W.&a.ciwo.ci.Ko&mentarz.Oblicz sum. kontroln..R..nice pomi.dzy plikami.Utw.rz &folder.U&tw.rz plik.Za&ko.cz.Dow&i.zanie.&Alternatywne strumienie.600.Z&aznacz wszystko.&Odznacz wszystko.Odwr.. &zaznaczenie.Zaznacz....Odznacz....Zaznacz wed.ug typu.Odznacz wed.ug typu.700.&Du.e ikony.&Ma.e ikony.&Lista.&Szczeg..y.730.Nieposortowane.Widok p.aski.&2 panele.&Paski narz.dzi.Otw.rz folder g
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7113
                                                                                                                                                                                                Entropy (8bit):4.969992127036655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:M7Bz8oq24hcsQzhPDu1FnweRCV2RnnfI9Mw2yzryIclVXPWMcg:M7Bz7wcse7uvFFnQMw2yzryIgXP3cg
                                                                                                                                                                                                MD5:06B08FE12C0F075D317CF9A2A1DD96BC
                                                                                                                                                                                                SHA1:0062BA87B9207536B9088E94505D765268069F63
                                                                                                                                                                                                SHA-256:6BA88938C468E7217BD300B607D7A730530E63D1F97562604EC0BB00D66A06C9
                                                                                                                                                                                                SHA-512:9F9FB1C045D92C1F8035D547554457E3466AE861A04F1CD3F57965E4A92F0FC433B2A7B3E9E1E71588E97F8C73D5914A750DEDED5D3056E327D7EFE19A220198
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.60 : Andrea Decorte (Klenje) : secont l'ortografie ufici.l de Provincie di Udin.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Friulian.Furlan.401.Va ben.Scancele....&S..&No.&Siare.&Jutori..&Continue.440.S. &a ducj.No a &ducj.Ferme.Torne a invi..&Sfont.P&rin plan.&Pause.In pause.S.stu sig.r di vol. scancel.?.500.&File.&Modifiche.&Viodude.&Prefer.ts.&Imprescj.&Jutori.540.&Viar..Viar. dentri 7-&Zip.V&iar. f.r di 7-Zip.&Mostre.M&odifiche.Gambie &non.&Copie in....M.&f in....&Elimine.&Div.t file....Torne a &un. files....P&ropiet.ts.Comen&t.Calcole so&me di control..Cree cartele.Cree file.V&a f.r.600.Selezione d&ut.&Deselezione dut.&Invert.s selezion.Selezione....Deselezione....Selezione par gjenar.Deselezione par gjenar.700.Iconis &grandis.Iconis &pi.ulis.&Liste.&Detais.730.Cence ordin.Viodude plane.&2 panei.Sbaris dai impresc&j.Viar. cartele princip.l.Parsore di un nivel.Storic des cartelis....&Atualize.750.Sbare dai imprescj par l'archivi.Sbare dai imprescj sta
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8039
                                                                                                                                                                                                Entropy (8bit):4.830174437133884
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:FGtF7C6fBky7MIFT0T222a6CjlHtLG0mHR7s:O/fNaS2J6CjxdN
                                                                                                                                                                                                MD5:BAAC3FF9FC4B6A656AC7C51D44117BD9
                                                                                                                                                                                                SHA1:FEACD226EFB71EE149424F39AB47EBF6F64CAB04
                                                                                                                                                                                                SHA-256:9FED3C0B4E67673BC1D8BBD67D1F6651FADE030F98D12173C3564F2C492A67F8
                                                                                                                                                                                                SHA-512:44413A73CD0DE02F245CB5D8B35BB457AE136C1C2BBB76934F120F6D0B14FCE928B4763475730F018C6E4B4AD4881A32CF1C99879C197CC4E70B8A992B3BFCA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 15.00 : 2020-05-15 : Mara Gati Lucky.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Swahili.Kiswahili.401.Sawa.Ghairi....&Ndio.&Hapana.&Funga.Usaidizi..&Endelea.440.Ndio kwa &zote.Hapana kwa z&ote.Simamisha.Washa upya.&Mandharinyuma.&Mandharimbele.&Tuliza.Imetulizwa.Una uhakika unataka kughairi?.500.&Faili.&Hariri.&Mwoneko.Z&inazopendwa.&Zana.&Usaidizi.540.&Fungua.Fungua &ndani.Fungua n&je.&Mwoneko.&Hariri.Pati&a jina upya.&Nakili hadi....&Sogeza hadi....&Futa.&Gawiza faili....Ung&anisha nyaraka....S&ifa.Toa m&aoni....Kokotoa checksum.Tofautisha.Unda kabrasha.Unda faili.F&unga.Kiungo.&Mitiririsho mbadala.600.Teua &zote.Ondoa uteuzi wote.&Pindua uteuzi.Teua....Ondoa uteuzi....Teua kulingana na aina.Ondoa uteuzi kulingana na aina.700.Iko&ni kubwa.Ikoni ndogo.&Orodha.&Maelezo.730.Haijapangwa.Mwoneko bapa.&2 paneli.&Miambaa zana.Fungua kabrasha shina.Juu kiwango kimoja.Historia ya folda....&Weka upya.Weka upya kioto.750.Mwambaa zana wa akiba.Mwambaa zana wa kawaida.Vitufe vikubwa.Onyesha m
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10837
                                                                                                                                                                                                Entropy (8bit):4.643195839265694
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:EG9NeKlSU9fV6kPtwusVom5DvB4UlBFXCsMu:EG9FlSU9fV6kPt+hvBPLFXCE
                                                                                                                                                                                                MD5:387FF78CF5F524FC44640F3025746145
                                                                                                                                                                                                SHA1:8480E549D00003DE262B54BC342AF66049C43D3B
                                                                                                                                                                                                SHA-256:8A85C3FCB5F81157490971EE4F5E6B9E4F80BE69A802EBED04E6724CE859713F
                                                                                                                                                                                                SHA-512:7851633EE62C00FA2C68F6F59220A836307E6DDE37EAE5E5DCA3CA254D167E305FE1EB342F93112032DADAFE9E9608C97036AC489761F7BDC776A98337152344
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20 : Haqmar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Bashkir...........401........... ......&....&...&..........&......440......... .. .&.....&...... .. ............... ......&..... ........&... .......&........ ............... .... ....... .. ...... ............?.500.&.......&.....&.........&...........&.......&........540.&.......&...... .......&..... .........&....&..............&...... ............&................&...........&............. &.............. ...&...............&.........&................ .....Diff.... ............ &.........&.......600.&....... .. ............&..... .... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10868
                                                                                                                                                                                                Entropy (8bit):4.914669990065981
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Uk/px4B42mykLxrIppKQoYEgHVxX39tJzo2NXIWdE4hNvuaVkP51EUt:L/462mykLxkpp3odgHVxdtd5da4nvuSy
                                                                                                                                                                                                MD5:A49801879184C9200B408375FC4408D7
                                                                                                                                                                                                SHA1:763231BD9B883692C0E5127207CBFC6A2A29BC7D
                                                                                                                                                                                                SHA-256:397A3AF716EB7F0084F3AA04AD36EAB82AAB881589A359E7D6D4BE673E1789A8
                                                                                                                                                                                                SHA-512:F408203907594AFA116A2003D0B65D77C9BCA47663F7F6B26E9158B91DAD40569E92851BF788A39105298561F854264A8DC57611637745E04E68585B837702F2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Nicolas Sierro.; 9.07 : Philippe Berthault.; 15.14 : Sylvain St-Amand (SSTSylvain).; 22.00 : 2022-06-09 : Lolo S..; 23.01 : 2023-12-20 : Denis G (Need74).; 24.04 : 2024-04-29 : Lolo S..;.;.;.;.;.0.7-Zip.French.Fran.ais.401.OK.Annuler....&Oui.&Non.&Fermer.Aide..&Continuer.440.Oui pour &tous.Non pour t&ous.Arr.ter.Red.marrer.&Arri.re-plan.P&remier plan.&Pause.En pause..tes-vous sur de vouloir annuler ?.500.&Fichier.&.dition.Affic&hage.Fa&voris.&Outils.&Aide.540.&Ouvrir.Ouvrir dans le gestionnaire &7-Zip.Ouvrir dans l'Explorateur Windows.&Voir (hexa).&.dition.Reno&mmer.&Copier vers....&D.placer vers....S&upprimer.Diviser le &fichier....&Fusionner les fichiers....P&ropri.t.s.Comme&ntaire....Somme de contr.le.Comparaison des diff.rences (Diff).Cr.er un dossier.Cr.er un fichier.&Quitter.Connexion.Flux &alternatif.600.S.lectionner &tout.D.s.lectionner to&ut.&Inverser la s.lection.S.lectionner....D.s.lectionner....S.lectionner par type.D.s.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17467
                                                                                                                                                                                                Entropy (8bit):3.84721481389097
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:wNAsf6IflsHX7q4IqKz+QCzaRDuAlTz8tw2+xE3ZAXsF:wjDGGeF
                                                                                                                                                                                                MD5:18D9C82F12E07B71E03D6086DEBA0DC3
                                                                                                                                                                                                SHA1:C6C11C6F1FC00A25DD53E1C78F207F6C8C8B8B13
                                                                                                                                                                                                SHA-256:5F79AE167A917860F95F73E5ED007FE250F30AF794BCFCE17941F9EF87D22A05
                                                                                                                                                                                                SHA-512:196A859D52A1A742B98460EAF113552DCE2CFC63378B19D2902BEABC1E66CBD9E26BF37FC26453832AA10929AAF0196ED9211332E63C830B0E5946013C82BDC1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma : ...... .... ......;.;.;.;.;.;.;.;.;.;.0.7-Zip.Hindi, Indian, ...................401.... ...........&....&.....&... .........&.... ....440.&... .. .... ....&... .. .... .............. .... .....&...........&........(.........).&..................... .... .... ..... ... ....... .... .. ....?.500.&.....&.......&......&.......&.....&....540.&.....&.... .....&.... .....&......&.......&...: .......&... ... .........&... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12057
                                                                                                                                                                                                Entropy (8bit):3.6721380731890467
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:MZOpgEdXp2Aj1N1YZsHFoXmj6OI1v/O2RmrNqBSXGdCdfy01K:x3X4xO2RmUqqX
                                                                                                                                                                                                MD5:DD0AE446AD4C5D6F20DB6ECE80F21606
                                                                                                                                                                                                SHA1:CDDB5DC08DA094FF69E48C1AF7E329F6B83FB6A6
                                                                                                                                                                                                SHA-256:AE1A795105574BF2674A5DE98A4F06CADD9C79DEBDE9FC288F64B3D607FA329D
                                                                                                                                                                                                SHA-512:543777575D32B9E1A67AFA2380B7953B79F3031AD6421314BA1DD957EC356FC0446903E09CA70A4E61F1264FC87846C968574D3ADF90F1563BAE3CCCA875636F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.13 : Ve Elanjelian : ThamiZha! team.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tamil.......401................................................440.............. ................. .......................................................... ................. .................... ...... ..... .................?.500..................................................540.......... .......... ........................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8122
                                                                                                                                                                                                Entropy (8bit):5.01235026127091
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rhhdCkj7itccEuzIS1xTXiV8JBLRsusqrKhI:Vh/jfLupi+l1sqrKhI
                                                                                                                                                                                                MD5:9D8216183493AC2190A4D6E142ECAB9A
                                                                                                                                                                                                SHA1:E534EBB714DBAE2A9E12ACCBE96C6F2568B814C4
                                                                                                                                                                                                SHA-256:210AF273246D30CFDE87295CD5F4FF135B0BDFB04FE7173BB60F935E685B8E10
                                                                                                                                                                                                SHA-512:5B56560AD70652C9C6287F939B25676D8149C000C2388365197354DBE38C5CBA5C25F0A3A529F0601A5B5D964B7278AB3A668E8469CF0EC718821FDABCF044BC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Alan .imek.; 4.53 : Hasan Osmanagi..; 9.07 :.; 15.05 : 2015-06-15 : Stjepan Treger.;.;.;.;.;.;.;.0.7-Zip.Croatian.Hrvatski.401.U redu.Odustani....&Da.&Ne.&Zatvori.Pomo...Nastavi.440.Da za &Sve.Ne za Sv&e.&Stani.Ponovi.U pozadini.U prvom planu.&Pauza.Pauzirano.Poni.titi?.500.&Datoteke.&Ure.ivanje.&Izgled.Omiljene mape.&Alati.&Pomo..540.&Otvori.Ot&vori mapu.Otvori u &sustavu.Iz&gled.&Ure.ivanje.Prei&menuj.&Kopiraj u....Premje&sti u....O&bri.i.Podije&li datoteku....Spo&ji datoteke....Svojs&tva.Komentar.Izra.un kontrolnog zbroja.Uspore.ivanje.Stvo&ri mapu.Stvori &datoteku.&Izlaz.Poveznica.&Alternativni tokovi.600.Odaberi &sve.Poni.ti odabir.&Obrni odabir.Odaberi....Poni.ti odabir....Odabir po tipu.Poni.ti odabir tipa.700.&Velike ikone.&Male ikone.&Popis.&Detalji.730.Neso&rtirano.Sadr.aj mapa.&2 okna.Alatne &trake.&Korijen.&Nadmapa.Pro.&le mape....O&svje.i.Automatski osvje.i.750.Alatna traka arhiva.Standardna alatna traka.Velike tipke.Prika.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4848
                                                                                                                                                                                                Entropy (8bit):5.0398900363287105
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:lcIh395xVDLRNvtj7ZjuJowdlKoF+M/LMtYUQs0xM3Hj8bH8fC:eg3Px9zt+d5ohGs0sHj88C
                                                                                                                                                                                                MD5:29CAAD3B73F6557F0306F4F6C6338235
                                                                                                                                                                                                SHA1:D4B3147F23C75DE84287AD501E7403E0FCE69921
                                                                                                                                                                                                SHA-256:A6EF5A5A1E28D406FD78079D9CACF819B047A296ADC7083D34F2BFB3D071E5AF
                                                                                                                                                                                                SHA-512:77618995D9CF90603C5D4AD60262832D8AD64C91A5E6944EFD447A5CC082A381666D986BB294D7982C8721B0113F867B86490CA11BB3D46980132C9E4DF1BD92
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Dmitri Gabinski.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Esperanto.Esperanto.401.B&one.Nuligu....&Jes.&Ne.&Fermu.Helpo..&Da.rigu.440.Jes por .&iuj.Ne por .i&uj.&Haltu.Restartigu.&Fono.&Malfono.&Pa.zo.Pa.zita..u vi vere volas nuligi?.500.&Dosiero.&Redakto.&Vido.&Favoritaj.&Agordoj.&Helpo.540.&Malfermu.Malfermu &ene.Malfermu ek&stere.&Vidigu.&Redaktu..&an.u nomon.&Kopiu en....M&ovu en....&Forigu.&Erigu dosierojn....Komb&inu dosierojn....A&tributoj.Ko&mentu.Kalkulu kontrolsumon..Kreu &dosierujon.Kre&u dos&ieron.E&liru.600.M&arku .iun.Ma&lmarku .iun.&Inversigu markon.Marku....Malmarku....Marku la. tipo.Malmarku la. tipo.700.&Grandaj bildetoj.&Malgrandaj bildetoj.&Listo.&Detale.730.&Neordigite.Ununivela vido.&2 paneloj.&Ilobretoj.Malfermu radikan dosierujon.Supren je unu nivelo.Dosierujhistorio.....&isdatigu.750.Ar.ivo-ilobreto.Norma ilobreto.Grandaj bildetoj.Montru butontekston.800.&Aldonu dosierujon al favorataj kiel.Legosigno.900.&Agordoj....&Etalono.960.&E
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18834
                                                                                                                                                                                                Entropy (8bit):3.802411708886365
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:TtnNoVvuZp1uKx4IshqMehIANlXgZC0Mzat2Irn0rInzY3TPYXtr:T/u/JBr
                                                                                                                                                                                                MD5:FD1B984BAEA0E5A905F756E9FDC54E86
                                                                                                                                                                                                SHA1:4DA8DA9154115F6BF0962FD02DB9D7E166285C8E
                                                                                                                                                                                                SHA-256:02CC9032C117A7818865AF3DCADBDD3C7B348BE3507681CD0032DD9BD15B76FC
                                                                                                                                                                                                SHA-512:1595742CCCFFF001C7BE0A7809F2E700460AD4CBD684D5A0CC53C5CCF615046E2E94EFD96CEEACA3D6FB20AAA5249D7677AB1F6FAF8DAB0A1B559A0C0951913E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma, ....... .... ......;.;.;.;.;.;.;.;.;.;.0.7-Zip.Sanskrit, Indian, .....................401.... ..............&....&...&... ...........&.... ....440.&....... ....&....... ............ .... .....&...........&........(.........).&....................... .... .... ..... ... ....... .... ..... ....?.500.&.......&.........&........&.........&.......&......540.&........&.... ........&.... ........&........&........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6667
                                                                                                                                                                                                Entropy (8bit):4.975280640991647
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:P2ecDQC5HNYvLSjKJCNdnziL1xWKvjgeNH:uecb82ICNFWL1xWKvseNH
                                                                                                                                                                                                MD5:D6A50C4139D0973776FC294EE775C2AC
                                                                                                                                                                                                SHA1:1881D68AE10D7EB53291B80BD527A856304078A0
                                                                                                                                                                                                SHA-256:6B2718882BB47E905F1FDD7B75ECE5CC233904203C1407C6F0DCDC5E08E276DA
                                                                                                                                                                                                SHA-512:0FD14B4FD9B613D04EF8747DCD6A47F6F7777AC35C847387C0EA4B217F198AA8AC54EA1698419D4122B808F852E9110D1780EDCB61A4057C1E2774AA5382E727
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.09 : Kaupo Suviste.; 9.07 : Mihkel T.nnov.;.;.;.;.;.;.;.;.;.0.7-Zip.Estonian.eesti keel.401.OK.Loobu....&Jah.&Ei.&Sulge.Abi..&J.tka.440.K.igile j&ah.K.igile e&i.Seiska.Restardi.&Taustal.&Esiplaanile.&Paus.Pausiks peatatud.Kas soovite kindlasti loobuda?.500.&Fail.&Redigeeri.&Vaade.&Lemmikud.&T..riistad.&Abi.540.&Ava.Ava s&ees.Ava v.ljasp&ool.Vaat&ur.&Redigeeri.&Nimeta .mber.&Kopeeri asukohta....&Teisalda asukohta....Ku&stuta.T.kel&da fail.....&henda failid....Atri&buudid.Ko&mmentaar....Arvuta kontrollsumma.V.rdle.Loo kaust.Loo fail.&V.lju.600.V&ali k.ik.T.hista k.ik valikud.&P..ra valik.Vali....T.hista valik....Vali t..bi j.rgi.T.hista t..bi j.rgi valik.700.&Suured ikoonid.V.ik&esed ikoonid.&Loend..ksikasja&d.730.Sortimata.Lame vaade.&Kaks paani.&T..riistaribad.Ava juurkaust.Taseme v.rra .les.Kaustaajalugu....&V.rskenda.750.Arhiiviriistariba.Standardnupuriba.Suured nupud.Kuva nupusildid.800.&Lisa kaust lemmikute hulka j.rjehoidj
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13706
                                                                                                                                                                                                Entropy (8bit):4.512938543489413
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:4sAaGWnyUCvYb6klPJFdljLNCZXg54yd+yACOFFytAQm:maG39YeklPJFLjLN+g5h+MtAd
                                                                                                                                                                                                MD5:730C16345E2A2366C2221D5F22980666
                                                                                                                                                                                                SHA1:41E92F0B3AEE2436183E1263AAD85787ECBABF34
                                                                                                                                                                                                SHA-256:813B5264F3F2D2B632B346E800E738E04DC098C7B3A1A2AF64BCF3A6ACBCA037
                                                                                                                                                                                                SHA-512:339A9B6E5788B6B2D627C16B6DCA5A942133B2F113ADC21225C693951D87EE5C476A684565C2A38510A23C42E1DFA0689A62450CB2D741D4AC43A53B9B691606
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.10 : 2017-02-12 : Bulat Ibrahim.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tatar.........401.OK.... .........&....&...&..............&..... .......440.... &........ ....... .&....... .................&......&.... .......&.................... .. ....... ............?.500.&.....&........&......&..........&........&........540.&........... &............ ..&...........&................. &...........&................&.............&................ &.................... &...................&.............&.............. ...................&..... .........&.. ........&............&........... ........60
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8736
                                                                                                                                                                                                Entropy (8bit):5.243048507979006
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:K9LGWUpW9ui2eHMMfj0RIC/2Naq49K5ztPYIzvPMdQpJzPq:859uigRr/2Yq4uJPYIzvPMZ
                                                                                                                                                                                                MD5:1F610DF86538A3ED788D6A8024C1982E
                                                                                                                                                                                                SHA1:3180F829602B83148C73A47EF4DAF841BB379A14
                                                                                                                                                                                                SHA-256:A0F485755CBC6356CFA4BEF5CB6134653DC6743F4BFCA89CED92D43EC31C5649
                                                                                                                                                                                                SHA-512:C184E3898944B2C0A12806E0B0592FD19BE05A75E7F3B2F9A69B8D39FA847E90AEBE93E1E96588AAA38DCDBB9FF89C1667BCA1B5A5FDFDB7F77E37A574981309
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 19.00 : 2019-03-04 : Merdan NURIYEV Hazar-Balkan H.K..;.;.;.;.;.;.;.;.;.;.0.7-Zip.Turkmen.T.rkmen.e.401.Howwa.Go.bolsun et....&Howwa.&.ok..a&p.K.mek al..&Dowam et.440.Hemmesine howw&a.Hemmesine &.ok.Dur.Ga.tadan ba.la.&G.r.nme.&..e .yksyn.&S.gindir.S.gindi.Go.bolsun etjekmi?.500.&Dos.a.&D.zelt.&G.r.F&aworitler.G&urallar.&K.mek.540.&A..&I.inde A..Da.&ynda A..&G.r.&D.zelt.Adyn&y ..tget..u .ere &kop.ala.....u .ere &g...r....&...r.Fa.ly &b.l....Fa.llary &birle.dir....&D.zg.nlemeler.Tes&wir....Barlag jemini hasapla.Tapawutlanma.Bukja d.ret.Fa.l d.ret.&.yk.Bag.Akymlary .&aly..600.Hemmesini Se..Hemmesini Se.me.Se.im&i tersine .w.r.Se.....Se.me....Tiplerine g.r. se..Tiplerine g.ra se.me.700.U&ly Ikon.Ki.i Ikon.Tablissa.Jikme-jikleri.730.Sortlanmadyk.D.z G.rn...&2 Paneller.&Esbaplar.D..p Bukjany A..Bir Tekje .okary...ki Bukjalar....T.zele.Awtomatiki T.zele.750.Arhiw Esbaplary.Standart Esbaplar.Uly K
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8236
                                                                                                                                                                                                Entropy (8bit):6.029530102631068
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:6vCfchxHZbOVSVzaAP67peMNyE7nA95tLPggo:OxM0VLP677y4Y1PgF
                                                                                                                                                                                                MD5:D13839AF103477DF8CFD0BC2EB876EB0
                                                                                                                                                                                                SHA1:93AF39EBEB9677003DB67B386588409329104F4E
                                                                                                                                                                                                SHA-256:D04E5BD3BF1E3F3754C3603889AA1B659D1DAC518C5C6B5C1C49ECF16DCA1C01
                                                                                                                                                                                                SHA-512:DD79B5A8790E906E8BBE3FE69476126AB76ED472B4374E5FB7F4B272365BC305492832A1E3B95D22FC7D3C9EDD9B013C7BC8871C6BC85A717ACF3B361DA1900F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 2.30 : 2002-09-07 : Modern Tiger, kaZek, Hutu Li.; 3.08 : 2003-08-29 : Tunghsiao Liu.; 22.00 : 2022-06-09 : Tunghsiao Liu.; 24.05 : 2024-05-16 : MagicGenius.;.;.;.;.;.;.;.0.7-Zip.Chinese Simplified......401...........(&Y)..(&N)...(&C).......(&C).440...(&A)...(&L)...........(&B)...(&F)...(&P).............500...(&F)...(&E)...(&V)...(&A)...(&T)...(&H).540...(&O).......(&I).......(&U)...(&V)...(&E)....(&M)....(&C).......(&M)......(&D).....(&S)........(&B)......(&R)...(&N)........................(&X).........(&A).600...(&A)........(&I).....................................700....(&G)....(&M)...(&L).....(&D).730.............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7372
                                                                                                                                                                                                Entropy (8bit):4.909894601165032
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:/iCx+nicrSC2WgvUZ8I/MbcGr74hjN8H7+UeT5xMWcZlFi6lCg6l+Rl2NIqpClH5:/OnVInvQ5kN74nK+febFi6Yg62I7bPFI
                                                                                                                                                                                                MD5:F16218139E027338A16C3199091D0600
                                                                                                                                                                                                SHA1:DA48140A4C033EEA217E97118F595394195A15D5
                                                                                                                                                                                                SHA-256:3AB9F7AACD38C4CDE814F86BC37EEC2B9DF8D0DDDB95FC1D09A5F5BCB11F0EEB
                                                                                                                                                                                                SHA-512:B2E99D70D1A7A2A1BFA2FFB61F3CA2D1B18591C4707E4C6C5EFB9BECDD205D646B3BAA0E8CBD28CE297D7830D3DFB8F737266C66E53A83BDBE58B117F8E3AE14
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Feliciano Mart.nez Tur.; 9.07 : Juan Pablo Mart.nez.;.;.;.;.;.;.;.;.;.0.7-Zip.Aragonese.Aragon.s.401.Acceptar.Cancelar....&S..&No.&Zarrar.Aduya..&Continar.440.S. a &tot.No a t&ot.Aturar.Tornar a empecipiar.Se&gundo plano.P&rimer plano.&Pausa.Aturau.Yes seguro que quiers cancelar?.500.&Fichero.&Editar.&Veyer.&Favoritos.&Ferramientas.Ad&uya.540.&Ubrir.Ubrir &adintro.Ubrir &difuera.&Veyer.&Editar.Re&nombrar.&Copiar en....&Mover ta....&Borrar.Di&vidir o fichero....C&ombinar os fichers....&Propiedatz.Comen&tario.Calcular a suma de comprebaci.n.Diff.Creyar carpeta.Creyar fichero.&Salir.600.Seleccionar-lo &tot.Deseleccionar-lo tot.&Invertir selecci.n.Seleccionar....Deseleccionar....Seleccionar por tipo.Deseleccionar por tipo.700.Iconos g&rans.&Iconos chicotz.&Lista.&Detalles.730.Desordenau.Anvista plana.&2 panels.&Barras de ferramientas.Ubrir a carpeta radiz.Carpeta mai.Historial de carpetas....&Esviellar.750.Barra de ferramientas d'archivo.Barras de ferr
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8094
                                                                                                                                                                                                Entropy (8bit):5.214957275203997
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:C0DkhCKSxkMAluUHPTe9Dt2cVM9sefce+gELJvocyn01m6ptYMk0iLEkei2EW8pR:Ceod1y9DtX+9xVUJy05zk3f31D
                                                                                                                                                                                                MD5:5AF10C5616E0487D236C8CBE2F23A7A4
                                                                                                                                                                                                SHA1:2049E1A82A0AF13A8ED2CF9E4EB51F1DFD377480
                                                                                                                                                                                                SHA-256:F249930089C374EAB59078CF16B8652D443CF2A47485D737AE5A9FCA2957D6B9
                                                                                                                                                                                                SHA-512:8E2DB2769D8C9D4AF435986BC58F66F570C4D85BF7C8A2B9369F546CF45C0848A07986582E8E7F76A9AED569DA2774E5B19706EC77BFD41BB6B4AF86ABCFCEFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.00 : 2018-02-27 : Belkacem Mohammed.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kabyle.Taqbaylit.401.IH.Sefsex....&Ih.&Uhu.&Mdel.Tallelt..&Kemmel.440.Ih i &Me..a.Uhu i M&e..a.Se.bes.Ales tanekra.&Agilal.&A.awas Amezwaru.&R.u.I.bes.Teb.i. ad tsefsxe.?.500.A&faylu.&.reg.&Sken.I&nurifen.&Ifecka.&Tallelt.540.&Ldi.Ldi deg &ugensu.Ldi di B&erra.&Sken.&..eg.Snif&el Isem.&N.el .er....&Senkez .er....&Kkes.&B.u Afaylu....Sdu&kkel ifuyla....A&ylan.Awenn&it....Timernit n Usenqed.Ice..iq.Snulfu-d Akaram.Snulfu-d Afaylu.F&fe..Ase.wen.&Alternate Streams.600.Fren &Me..a.Kkes Afran i Me..a.&Tti Afran.Fren....Kkes Afran....Fren s Tawsit.Kkes Afran s Tawsit.700.Tig&nitin Timeqranin.T&ignitin Time.yanin.&Tabdart.&Talqayt.730.Ur Yettwafren ara.Askan Imlebbe..&2 Igalisen.&Ifeggagen n Ifecka.Ldi Akaram Agejdan.Yiwen Uswir d Asawen.Amazray n Ikaramen....&Smiren.Asmiren Awurman.750.Afeggag n Ifecka U.ba..Afeggag n Ifecka Alugen.Tiqeffalin Tihrawanin.S
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12387
                                                                                                                                                                                                Entropy (8bit):5.313192066737636
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:n4fuupdoCXs+8WFml8HKp2yj99UfdECKU/Gh6o:n4fuofsjrW5KmGh6o
                                                                                                                                                                                                MD5:A0C7EB5D5A5DD7AB6F4C1E4FEF092256
                                                                                                                                                                                                SHA1:F121129211DBEDBA3C440267FD9BD1C636E263C2
                                                                                                                                                                                                SHA-256:9F70F1943A8E0A9B9040D1F769CA2494C2B83CEB8DC55B08DB1FC3E6973AD835
                                                                                                                                                                                                SHA-512:F864C9AC99EDC97968FECA96919A412E87C27457F5E0A8956DCECF37351CE7AEAF0E745343A649743D665B46BE108B3CC5BAFD92029D25D5A5D9BF6C390E5149
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : : Komuro.; : : Mick.; : : 2chBBS-software.; : : Crus Mitsuaki.; 9.23 : 2011-06-22 : nabeshin.; 22.00 : 2022-06-20 : Rukoto Luther.; 24.06 : 2024-06-15 : Stepanushkin Dmitry.;.;.;.;.0.7-Zip.Japanese.....401.OK............(&Y)....(&N)....(&C)........(&C).440......(&A).......(&L)................(&B).........(&F).....(&P)....................?.500.....(&F)...(&E)...(&V)......(&A)....(&T)....(&H).540...(&O).7-Zip ...(&I)........(&U)...(&V)...(&E)......(&M)....(&C)......(&M)......(&D).......(&S)..........(&B).........(&R).....(&N)..................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6029
                                                                                                                                                                                                Entropy (8bit):4.993685353064603
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:TqjTBrLVXTzyIu8alVMSv5FbPtnG5kSksLzJ94KoD0vL0L5nsseiF3F3NPYrAE6g:Y1HyOmX5pPtnMzkYJ9HoD00xNPEAErS8
                                                                                                                                                                                                MD5:03D38F09189799A0D927727D071C54B6
                                                                                                                                                                                                SHA1:17FF3A2C83E6A0B0733F2A9A8CE6B83AF4F1B137
                                                                                                                                                                                                SHA-256:C1C050ED6FE2F8FBC048FD7D82944B8ADA784415B6E62316D590C3C7AA45E112
                                                                                                                                                                                                SHA-512:E511C1A271A3D78CB7F6111759EEC4D7CFC2D46F71F87AA3C4AC1BB11CD4E55E7D4DBE54F9C5107025FFE8C5FCADAD4359DC673BC802B82388E74A8F2FA60FF7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : Berend Ytsma.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Frisian.Frysk.401.Okee.Ofbrekke....&Jawis.&Nee.&Slute.Help..&Ferfetsje.440.Jawis foar &Alles.Nee foar A&lles.Stopje.Opnij begjinne.&Eftergr.n.&Foargr.n.&Skoftsje.Skoft.Binne jo wis dat jo .fbrekke wolle?.500.&Triem.&Bewurkje.&Byld.B&l.dwizers.&Ark.&Help.540.&Iepenje.Iepenje &yn.Iepenje b.&ten.&Byld.&Bewurkje.Omne&ame.&Kopiearje nei....&Ferpleats nei....&Wiskje.Triemmen &spjalte....Triemmen Kom&binearje....E&igenskippen.Komme&ntaar.Kontr.lesom berekenje..Map meitsje.Triem meitsje.U&tgong.600.&Alles selektearje.Alles net selektearje.&Seleksje omdraaien.Selektearje....Net selektearje....Selektearje neffens type.Net selektearje neffens type.700.Gru&tte Ikoanen.L&ytse Ikoanen.&List.&Details.730.Net Sortearre.Platte werjefte.&2 Panielen.&Arkbalke.Haadmap iepenje.Ien nivo omheech.Maphistoarje....&Ferfarskje.750.Argyf arkbalke.Standert arkbalke.Grutte knoppen.Knoptekst sjen litte.800.Map oan bl.dwizers &taheakje as.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10040
                                                                                                                                                                                                Entropy (8bit):5.033364801945333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bBLhu312JnrmZ80+hs6MKaZy5HH9+jieCn6abdXdg9R49:bbhJnro80+X1HQT6fg9G9
                                                                                                                                                                                                MD5:9A2FC6431192E6FC18871DA5D4ADC467
                                                                                                                                                                                                SHA1:EEA02FAF56E746DFADF67C5FE4E12A79EA2FB089
                                                                                                                                                                                                SHA-256:4FD993DBAE9606C062DC3511292274631335956A016B74B3061BAB55F7D9C736
                                                                                                                                                                                                SHA-512:A4945CD1522FD2A57960959C4937C55920520BE615F3CB84CBE74842479D426AFF28F3E041FA61A338B121CA3BE64EFC4C128CA94A48B4D994EEA79A42AAB7F9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 4.59 : Lucian Nan.; 23.00 : 2023-07-22 : Marius Hudea.; 24.05 : 2024-05-19 : Miloiu Andrei-Valentin.;.;.;.;.;.;.;.;.0.7-Zip.Romanian.Rom.n..401.Bine.Anulare....&Da.&Nu..n&chide.Ajutor..&Continu..440.Da, pentru &toate.Nu, pentru t&oate.Opre.te.Restarteaz...n &fundal.La &suprafa...&Pauz...n pauz..E.ti sigur c. vrei s. anulezi?.500.&Fi.ier.&Editeaz..&Vizualizeaz..Fav&orite.&Unelte.&Ajutor.540.&Deschide.Deschide .&n.Deschide .n &afar..&Vizualizez..&Editeaz..&Redenume.te.&Copiaz. la....&Mut. la.....ter&ge.Segmenteaz. &fi.ierul....Com&bin. segmente....&Propriet..i.Comen&tariu.Calculeaz. cod verificare.Diferen...Creaz. director.Creaz. fi.ier.&Ie.ire.Scurt.tur..Fluxuri de date &alternative.600.&Selecteaz. toate.&Deselecteaz. toate.&Inverseaz. selec.ia.Selecteaz.....Deselecteaz.....Selecteaz. dup. tip.Deselecteaz. dup. tip.700.PIctograme m&ari.Pictograme m&ici.&List..&Detalii.730.Nesortat.Vedere &plan..&2 panouri.Bare de &
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8251
                                                                                                                                                                                                Entropy (8bit):5.19488137916907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:IHrcQOp6UkYC3kMQVtxXYrqYlMtiMeQIFTYENLlr7mAzNtcjpuqd/WWQse:IH3OpXBUMeQIFTYGr9NtycmW
                                                                                                                                                                                                MD5:C8F31D6ADEE368CA0AA00350DF0D82DF
                                                                                                                                                                                                SHA1:4146C7C62DD46B2C43C92CDF33E45FA7E2272D04
                                                                                                                                                                                                SHA-256:DC61090369E1269A68C75E472D863AAF42207F702B3D3E12CA48D2852E1478E3
                                                                                                                                                                                                SHA-512:758AF54A33DC243992324974F01707C8027BE7BDC7D07187A28038F4C9D8F7681D989B66F56A13B86E99C8BC74D80A70FA44BD5DD9532C99B78DF7985B397ED8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 19.02 : 2019-11-12 : Stef.n .rvar Sigmundsson.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Icelandic..slenska.401.. lagi.H.tta vi.....&J..&Nei.&Loka.Hj.lp..&Halda .fram.440.&J. vi. .llu.&Nei vi. .llu.St..va.Endurr.sa.&Bakgrunnur.&Forgrunnur.&Gera hl... hl.i.Ert .. viss um a. .. viljir h.tta vi.?.500.&Skr..&Breyta.&Sko.a.&Upp.hald.&Verkf.ri.&Hj.lp.540.&Opna.&Opna a. innanver.u.&Opna a. utanver.u.&Sko.a.&Breyta.&Endurnefna.&Afrita .....&F.ra .....&Ey.a.&Klj.fa skr.....&Sameina skr.r....&Eiginleikar.&Gera athugasemd....Reikna samt.lu.Mismunur.Skapa m.ppu.Skapa skr..&H.tta.Tengill.&V.xlstraumar.600.&Velja allt.&Afvelja allt.&Umsn.a vali.Velja....Afvelja....Velja eftir tegund.Afvelja eftir tegund.700.&St.rar t.knmyndir.&Sm.ar t.knmyndir.&Listi.&Sm.atri.i.730..flokka..Flats.n.&2 spj.ld.&Verkf.rastikur.Opna r.tarm.ppu.Upp um eitt stig.M.ppusaga....&Endurgl..a.Sj.lfendurgl..un.750.Safnverkf.rastika.St..lu. verkf.rastik
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9906
                                                                                                                                                                                                Entropy (8bit):4.823682778375202
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:0uk7PN270x4ndKLWwjJ8Y1+rUtOGj10KRuNnoyYe4Y8nEkglgSgZDaOIgmHqJ4V:GIwyeWtY1+AtOGRZyYe98EkglgSgZDaZ
                                                                                                                                                                                                MD5:AA7B46B6DDD673BC06BD90187E552743
                                                                                                                                                                                                SHA1:2C11A1E5F97AC1415073C2C953CD92018CF3EB93
                                                                                                                                                                                                SHA-256:EFB1AED5C52AF731A733C720B6F5479898C9DE28367A5DE4C80F697FB745546A
                                                                                                                                                                                                SHA-512:10C262122417B081D0403F9C917A4BEBA34078CA52E88478EBD2C0B6956AA6B61B34511FAC71E87578D56AE1F5ACDC265CDDAC8C92B9F14757DAA75042DFC7AA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Leandro Spagnol.; : Vincenzo Reale (some corrections).; 15.05 : 2015-06-17 : TJL73.; 17.00 : 2017-02-01 : Massimo Castiglia.; 18.03 : 2018-01-15 : POLAR.; 24.04 : 2024-04-05 : TJL73.;.;.;.;.;.0.7-Zip.Italian.Italiano.401.OK.Annulla....&S..&No.&Chiudi.Aiuto..&Continua.440.S. per &tutti.No per t&utti.Arresta.Riavvia.&In background.&In primo piano.&Pausa.In pausa.Sei sicuro di voler annullare?.500.&File.&Modifica.&Visualizza.&Preferiti.&Strumenti.&Aiuto.540.&Apri.Apri in &7-Zip File Manager.Apri in E&xplorer.&Visualizza.Modifica con l'&editor predefinito.Rino&mina.&Copia in....&Sposta in....&Elimina.Sud&dividi il file....&Unisci i file....&Propriet..Comme&nto....Calcola chec&ksum.Comparazione differenze (Diff).Crea cartella.Crea file.E&sci.Collegamento.&Alternate Data Streams.600.&Seleziona tutto.&Deseleziona tutto.In&verti selezione.Seleziona....Deseleziona....Seleziona per tipo.Deseleziona per tipo.700.Icone &grandi.Icone &piccole.&Elenco.&Dettagli
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12387
                                                                                                                                                                                                Entropy (8bit):5.313192066737636
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:n4fuupdoCXs+8WFml8HKp2yj99UfdECKU/Gh6o:n4fuofsjrW5KmGh6o
                                                                                                                                                                                                MD5:A0C7EB5D5A5DD7AB6F4C1E4FEF092256
                                                                                                                                                                                                SHA1:F121129211DBEDBA3C440267FD9BD1C636E263C2
                                                                                                                                                                                                SHA-256:9F70F1943A8E0A9B9040D1F769CA2494C2B83CEB8DC55B08DB1FC3E6973AD835
                                                                                                                                                                                                SHA-512:F864C9AC99EDC97968FECA96919A412E87C27457F5E0A8956DCECF37351CE7AEAF0E745343A649743D665B46BE108B3CC5BAFD92029D25D5A5D9BF6C390E5149
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : : Komuro.; : : Mick.; : : 2chBBS-software.; : : Crus Mitsuaki.; 9.23 : 2011-06-22 : nabeshin.; 22.00 : 2022-06-20 : Rukoto Luther.; 24.06 : 2024-06-15 : Stepanushkin Dmitry.;.;.;.;.0.7-Zip.Japanese.....401.OK............(&Y)....(&N)....(&C)........(&C).440......(&A).......(&L)................(&B).........(&F).....(&P)....................?.500.....(&F)...(&E)...(&V)......(&A)....(&T)....(&H).540...(&O).7-Zip ...(&I)........(&U)...(&V)...(&E)......(&M)....(&C)......(&M)......(&D).......(&S)..........(&B).........(&R).....(&N)..................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17799
                                                                                                                                                                                                Entropy (8bit):3.496980139147961
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:E1OSMW33zMcaSwOgS6YQ9g/t+25rTHTIa5OVBUPSIqGA:EttJhq
                                                                                                                                                                                                MD5:C99E6572F5638599DBCA2CEAC337A320
                                                                                                                                                                                                SHA1:73C64554A00C6D5A3DAB8A2E7BD50426D6C7B6F4
                                                                                                                                                                                                SHA-256:8DD6073B585DD2E9D8CDD8E0FCE7DFEAF2F5A2D8BFC3059F67EAA3D8B5EB2D9E
                                                                                                                                                                                                SHA-512:CDE3D44793D1ABAB3B8D0BA71D1AF85C7CA49B37F4331B43D546D1F2022FC9CEDD1188869ACEE5BF9B74046788DAF26F4E4658AF86663065339103D2A602F7AA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.23 : 2011-09-25 : Translated by Giorgi Maghlakelidze, original translation by Dimitri Gogelia.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Georgian.........401.OK.............&.....&....&...................&...........440..... &............... ...&..........................&........&.... .......&.........&.................... ..... .......... ........?.500.&......&...........&......&........&............&..........540.&............. &............. ..&......&.............&......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7698
                                                                                                                                                                                                Entropy (8bit):5.071278892240066
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:KoAZ/jQKbqhsAdNrd6FBf9vQqiQw9aBhbHTYJsVOxTSv:KoANnYsgLqi+BBHMJssxWv
                                                                                                                                                                                                MD5:FFC17520FB68FE464650B2F78E15AB5D
                                                                                                                                                                                                SHA1:2B83034AC04640160DDAA8E797FAA5D8C80F956B
                                                                                                                                                                                                SHA-256:24F7325271DD7AD2B63E977841D2F06ED0194BD9257F0DB460DF32BAEEEC4746
                                                                                                                                                                                                SHA-512:4F1483796A8EF95B2BE61811A6566EA2E19564F37733647B6EB4E1C82A8DA8FA927AFDF024A247FC7E70088F63133A7843FE6129B77B2ADA01E39A1E814429C7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Atabek Murtazaev.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Karakalpak - Latin.Qaraqalpaqsha - Lat.n.401.OK.Biykar etiw....&Awa.&Yaq.&Jab.w.Ja'rdem..&Dawam etiw.440.&Barl.g'.na awa.Ba&rl.g'.na yaq.Toqtat.w.Qaytadan baslaw.&Artq. fong'a.Ald.ng'. &fong'a.&Pauza.Pauza q.l.ng'an.An.q biykar etiwdi qa'leysizbe?.500.&Fayl.&Du'zetiw.&Ko'rinis.&Sayland.lar.A's&baplar.&Ja'rdem.540.&Ash.w.&.shinde ash.w.&S.rt.nda ash.w.&Ko'riw.&Du'zetiw.At.n o'&zgertiw.Bul jerge &nusqas.n al.w....Bul jerge ko'shiriw....O'shiriw.&Fayld. bo'liw....Fayllard. &biriktiriw....Sazlawla&r.Kom&mentariy....Qadag'alaw summas..Diff.Papka jarat.w.Fayl jarat.w.Sh&.g'.w.600.Barl.g'.n &saylaw.Saylawd. al.p taslaw.Saylawd. &teris awdar.w.Saylaw....Saylawd. al.p taslaw....Tu'ri boy.nsha saylaw.Tu'ri boy.nsha saylawd. al.p taslaw.700.U'&lken ikonalar.Kishi &ikonalar.&Dizim.&Keste.730.Ta'rtipsiz.Tegis ko'rinis.&2 panel.&A'sbaplar paneli.Derek papkas.n ash.w.Bir da'reje joqa
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8094
                                                                                                                                                                                                Entropy (8bit):5.214957275203997
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:C0DkhCKSxkMAluUHPTe9Dt2cVM9sefce+gELJvocyn01m6ptYMk0iLEkei2EW8pR:Ceod1y9DtX+9xVUJy05zk3f31D
                                                                                                                                                                                                MD5:5AF10C5616E0487D236C8CBE2F23A7A4
                                                                                                                                                                                                SHA1:2049E1A82A0AF13A8ED2CF9E4EB51F1DFD377480
                                                                                                                                                                                                SHA-256:F249930089C374EAB59078CF16B8652D443CF2A47485D737AE5A9FCA2957D6B9
                                                                                                                                                                                                SHA-512:8E2DB2769D8C9D4AF435986BC58F66F570C4D85BF7C8A2B9369F546CF45C0848A07986582E8E7F76A9AED569DA2774E5B19706EC77BFD41BB6B4AF86ABCFCEFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.00 : 2018-02-27 : Belkacem Mohammed.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kabyle.Taqbaylit.401.IH.Sefsex....&Ih.&Uhu.&Mdel.Tallelt..&Kemmel.440.Ih i &Me..a.Uhu i M&e..a.Se.bes.Ales tanekra.&Agilal.&A.awas Amezwaru.&R.u.I.bes.Teb.i. ad tsefsxe.?.500.A&faylu.&.reg.&Sken.I&nurifen.&Ifecka.&Tallelt.540.&Ldi.Ldi deg &ugensu.Ldi di B&erra.&Sken.&..eg.Snif&el Isem.&N.el .er....&Senkez .er....&Kkes.&B.u Afaylu....Sdu&kkel ifuyla....A&ylan.Awenn&it....Timernit n Usenqed.Ice..iq.Snulfu-d Akaram.Snulfu-d Afaylu.F&fe..Ase.wen.&Alternate Streams.600.Fren &Me..a.Kkes Afran i Me..a.&Tti Afran.Fren....Kkes Afran....Fren s Tawsit.Kkes Afran s Tawsit.700.Tig&nitin Timeqranin.T&ignitin Time.yanin.&Tabdart.&Talqayt.730.Ur Yettwafren ara.Askan Imlebbe..&2 Igalisen.&Ifeggagen n Ifecka.Ldi Akaram Agejdan.Yiwen Uswir d Asawen.Amazray n Ikaramen....&Smiren.Asmiren Awurman.750.Afeggag n Ifecka U.ba..Afeggag n Ifecka Alugen.Tiqeffalin Tihrawanin.S
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10328
                                                                                                                                                                                                Entropy (8bit):4.601143849904046
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:y/vuZGpufsiAAsiNSFT5JD7HahEPpBwwKOAmiyUSbD0A:y/vuZGMfjzRNGGhEP8DXyUSX0A
                                                                                                                                                                                                MD5:407130A212CFAC68FA4873B0381B2CB1
                                                                                                                                                                                                SHA1:C0C9B84CC79619D27536E9F50F25D81237B234D3
                                                                                                                                                                                                SHA-256:F813EAC0B284EDCE156DD1E6B7EA75B027F4342E04D8B8DB1131894A227A4562
                                                                                                                                                                                                SHA-512:E80AFDF726CCC5D495F62A9B289EE31703F151EA01EBA32AD7D2DA306C2C07DE2F9049DC6592C3C962B7CC2CBE352B8B7A19E9DBCF7B3C6B61DCC4026B70C151
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Arslan Beisenov, Arman Beisenov.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kazakh.........401......................&...&....&...............&...........440....... &......... &................. .... .....&......&....... .........&.......................... ....... ..... ..?.500.&.....&......&........&..........&......&.........540.&.......... &............ ..........&........... .....&..........&...........&.......... ................... ...........................&................. .......Diff.&..... .......... ...........600...... ..................... ........&........... ...................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10267
                                                                                                                                                                                                Entropy (8bit):5.605372926696787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:X4S/0htQjcT2DFzg6Whd4FV6SLRVLrbqvTp4kCs1qeb:P/0ht0cT2DNyh2FJFVLPW4+ok
                                                                                                                                                                                                MD5:E85AE412871344211D00326D3DF2534D
                                                                                                                                                                                                SHA1:4A770EEE2EF9F302B8190C8BBE3988A5D7C90E5E
                                                                                                                                                                                                SHA-256:3EA103FFD2FF97E211C7ADE3A79A882B494FE416BC56BD05F42F2E82158A7A03
                                                                                                                                                                                                SHA-512:09EABFA3997F201F8402DC803319EE0DDC4007EF268AD44309FE78F9E2710D1A10930F2E89F2C0B201D1094C53F5CB7783E492503EB4737B2E3FDC1F39B69EF6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : ZannyLim (...).; : bzImage.; 4.52 : Hyeong il Kim (kurt Sawyer).; 9.07 : Dong-yoon Han (...).; 15.12 : Winterscenery (Ji-yong BAE).; 24.05 : Winterscenery (Ji-yong BAE).;.;.;.;.;.0.7-Zip.Korean.....401...........(&Y)....(&N)...(&C)........(&C).440... .(&A)... ...(&L)...... .........(&B)... ...(&F).....(&P).......... ........?.500...(&F)...(&E)...(&V).....(&A)...(&T)....(&H).540...(&O)... ..(&I)... ..(&U)... ..(&V)...(&E)... ...(&M)...(&C)......(&M)......(&D)... ..(&S)...... ..(&B)......(&R)...(&N)....... ........ ...... ......(&X)...... ...(&A).600... ..(&A)... .. ..... ..(&I)......... ......... .....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11933
                                                                                                                                                                                                Entropy (8bit):4.4743589010781175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:FxV9LYmQ441Ye2LFuoWSD8T+srvk2VWpfLEwAcADwoA2FwP8PCsucC6LvS4tKs4f:Qml14LThvcpf+A2Fpg7Gip
                                                                                                                                                                                                MD5:8C3F9AD9C824DCF74A09C9D406DB22E7
                                                                                                                                                                                                SHA1:0C683BB56A13C3FBCA664F1E4C6C98D0F7AEC8BC
                                                                                                                                                                                                SHA-256:B8B7DB8C139B19D414CEF35AE96D854D5A8364C32B0C3FDC4CAC331B5AF44C16
                                                                                                                                                                                                SHA-512:DA33D4098679A14D2F434221EF968951407727126B12404C8B6C3E2AD6FA346D9D515DEA940F9109D5D196E648583124F31A1D27CF518AB19E3DCAD673C027CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Ara Bakhtiar.; 4.66 : Ara Qadir.;.;.;.;.;.;.;.;.;.0.7-Zip.Kurdish - Sorani.......401.......................&.....&......&................&.............440..... .. &........... .. ..&...........................&...........&.........&....................... .. ...............500.&.....&.........&.......&..........&...........&........540.&............... ..&... ............ .. &.......&......&.........&.........&............ ......&......... ......&........&........ .........&...... ....... ............&..................&............. checksum............ ................ .......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5370
                                                                                                                                                                                                Entropy (8bit):5.1403349462862655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:TF4kLCz94zsWXCgceerMLYVX0r/TL9PWE8OLBMTUgJiRNJ5zBD0N+VrmifAAec1T:94m3CjrMLY+LNPwOJgJiRj0tgAXc1jv
                                                                                                                                                                                                MD5:28E69DD6E397FA98C07088E4CDBEF1F4
                                                                                                                                                                                                SHA1:56E4A46B5C7360F609683562E617C75C28CD447C
                                                                                                                                                                                                SHA-256:57AE544F3F9E8BF5D96CE1F9CFE5648EB6C1E2F5604DA6EB0C80AE24BC1A40D7
                                                                                                                                                                                                SHA-512:6BDE04F3BBD42E73EA3E0A93E8EF69149F25DAE491051D1655A85718AF4D51F5247C610D87C20227F94BEEEBA038D54F7B213B0443382D080E87722485941AAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Rizoy. Xerz..;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kurdish.Kurd..401.Temam.Betal....&Er..&Na.Bi&gire.Al.kar...Bi&dom.ne.440.&Ji Bo Hem.y. Er..Ji &Bo Hem.y. Na.Raweste.D.sa Destp.ke.L%i Pi.t.Li &P...&Rawest.ne.Rawestiya -.Ma bila betal bibe?.500.&Dosya.&Bipergal.ne.&N..an Bide.Bi&jare.&Am.r.A&l.kar..540.&Veke.&Di Panel. De Veke.Di &Pacey. De Veke.&N..an Bide.&Sererast bike.&Navek. N. Bid..&Ji Ber Bigire.B&ar Bike.J. B&ibe.Par.e Bi&ke....Bike &Yek....&Taybet..Da&xuyan..checksum heseb bike..Pe&ldankeke N..Do&siyeke N..De&rkeve.600.&Hem.y. hilbij.re.He&m. hilijartin. rake.Be&revaj. w. hilbij.re.&Hilbij.re....Hilbijarti&n. Rake....V. curey. hilbij.re.Hilbijartina cure rake.700.&Daw.r.n Mezin.D&aw.r.n Bi..k.&L.ste.&H.ragah..730.B. Dor.xuyakirina sade.&2 Panelan veke.Da&rik. am.ran.Peldanka Kok Veke.Astek. Berjor.D.roka Peldank.....&N. Bike.750.Darik. ar..v..Darik. standart.Bi.kojk.n mezin.Bila niv.s
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12052
                                                                                                                                                                                                Entropy (8bit):4.593559236039092
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:EVt6Fm0NMfdCluobJcX4/xBjnBmeevaMHYXk8ogjES+UntpdLCKmYcBp7a:EVSm0NMfdClucJcX4/xBVmKM4Xk8oJSj
                                                                                                                                                                                                MD5:E50C04D913DC92251AA6781C02E0BD45
                                                                                                                                                                                                SHA1:57E68C80B23A9B1BD689CCD81CBCD91E0CAE6AAC
                                                                                                                                                                                                SHA-256:9A9E4DDACC494EAAA386F1220837020F332A49E7FFF7F0BF8C38C847390DAB18
                                                                                                                                                                                                SHA-512:C428CAF314F79D533246CEE4015411102ED836D0173F67F3B2F4C61C3F3F81BE7FB2FFF7D3E863E999617BA05FD6F7FEF4B67CFF8557E1D0C86035ED29DAA2CE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20 : Kalil uulu Bolot.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kyrgyz..........401.OK..........&.....&....&..............&........440..... &........... .&...... ................ ........&......&....... .......&..................... ... ... .......... ........... ..... ......?.500.&.....&......&.....&...........&......&.......540.&........&... ..........&... ...........&................& .........&.... ...........&.... ..... ...........&.........&... ...............&........ ............&..........&................. .........Diff.&...... ...........&. .........&.....600....... .&..............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7471
                                                                                                                                                                                                Entropy (8bit):4.976709314177123
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:21Oo14rh/0lXjPqDp2h+O0k2r/2T7tQpl:21OoqUDureT7tQpl
                                                                                                                                                                                                MD5:58FF044FE195453F797DD1AC6903ABF9
                                                                                                                                                                                                SHA1:4B8DAE21DD14AC6DAA1DECF804336A1AAE169AA9
                                                                                                                                                                                                SHA-256:D9BB6BFC127938C47B43290241378887085314AD1326095934A362CD9836B560
                                                                                                                                                                                                SHA-512:861300FE39FF0DACA00B4CB56C4075AFBA2BB3A1654BCF35713251237630206F06BC63D7F339ECFF040C9EA1F5B7094A11FE57C5848E91DB9000F48D166AB1BE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : GENOVES.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Ligurian.Zeneize.401.D'ac.rdio.Anulla....&Sci.&No.S.&ra.Agiutto..&Continoa.440.Sci pe &Tutti.No pe T&utti.Ferma.Inandia torna.Into &sfondo.&In primmo cian.&Paoza.In paoza.Ti . seguo de voei anul.?.500.&Archivio.&Modifica.&Vixoalizza.&Preferii.&Strumenti.A&giutto.540.&Arvi.Arvi into Manezat. d'archivi 7-Zip.Arvi inte Explorer.&Vixoalizza.&Modifica.Ri&nomina.&C.pia inte....&Sp.sta inte....Scancel&la.&Dividi l'archivio....&Unisci i archivi....P&ropiet..Comen&ta....Calcola somma de contr.llo.Dif.Crea cartella.Crea archivio.Sc&i.rti.600.Sele.ionn-a &tutto.Desele.ionn-a tutto.In&verti sele.ion.Sele.ionn-a....Desele.ionn-a....Sele.ionn-a pe tipo.Desele.ionn-a pe tipo.700.Figue &grende.Figue picinn-e.&Listin.&D.ti.730.Nisciun ordine.Vista ciatta.&2 barco.n.Bare di &Strumenti.Arvi cartella prin.ip..Livello supei..Cronologia....&Agiorna.750.Bara di strumenti Archivio.Bara di strumenti Normali.Figue grende.Mos
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9030
                                                                                                                                                                                                Entropy (8bit):5.086332956902943
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3Lr7I2B5SmXxKKB7X47iyaljy7Peu1T96mo:3Lr1LBKKa7ipjy6ux96mo
                                                                                                                                                                                                MD5:B8056CBA4EDEB98D298D16EDBC34D678
                                                                                                                                                                                                SHA1:A4D39C3EDA31F8CE72C62E1DB91DEEABC884CEB0
                                                                                                                                                                                                SHA-256:9C15DB408E32DC699F598AAB30F539F91A212E5FBAEE2095022E24B3F1F09ECD
                                                                                                                                                                                                SHA-512:5C3FB76A5502C7C0312A32CFF38F99C303225C31C3E5C6041765BC2BEB0E9D5AC9CB4F543B80ECA969D54723A52122601B2074AFA8991AD64B92CFDA91104DC6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : Marius Navickas.; 4.57 : Domas Jokubauskis.; 15.05 : Vaidas777.;.;.;.;.;.;.;.;.0.7-Zip.Lithuanian.Lietuvi..401.Gerai.At.aukti....&Taip.&Ne.&U.daryti.Elektroninis .inynas..&T.sti.440.T&aip Visiems.Ne v&isiems.Sustabdyti.I. naujo.&Fone.&Pirminis procesas.&Laikinai sustabdyti.Laikinai sustabdyta.Ar j.s esate tikri, kad norite at.aukti?.500.&Failas.K&eisti.&Rodyti.M.gi&amiausi..ran&kiai.&Elektroninis .inynas.540.&Atverti.Atverti v&iduje.Atverti i.&or.je.&Rodyti.K&eisti.Pervadi&nti.&Kopijuoti .....&Perkelti ......alin&ti.&Skaidyti fail.....Jungti &failus....Savy&b.s.Kome&ntuoti.Skai.iuoti kontrolin. sum..Sulyginti.Sukurti aplank..Sukurti fail..I.ei&ti.Nuoroda.&Alternatyv.s srautai.600.Pa.ym.ti &visk..Nu.ym.ti visk..Atv&irk.tinis .ym.jimas.Parinkti....At.ym.ti....Pasirinkti pagal tip..At.ym.ti pagal tip..700.Did&el.s piktogramos.&Ma.os piktogramos.&S.ra.as.&I.samiai.730.Ner..iuotos.Nepaisyti aplank..&2 skydeliai.&
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5016
                                                                                                                                                                                                Entropy (8bit):5.202718875099834
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:UnbIMLOcn+2YYrzNOw/tglixPmncrwQMpp7urX:5MBQs9encsQCps
                                                                                                                                                                                                MD5:056327042B9CFD5FCB5F788F22112D62
                                                                                                                                                                                                SHA1:FAE6324417DC88E9A9BB0FBAC9B4D4CE61C1980E
                                                                                                                                                                                                SHA-256:533F9FF016E7BB36216665CCA1065139A35D8DA71651678814415FF457A9BE7D
                                                                                                                                                                                                SHA-512:FE853C2042251B3987C169F8241E0B3B0F1C3AE039DC7786B07E0DB07E8A6B0F89E1D478F27D3C8DFD69473E6C6118CE13A39D7DE84A22A3C2A660652B852660
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.10 : Armands Radzu.ka.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Latvian.Latvie.u.401.&Labi.&Atcelt....&J..&N..Aiz&v.rt.&Rokasgr.mata..&Turpin.t.440.J. &visiem.N. v&isiem.Stop.P.rstart.t.&Fon..&Priek.pl.n..Pa&uze.Pauz.ts.Vai piekr.tat p.rtraukt .o darb.bu?.500.&Fails.&Labo.ana.&Izskats.Ie&cien.t.s.&R.ki.&Pal.dz.ba.540.&Atv.rt.Atv.rt &iek.pus..Atv.rt .rp&us..Ap&skate.&Labot.P.&rd.v.t.&Kop.t uz....P.r&vietot uz....&Dz.st.&Sadal.t failu....Ap&vienot failus.....pa..&bas.&Piez.mes...Izveidot &mapi.Izveidot &failu.&Beigt.600.Iez.m.t &visu.Atcelt vis&u.I&nvert.t iez.m.jumu.Ie&z.m.t....&Atcelt....I&ez.m.t p.c tipa.A&tcelt p.c tipa.700.&Lielas ikonas.&Mazas ikonas.&Saraksts.S.&k.k.730.&Ne..irot..&2 pane.i.&R.ku joslas.&Atv.rt saknes mapi.L.meni &uz aug.u.Mapju &v.sture....&P.rlas.t.750.Arh.va r.ku josla.Standarta r.ku josla.Lielas pogas.Par.d.t pogu tekstu.800.&Pievienot mapi iecien.taj.m k..Iecien.t.s.900.&U
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8352
                                                                                                                                                                                                Entropy (8bit):4.184447797063497
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:6Bs6ZfGCRhROvyepYP3abUeXUlWDyos3d8K/FAK1MbNH1hjg:6BPrhRyfpYP3wCl+E8K/FAK1Mbl12
                                                                                                                                                                                                MD5:C16E6946F912B49963BFA7E44BE2F7A0
                                                                                                                                                                                                SHA1:496922AD3E59737AC64289EE685F2FADAA942755
                                                                                                                                                                                                SHA-256:90EFCA5F6B8E37B963F7E42F700938440171942E0DE0AB8BAEB08912C0952957
                                                                                                                                                                                                SHA-512:55FEEA50104ED2249E6F5018B6883F89ACBCC0396E80349653356F40329C4A420584B29734CD1CA8930E9A383DA427EC979815CC3DA3F6F59AD8948B2262E874
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Gabriel Stojanoski.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Macedonian............401..............&...&...&................&........440... &....... .&.........................&.......&.......&.................... ....... ...... .. ........?.500.&.........&......&.......&........&.......&......540.&............. &............. &.......&.......&......&............&....... ......&........ ......&........&...... ...............&....... ............&................&................. ................... .........&.......600........... &............... ...&....... ............................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8069
                                                                                                                                                                                                Entropy (8bit):4.491280092053577
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:4NYic61W9cfCzaAhqbMUrJt6klXVUatQT+0V2sS14/g1Pa7fC:Uc2nFrJ8IXBQCG7Qam
                                                                                                                                                                                                MD5:1088565A362EBAD250975F46F8A94328
                                                                                                                                                                                                SHA1:406593AC2E74B8911DDA720952B7AFF6C4B5C145
                                                                                                                                                                                                SHA-256:C6A6CC400EE7420BFB680D71B43A9BE1FBC75D7B98AE2B6FFE98229D5EEFADCA
                                                                                                                                                                                                SHA-512:500093986EF49C23829D99251F0ADCD20A6D348A91C74362E95E6D8E73B83F7AD665CB49DA3E47DA1EC671842ABCC2D824850D243EE8D39C41E3568F9C2C89C4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Bayar.; : Bayarsaikhan.;.;.;.;.;.;.;.;.;.0.7-Zip.Mongolian....... ....401.............&.....&.....&..............&...........440....&. ......... .&.............. ........&.. .....&.... ....&... ........ .......... ....... ..... ... ..... ..?.500.&.....&......&.........&..... .....&...........&........540.&.......... &.......... &.....&......&............. .&........... &................ &........&.......&.... ................... ...........&........ ........&............. ........... .........&....600........ ..&............. ......&......... ..................................... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19786
                                                                                                                                                                                                Entropy (8bit):3.4834684083480845
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:CcI/ZsPpGl9ZjeWe4vt/lx5qI4qwRXoFYvNCrSFbF7FdF+pIAZMijZdcdap4daBj:OUGxjeWe4vt/lvPIXTaGF+pPZZ7Ro/50
                                                                                                                                                                                                MD5:A10D62CB5875CC96D53E4BC02724F366
                                                                                                                                                                                                SHA1:BB8D2F73109084A9A11246733E5DA148D964D6EA
                                                                                                                                                                                                SHA-256:2E488EF05895B93ACA2B5F72EA08DA887722215D1B4CB85B12942EA32641DA2B
                                                                                                                                                                                                SHA-512:B01FCFA48883431BA98522C74A8AE9511BD6F122613E80A0439A049B8F509D689B89A59F280335532AF284A351C52F44313A4961EA5ACBFAF7EA2617AF75E797
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20:.; Saqirilatu Mongolqileb.; last updated: 2014-1-1.;.;.;.;.;.;.;.;.0.7-Zip.Mongolian (Unicode)....... .....401...................... (&Y)..... (&N)....... (&C)..................... (&C).440....... .... (&A)....... .... (&L)................ ........... ..... (&B)....... ..... (&F).......... (&P)........ .......... ...... ........ .. ..500...... (&F)............ (&E)...... (&V)........... (&A)....... (&T)........... (&H).540......... (&O)...... ..... ... ........ (&I)...... ..... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21169
                                                                                                                                                                                                Entropy (8bit):3.6500180773175783
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:NSzhkx60rKSu1t5tO2lV6rxhA/1bRRsMQSJNg4T4H84zQ9gZGvlLk2+ZuYbzw:Kkx6MqVUSJNVCw
                                                                                                                                                                                                MD5:2BE2F9C77556CA413B590B8477DF5499
                                                                                                                                                                                                SHA1:DD5CE617642C977470AA20C6DC6815728C779245
                                                                                                                                                                                                SHA-256:5A85CC532F802DA683374C3F4C98E3F37425CF304D6772BA554D2C49BAC7BE0B
                                                                                                                                                                                                SHA-512:3BA82549752E6BFE6C1F1706B205747D70F2F3106C49EA08D35E82047166C3D5B26457D6BF00FBBD0E9CAC4AE8EC38123F533DE3F68ED466F219C551B5417C40
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20:.; Saqirilatu Mongolqileb.; last updated: 2013-12-11.; Update and Spelling corrected Bayarsaikhan.;.;.;.;.;.;.;.0.7-Zip.Mongolian (MenkCode)......... .....401............................ (&Y)..... (&N)......... (&C)........................ (&C).440........ ..... (&A)........ .... (&L)................... ............ .... (&B)...... ... (&F).......... (&P)........ ............ ........ ............ .. ..500...... (&F).............. (&E)........ (&V)............. (&A)........ (&T)........... (&H).540..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10395
                                                                                                                                                                                                Entropy (8bit):3.978171082486284
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:HosRVPp67cdE3hwwQtbgUaecHQFyMce+VWLeKhJHZgr:1RNphG3IRBwHoJbLeYJHi
                                                                                                                                                                                                MD5:B681F52BC54B1B340A3184CDE7FF59C2
                                                                                                                                                                                                SHA1:BA8D38155C0C81416233A360F7387EAF48C57DB2
                                                                                                                                                                                                SHA-256:F6D67CE2EAE4C125BBF54C04AC783005BDDC07007398CABD3B9603020AF67BFD
                                                                                                                                                                                                SHA-512:82FDB75B2F2A06E3CBBEAF1DFE84B196908286B9518194485DBBB168777181FA86A7E37136756544ACC98165860E8CA61B83545F6CD1F13EE91BFA995A5DF0D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.42 : ...... ..... ....... (Subodh Gaikwad).;.;.;.;.;.;.;.;.;.;.0.7-Zip.Marathi.......401.............&...&.....&.........&.....440.&.... .. ...&.... .. ................. .... ....&.... .....&.... ....&........................ .... .......... ...... ... ..?.500.&.....&.......&.......&.....&......&....540.&.....&.... .....&..... .....&......&.......... ....&.............&........&......&.... ..... ........... ...............................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4785
                                                                                                                                                                                                Entropy (8bit):4.860196348023919
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:0PK8d9PEVqGUK+ZY6yB42vdhut4A9ThBbRaP0Jk:wKKPEVqGnmSvdhruf9o
                                                                                                                                                                                                MD5:E3267C5ED8158DA2B7E2679107CE1394
                                                                                                                                                                                                SHA1:6550CDE7359A1B3450D8C0937AFFBF0252FA4B82
                                                                                                                                                                                                SHA-256:C88BC7EA0C20769847A0403E188E273A0897D1C77DD72CC4B45471FC67E0D5E1
                                                                                                                                                                                                SHA-512:63C185613C5855379DD4CAC3D2CF264D6BB2A0E9B483B22EAB93B7E8B9ABDA88BEE2F80FCD24F0E9BE0972A04F6C725CB20CAE678E3E4F61251721B5BDB1CDCD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.30 : Khairul Ridhwan Bin Omar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Malay.Bahasa Melayu.401.OK.Batal....&Ya.&Tidak.&Tutup.Bantuan..&Teruskan.440.Ya untuk Semua.Tidak untuk Semua.Henti.Mula Semula.&Latar belakang.&Latar depan.&Berehat.Berehat.Anda yakin untuk membatalkannya?.500.&Fail.&Edit.&Paparan.K&egemaran.&Alat.&Bantuan.540.&Buka.Buka di D&alam.Buka di L&uar.&Paparan.&Edit.Nam&akan semula.&Salin ke....&Pindahkan ke....Hapus.&Bahagi/belah Fail....Gab&ung Fail....P&roperti.Kom&en...Buat Folder.Buat Fail.K&eluar.600.Pilih &Semua.Jangan Pilih Semua.&Sonsangkan Pilihan.Pilih....Tidak Memilih....Pilih Berdasarkan Jenis.Tidak Memilih Berdasarkan Jenis.700.Ikon B&esar.Ikon K&ecil.&Senarai.&Butiran.730.Tidak Tersusun..&2 Panel.&Toolbar.Buka Root Folder.Ke atas Satu Aras.Folder Sejarah....&Segarkan Semula.750.Toolbar Arkib.Toolbar Standard.Bebutang Besar.Perlihatkan Teks Bebutang.800.&Tambah folder pada Kegemaran sebagai.Penanda Buku.900.&Opsyen....&Tanda Aras.960.&Kandungan..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5649
                                                                                                                                                                                                Entropy (8bit):5.023150217249099
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Q1XbkTUCIRe/Ldwrrs0C9t5oOhCtF5Iw7YXjuaPJ6Z7cfjsfcQRQ:EATdIEOrrs0C9t5oOh6bb7QuaPJ6Kfjl
                                                                                                                                                                                                MD5:3B1958DA0544A6C318D18EF5779E81F5
                                                                                                                                                                                                SHA1:67E991A6525DA165145C4584C3D9B398583D7E68
                                                                                                                                                                                                SHA-256:F349529EA4584EBA51CD519B8A1D535D2DAEC762CD7369673B237FA03A526CC7
                                                                                                                                                                                                SHA-512:E9B5E76FC908BC193738781FDBEBD894AE310F6693F7B52D4369BC4F979A8EC9E2201E5A2056FBFC380FDAD3143F3E5A3BC00D7CCB00CEC078BC0E8CAF318861
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.45 : Jostein Christoffer Andersen.; : Kjetil Hjartnes.; : Robert Gr.nning.;.;.;.;.;.;.;.;.0.7-Zip.Norwegian Bokmal.Norsk Bokm.l.401.OK.Avbryt....&Ja.&Nei.&Lukk.Hjelp..&Fortsett.440.Ja til &alt.Nei til a&lt.Stopp.Start p. nytt.&Bakgrunn.&Forgrunn.&Stopp.Stoppet.Vil du avbryte?.500.&Fil.&Rediger.&Vis.&Bokmerker.Verk&t.y.&Hjelp.540.&.pne..pne &internt..pne &eksternt.&Vis.&Rediger.Gi nytt &navn.&Kopier til ..&Flytt til ..S&lett.&Del opp arkiv ..&Sett sammen arkiv ..E&genskaper.&Kommentar ..Beregn sjekksum..Ny &mappe ..Ny f&il ..&Avslutt.600.Merk &alle.Merk i&ngen.Merk &omvendt.Merk ..Merk &ikke ..Merk &valgt type.Merk i&kke valgt type.700.&Store ikoner.S&m. ikoner.&Liste.&Detaljer.730.Usortert.&Flat visning.&To felt.&Verkt.ylinjer.Rotmappe.G. opp et niv..Mappelogg ..&Oppdater.750.Arkivverkt.ylinje.Standardverkt.ylinje.Store knapper.Knappetekst.800.&Bokmerk denne mappen som.Bokmerke.900.&Innstillinger ..&Ytepr.ve ..9
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13050
                                                                                                                                                                                                Entropy (8bit):3.8543519831557473
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dNvZCtxUT2PoIhbW7dxmmWkcU0rwSdCsbW3UcSru1:d1vT2PoIRWMBwSY3Sr6
                                                                                                                                                                                                MD5:04CFC22F9293329C5EA7EC5C4A14D3BC
                                                                                                                                                                                                SHA1:57AA51DEC6BED50703054060F46918AA26AE0E4A
                                                                                                                                                                                                SHA-256:E016E8872F2DE7CBC1F4FC786C747CC26B2E250E6C1B8F1C46040B72C523D90F
                                                                                                                                                                                                SHA-512:5099E2A8B6BE04E2124280711AF1BF5807DCA5DF93DD33CCA416D56337ADAD19903AACEF3872F550D16A82F8F1471EC5D821D6E4E096E817A8C4D8340291D402
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Shiva Pokharel, Mahesh Subedi.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Nepali........401.... ...... .............&...&.....&.... .................&.... ...........440.&...... ...&...... ...................: .... ..........&..........&.........&.. ............ ............ .... .... .... ......... ?.500.&.....&....... ..........&...........&.........&......&......540.&..................... ..................... ...........&.........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9608
                                                                                                                                                                                                Entropy (8bit):4.880635467905247
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:XRVV/VctnsLlc+zMZUnYel4yj7FBjYAifM3k8i1sFB2ytqPbtY+0zonViwswzdUF:Xrk+IZ2YeigFReNgB2k2btgtl
                                                                                                                                                                                                MD5:E888911310C0B6D7A1932DE36AD27250
                                                                                                                                                                                                SHA1:928D9FBDB0C0C83042CAC9059FFDDE48EA4E9F71
                                                                                                                                                                                                SHA-256:4CB5F08449B5E22ED15F8A8CC038D021CDBCF56548587023D1AB31AB6CFC232D
                                                                                                                                                                                                SHA-512:56308E46914FD3B0EF62B33331F815FE95CA4A3CF122934DD0C506A041898D94A9ED6F3E1BAEF386EFB9AA949CD47002FA859B4843F2E32C186ECDB6055FF85F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Bert van Velsen.; 4.26 : Jeroen van der Weijde..; : Harm Hilvers.; 9.07 : Jeroen Tulp.; 15.00 : Jeroen Tulp.; 21.03 : Quinten Althues.; 21.05 : Jeroen Tulp.; 24.04 : Jeroen Tulp : 2024-05-13.;.;.;.0.7-Zip.Dutch.Nederlands.401.OK.Annuleren....&Ja.&Nee.A&fsluiten.Help..&Hervatten.440.Ja op &alles.Nee op a&lles.Stoppen.Herstarten.&Achtergrond.&Voorgrond.&Pauzeren.Gepauzeerd.Weet u zeker dat u wilt annuleren?.500.&Bestand.Be&werken.Bee&ld.&Favorieten.E&xtra.&Help.540.&Openen.Open b&innen.Open b&uiten.Be&kijken.&Bewerken.&Hernoemen.&Kopi.ren naar....&Verplaatsen naar....Verwij&deren.Bestand &opsplitsen....Bestanden &samenvoegen....&Eigenschappen.O&pmerking plaatsen....Controlegetal berekenen.Delta.Nieuwe map.Nieuw bestand.&Sluiten.Koppeling.&Alternatieve streams.600.&Alles selecteren.Alles deselecteren.Selectie &omkeren.&Selecteren....&Deselecteren....Selecteren op &type.Deselecteren op t&ype.700.&Grote pictogrammen.Kleine pictogra&mmen.&Lijst.&Details
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5525
                                                                                                                                                                                                Entropy (8bit):4.991041089735878
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:ewwLOC33eUlHAlE7zRzo7JAIXFZmN8oczCrsJfYsJgLu/wfYlRxKXHM2pPf8vzp:DwLv+UVAi7zRzo7uqFYN8JCrsxYseywc
                                                                                                                                                                                                MD5:780514AF9E967D8AA65005365EFA7D78
                                                                                                                                                                                                SHA1:9E060F149B110D0A0675B75D4A7B960563ACCA05
                                                                                                                                                                                                SHA-256:DB540E1A6B8FFFF2497F9C1A63F85CB5F345F8CBA767F05377C0365ABAF7B7D4
                                                                                                                                                                                                SHA-512:F85FEEFF1E89A371EB1143D695C76FBF84AFEE3699221E6E6CE7703A91EA80AC01AF27D34635FA2B61B1D6D979CB91BB98AFFBDB1CDFAE6CD04251A095EEEC84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.45 : Robert Gr.nning.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Norwegian Nynorsk.Norsk Nynorsk.401.OK.Avbryt....&Ja.&Nei.&Lukke.Hjelp..&Hald fram.440.Ja til &alt.N&ei til alt.Stopp.Start p. nytt.&Bakgrunn.&Forgrunn.&Pause.Sett p. pause.Er du sikker p. du vil avbryte?.500.&Fil.&Redigere.&Vis.F&avorittar.Verk&t.y.&Hjelp.540.&Opna.Opna &Inni.Opna &Utanfor.&Vis.&Redigere.Endra &namn.&Kopiere til....&Flytt til....&Slett.&Del opp fil....Set saman filer....&Eigenskapar.Ko&mmentar.Rekna ut kontrollnummer..Opprett mappe.Opprett fil.&Avslutta.600.&Merk alle.Fjern alle markeringar.&Omvendt markering.Marker....Fjern markering....Merk etter type.Fjern markering etter type.700.S&tore ikon.S&m. ikon.&Lista.&Detaljar.730.Assortert.Flat vising.&2 felt.&Verkt.ylinjer.Opna kjeldemappa.Opp eit niv..Mappelogg....&Oppdatere.750.Arkiv verkt.ylinje.Standard verkt.ylinjer.Store knappar.Vis knappetekst.800.&Legg mappe til i favorittar som.Bokmerke.900.&Val....&Yting test.960.&Innhold....&Om
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14259
                                                                                                                                                                                                Entropy (8bit):4.017885484807124
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Y/e1CL/yBWxhjeGTRjDKRC+miO7X8D+PoLQoTvKbVs4R2wjw6tK/BHHwpW0:Y/ekejg7X8GuQ8IsXw06t1b
                                                                                                                                                                                                MD5:C9AD9D02C661644F79820E779A6D3F0F
                                                                                                                                                                                                SHA1:92BD000AF1EA18B2FE8941CA4DF15858B4B53106
                                                                                                                                                                                                SHA-256:E542C19640D39F3C56BF11A9EAADB554D7E74D8EC525D41A321E97C5AE5191C5
                                                                                                                                                                                                SHA-512:40D178A217DD51A188E5C2AC5EB59DB62DB95DD0A7063E39B1ECFAD0943BB54A118767890D3AA7A753D7316AA2F0494CEF8BD81512D611AC2856256C524A5D0F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : Gurmeet Singh Kochar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Punjabi, Indian........401.... ...... .......... (&Y)..... (&N).... ... (&C)........... ... (&C).440....... .. ... (&A)....... .. .... (&l)......... .... ............. (&B).......... (&F)..... (&P)..... ....... ..... ........ .. ... .... ....... ..?.500..... (&F).... (&E)..... (&V)........ (&a).... (&T)..... (&H).540..... (&O)..... .... (&I)..... .... (&u)...... (&V).... ... (&E).... .... (&m)..... ...... .. ... ..... (&C)........ ...... .. ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9911
                                                                                                                                                                                                Entropy (8bit):5.3108412818364545
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ovp0mydAiVui6B3+6hX+S5YELolHgMKJas99KWGmU/DbU0E1nUv3b:Ip0mydAq6A6hOS5pLoQzd0snUT
                                                                                                                                                                                                MD5:F8821C75507199F4EF041EEBA8B82281
                                                                                                                                                                                                SHA1:96759A3B826BB5DBC18730378D0F8BA08C1DF7E1
                                                                                                                                                                                                SHA-256:B4B96FDAA023A3988D514C1CB1E2914817CD538D3BB7F062778360338B73BA67
                                                                                                                                                                                                SHA-512:173D6F0437A4E315F4F890F67EF93936E53205F950A9B718B8B232F6FAF0ED7E33E6C72531E0C2613611F4B02F5FD1ED7CDE8CBD05F2256A68FE577DAE4D3A90
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : cienislaw.; : pixel.; 9.07 : F1xat.; 9.33 : .ukasz Maria P. Pastuszczak.; 22.00 : Micha. L..; 24.04 : Piter, Micha. L..;.;.;.;.;.0.7-Zip.Polish.Polski.401.OK.Anuluj....&Tak.&Nie.&Zamknij.Pomoc..&Kontynuuj.440.Ta&k na wszystkie.Ni&e na wszystkie.Zatrzymaj.Pon.w.&T.o.&Pierwszy plan.&Wstrzymaj.Wstrzymano.Czy na pewno chcesz anulowa.?.500.&Plik.&Edycja.&Widok.&Ulubione.&Narz.dzia.Pomo&c.540.&Otw.rz.Otw.rz &wewn.trz.Otw.rz na &zewn.trz.Pod&gl.d.&Edytuj.Zmie. &nazw..Kopiuj &do....&Przenie. do....&Usu..Podzie&l plik....Z..&cz pliki....W.&a.ciwo.ci.Ko&mentarz.Oblicz sum. kontroln..R..nice pomi.dzy plikami.Utw.rz &folder.U&tw.rz plik.Za&ko.cz.Dow&i.zanie.&Alternatywne strumienie.600.Z&aznacz wszystko.&Odznacz wszystko.Odwr.. &zaznaczenie.Zaznacz....Odznacz....Zaznacz wed.ug typu.Odznacz wed.ug typu.700.&Du.e ikony.&Ma.e ikony.&Lista.&Szczeg..y.730.Nieposortowane.Widok p.aski.&2 panele.&Paski narz.dzi.Otw.rz folder g
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8236
                                                                                                                                                                                                Entropy (8bit):4.571978993858432
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:XJLEhYBUC2Yz4e1uxLpnJ2Ega8W2uW55tmTG:FUC2YzJkxFnJ2ET8W2uW5H
                                                                                                                                                                                                MD5:23502D5CDD3671B634832D5F722CF5EA
                                                                                                                                                                                                SHA1:443FB98DF15B8BFD081802938E180A87EE24104D
                                                                                                                                                                                                SHA-256:FA12CA0BE49F4921D06268FAD673838C3A4644A70DC374A931997178F588E8F4
                                                                                                                                                                                                SHA-512:E1FC00A7AD4A817B32370F2C03EA10473070B9D2FEBC29BB87D95FF2670E8E47FF27B2C2B6D63396306DC0185E127A49F602E969166CB27073FEB735CFA47AF8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : 2007-12-26 : Pathanisation Project.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Pashto......401.................&...&......&...............&.440..... .. ..&..&... .. ......................&.......&......&........... ...... .... ..... .. ... .. .....500......&.....&....&..&...........&......&.540.........&.....& ............ .&...........&.....&...&............ .....&...... .....&......&......... ...&......... ...&...................&........ ........... ........... .......&....600.... ....&.... ............ .......&..................... ... ....... ... .......700...&. ...........&... ............&.........&.730..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10094
                                                                                                                                                                                                Entropy (8bit):4.985202993884915
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:miY9r9BfTV6g/+fY3W8qvyyMvfWMWqTtdkKM97n6O7Ugmpien9Ju1yZYX7579H:iZBTSaW8qapvf0OtiEgihy1vX7579H
                                                                                                                                                                                                MD5:F0CBDAA70D567EE71C685250958EC194
                                                                                                                                                                                                SHA1:2DB013E6608739AA45453D0F69BA953FCC78B14D
                                                                                                                                                                                                SHA-256:6B21924CAEA51B395EFA0B8FA5D7E2492CE6A6B86DCC08565A5A4DEE5C182167
                                                                                                                                                                                                SHA-512:3AE68CC6BE78D6BCA7304516B25733A516AAF2121FB8E62EBB9B6FD5194D261117F7AB0C142DBFB2EFE2016E189E7EBB1F5BE4A82253F087A34A59CFC41EF7B9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Francisco Jr.; 4.37 : Fabricio Biazzotto.; 24.06 : Atualizado por Felipe.;.;.;.;.;.;.;.;.0.7-Zip.Portuguese Brazilian.Portugu.s Brasileiro.401.OK.Cancelar....&Sim.&N.o.&Fechar.Ajuda..&Continuar.440.Sim pra &Todos.N.o pra T&odos.Parar.Reiniciar.&Em 2. plano.&Em 1. plano.&Pausar.Pausado.Voc. tem certeza que voc. quer cancelar?.500.&Arquivo.&Editar.&Visualizar.F&avoritos.&Ferramentas.&Ajuda.540.&Abrir.Abrir &por Dentro.Abrir p&or Fora.&Visualizar.&Editar.Re&nomear.&Copiar Para....&Mover Para....&Apagar.&Dividir arquivo....Com&binar arquivos....P&ropriedades.Comen&t.rio.Calcular checksum.Diff.Criar Pasta.Criar Arquivo.S&air.Link.&Correntes Alternantes.600.Selecionar &Tudo.Desmarcar Tudo.&Inverter Sele..o.Selecionar....Desmarcar....Selecionar por Tipo.Desfazer a Sele..o por Tipo.700..co&nes Grandes..c&ones Pequenos.&Lista.&Detalhes.730.Desorganizado.Visualiza..o Plana.&2 Pain.is.&Barra de Ferramentas.Abrir a Pasta Raiz.Um N.vel Acima.Hist.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9375
                                                                                                                                                                                                Entropy (8bit):4.996342947967769
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Kz9QG6nA1C574kEmsIO8M+M66rr6emGeHlOzsyqfP2diqPtVe3ydIINSAhy:U6nA1S1Em3O8M+M6RrGCyOmiqlVBSAU
                                                                                                                                                                                                MD5:238D20C2FD41EDEC7EFBFDA32B430156
                                                                                                                                                                                                SHA1:C63BB6DCEA0B453239EBEA6CBE004A0E07EE9AFF
                                                                                                                                                                                                SHA-256:B48DD5142C39C56D35F0BA673C3AFC706AF063040D7567D43B69345DDFA6E767
                                                                                                                                                                                                SHA-512:7749DB74A481539D997372C7931877C44C202137E9CE5E1EA1D32E61FA3EA851364C0F0FD0A57B4DE8FE50564D97C544007DB23093C7ED66841CE099F9D41B77
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Carlos Macao.; : Jo.o Alves.; : Jo.o Frade (100 NOME TR).; 4.46 : Rui Costa.; 9.17 : S.rgio Marques.; 15.00 : Rui Aguiar.; 15.00 : 2022-03-22 : Hugo Carvalho.; 22.00 : 2022-06-28 : Hugo Carvalho.;.;.;.0.7-Zip.Portuguese Portugal.Portugu.s.401.Aceitar.Cancelar....&Sim.&N.o.&Fechar.Ajuda..&Continuar.440.Sim a &tudo.N.o a t&udo.Parar.Reiniciar.&Segundo plano.P&rimeiro plano.&Pausar.Em pausa.Quer mesmo cancelar?.500.&Ficheiro.&Editar.&Ver.F&avoritos.Ferramen&tas.&Ajuda.540.&Abrir.Abrir &dentro.Abrir &fora.&Ver.&Editar.Mudar& o nome.&Copiar para....&Mover para....&Eliminar.&Dividir ficheiro....Com&binar ficheiros....P&ropriedades.Come&nt.rio.Calcular o checksum.Diff.Criar pasta.Criar ficheiro.&Sair.Liga..o.&Alternar fluxos.600.Seleccionar &tudo.Desseleccionar tudo.&Inverter selec..o.Seleccionar....Dessseleccionar....Seleccionar por tipo.Desseleccionar por tipo.700..cones &grandes..cones &pequenos.&Lista.&Detalhes.730.Desordenado.Vista
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10040
                                                                                                                                                                                                Entropy (8bit):5.033364801945333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bBLhu312JnrmZ80+hs6MKaZy5HH9+jieCn6abdXdg9R49:bbhJnro80+X1HQT6fg9G9
                                                                                                                                                                                                MD5:9A2FC6431192E6FC18871DA5D4ADC467
                                                                                                                                                                                                SHA1:EEA02FAF56E746DFADF67C5FE4E12A79EA2FB089
                                                                                                                                                                                                SHA-256:4FD993DBAE9606C062DC3511292274631335956A016B74B3061BAB55F7D9C736
                                                                                                                                                                                                SHA-512:A4945CD1522FD2A57960959C4937C55920520BE615F3CB84CBE74842479D426AFF28F3E041FA61A338B121CA3BE64EFC4C128CA94A48B4D994EEA79A42AAB7F9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 4.59 : Lucian Nan.; 23.00 : 2023-07-22 : Marius Hudea.; 24.05 : 2024-05-19 : Miloiu Andrei-Valentin.;.;.;.;.;.;.;.;.0.7-Zip.Romanian.Rom.n..401.Bine.Anulare....&Da.&Nu..n&chide.Ajutor..&Continu..440.Da, pentru &toate.Nu, pentru t&oate.Opre.te.Restarteaz...n &fundal.La &suprafa...&Pauz...n pauz..E.ti sigur c. vrei s. anulezi?.500.&Fi.ier.&Editeaz..&Vizualizeaz..Fav&orite.&Unelte.&Ajutor.540.&Deschide.Deschide .&n.Deschide .n &afar..&Vizualizez..&Editeaz..&Redenume.te.&Copiaz. la....&Mut. la.....ter&ge.Segmenteaz. &fi.ierul....Com&bin. segmente....&Propriet..i.Comen&tariu.Calculeaz. cod verificare.Diferen...Creaz. director.Creaz. fi.ier.&Ie.ire.Scurt.tur..Fluxuri de date &alternative.600.&Selecteaz. toate.&Deselecteaz. toate.&Inverseaz. selec.ia.Selecteaz.....Deselecteaz.....Selecteaz. dup. tip.Deselecteaz. dup. tip.700.PIctograme m&ari.Pictograme m&ici.&List..&Detalii.730.Nesortat.Vedere &plan..&2 panouri.Bare de &
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):4.288162718572465
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:TmGK+SCI5WUrVarSC0sgvy995DoVdhpWQl9y5pwVt1tX8aEFPGH0IU4smVxa:fSJHBqS7/69HSdHWaZsaEFP6nm
                                                                                                                                                                                                MD5:447E681A030C82C3832DBA0B51CC790D
                                                                                                                                                                                                SHA1:401BF38C2122AE2493470820C92D069F3F6C7606
                                                                                                                                                                                                SHA-256:3E76BC88DB5CB108CF8750B01BDABBB3772DBF2BF14592C6AB18B7339817D6EE
                                                                                                                                                                                                SHA-512:D17EF32A1DE17EC1C9D6CAE6199E6623DB700B18E43B3B85EF403A60EC11B9EFC0AC0BB188B03D13F7895DFCF4ED37D1F40C1BFC4BEE469742B712ED5DE70722
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-04-05 : Igor Pavlov.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Russian.........401.OK...........&...&....&................&...........440... ... &........ ... .&....................&......&.. ........ .....&........ ........ ............. ...... ........ ........?.500.&.....&.......&....&...........&......&........540.&............... &.............. .....&............&...................&.........&.......... .....&........... .....&..........&..... .........&......... ............&...........&..................... ...............&....... ..........&... ......&............&...........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18834
                                                                                                                                                                                                Entropy (8bit):3.802411708886365
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:TtnNoVvuZp1uKx4IshqMehIANlXgZC0Mzat2Irn0rInzY3TPYXtr:T/u/JBr
                                                                                                                                                                                                MD5:FD1B984BAEA0E5A905F756E9FDC54E86
                                                                                                                                                                                                SHA1:4DA8DA9154115F6BF0962FD02DB9D7E166285C8E
                                                                                                                                                                                                SHA-256:02CC9032C117A7818865AF3DCADBDD3C7B348BE3507681CD0032DD9BD15B76FC
                                                                                                                                                                                                SHA-512:1595742CCCFFF001C7BE0A7809F2E700460AD4CBD684D5A0CC53C5CCF615046E2E94EFD96CEEACA3D6FB20AAA5249D7677AB1F6FAF8DAB0A1B559A0C0951913E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma, ....... .... ......;.;.;.;.;.;.;.;.;.;.0.7-Zip.Sanskrit, Indian, .....................401.... ..............&....&...&... ...........&.... ....440.&....... ....&....... ............ .... .....&...........&........(.........).&....................... .... .... ..... ... ....... .... ..... ....?.500.&.......&.........&........&.........&.......&......540.&........&.... ........&.... ........&........&........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18706
                                                                                                                                                                                                Entropy (8bit):4.0202268271567725
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:oUocZSy4PE90cZ+B7H0eEcVN/Pc+SfuwOoq9LNVHS7PzYbZLg97/78BA5UmHezQu:pfSdRz0ezJc+OuwYhaPUudu36KKoMkBj
                                                                                                                                                                                                MD5:5203E172ECB9F384BCE04D243684551F
                                                                                                                                                                                                SHA1:5F6A09B52D729F3F6C95ABA9D29BFD6C7CD0340B
                                                                                                                                                                                                SHA-256:5405E5B04E670FF7A5B5242A3872803725053324FFDC31F71511EA6B2573F6E0
                                                                                                                                                                                                SHA-512:CE6B058891375577EB726A15E5430BCE4450A9C06D3F2D3361FFE5D39C0C47097B6D0E7CDC7B907A8E5F23FA8FA5A1866661A2AA3167D982FD5AEEC33FA39077
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : ...... ....... (Supun Budhajeewa).; 15.00 : ..... ..... (HelaBasa Group).;.;.;.;.;.;.;.;.;.0.7-Zip.Sinhala.......401...............&....&.....&............&........440.&........ ............ ............... .......&..........&..........&..................... ...... ..... .. ........?.500.&......&.........&.......&............&.......&.....540.&..... ......&..... ..... ......&....... ..... ......&.......&.........&... ... ......&... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10142
                                                                                                                                                                                                Entropy (8bit):5.350645745471363
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:xPc6gARXHeJlbbciOeh3rykpqMmEIN5U91n8:N3gARX+Jlbbfh3ryvTEIN5Un8
                                                                                                                                                                                                MD5:3FDECAE1FF188894295759380B0378DA
                                                                                                                                                                                                SHA1:935A4797540CE26828569C50924BAAE230F2D41E
                                                                                                                                                                                                SHA-256:B53FE26795B01F3347B614EAA499D28770D94EB5B51005C842386E97D8344CB6
                                                                                                                                                                                                SHA-512:F5B87DEFB1837E98EA46E1E37E13180976C5910F13E18A178397C530E6F15C585CF55E54048206D1A343C298BFE136E0CCF259657B29D7A8C5A9EE2537288AED
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Tomas Tomasek.; 9.07 : Pavel Deve.ka.; 9.38 beta : 2015-01-11 : Roman Horv.th.; 24.02 : Milan .alka.;.;.;.;.;.;.;.0.7-Zip.Slovak.Sloven.ina.401.OK.Zru.i.....&.no.&Nie.&Zavrie..Pomocn.k..Po&kra.ova..440..no na &v.etko.Nie na v.&etko.Zastavi..Re.tartova..&Pozadie.P&opredie.Po&zastavi..Pozastaven..Ste si ist., .e chcete akciu zru.i.?.500.&S.bor.&Upravi..&Zobrazi..&Ob..ben..&N.stroje.&Pomocn.k.540.&Otvori..O&tvori. vn.tri.Ot&vori. externe.&Zobrazi..&Upravi..&Premenova..&Kop.rova. do....P&resun.. do....O&dstr.ni..Ro&zdeli. s.bor....Zl..&i. s.bory....V&lastnosti.Ko&ment.r.Vypo..ta. kontroln. s..et.Rozdiel (Diff).Vytvori. prie.inok.Vytvori. s.bor.Uko&n.i..Odkaz....&Alternat.vne streamy.600.Ozna.i. v.etko.Odzna.i. v.etko.Invertova. ozna.enie.Ozna.i.....Odzna.i.....Ozna.i. pod.a typu.Odzna.i. pod.a typu.700.&Ve.k. ikony.&Mal. ikony.&Zoznam.&Podrobnosti.730.Netriedi..Ploch. vzh
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8407
                                                                                                                                                                                                Entropy (8bit):4.980893267908514
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:hTCvOZThlzUkVNOjf9FvELDTMerNJ+svj0hId:hTCv23NkrvS4MWo
                                                                                                                                                                                                MD5:722551A008A99008006AF6CE4161537A
                                                                                                                                                                                                SHA1:294ABEA21D393BF624A4A97C1B4DB63D3332C312
                                                                                                                                                                                                SHA-256:6B53FB390DA88BD79D76487FF30466AE972976D2EED030ADE6D9B93991B99CBC
                                                                                                                                                                                                SHA-512:4BDE588E3ADD4B20B3DD89953136A655E0521CF3EC97E72A7FF337BF64E41F3DA75F60E4E56C5B833B86D6C23FAFAA92EBB0EFFE1D063D499EF3992C60BAC8F0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 22.01 : 2022-07-17 : Jadran Rudec.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Slovenian.Sloven..ina.401.Vredu.Prekli.i....&Da.&Ne.&Zapri.Po&mo...&Nadaljuj.440.Da za &vse.Ne za v&se.Ustavi.Znova za.eni.Ozad&je.&Ospredje.Premor.Na premoru.Ali ste prepri.ani, da .elite preklicati?.500.Datoteka.Urejanje.&Prikaz.Priljubljene.Orodja.Pomo..540.&Odpri.Odpri &znotraj.Odpri zu&naj.P&rikaz.&Uredi.Prei&menuj.&Kopiraj....&Premakni....Iz&bri.i.&Razdeli datoteko....&Zdru.i datoteke....L&astnosti.Ko&mentar.Izra.unaj preizusno vsoto.Razlika.Ustvari mapo.Ustvari datoteko.&Izhod.Povezava.&Nadomestni tokovi.600.Izberi &vse.Razveljavi izbiro vseh.&Preobrni izbor.Izberi....Razveljavi izbiro....Izberi po vrsti.Razveljavi izbiro po vrsti.700.&Velike ikone.&Majhne ikone.&Seznam.&Podrobnosti.730.Nerazvr..eno.Ploski prikaz.&Dve podokni.&Orodne vrstice.Odpri korensko mapo.Eno raven navzgor.Zgodovina map....&Osve.i.Samodejno osve.i.750.Orodna vrstica arhiva.Srandardna orodna vrstica.Veliki gum
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5579
                                                                                                                                                                                                Entropy (8bit):5.039812534553965
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:P/3mbERgiJQCLlUBwpMBf4WV49vXJQX2Egzqlg+5RK6uxy4rcRQKktwlm80DCDHB:P/3sue8MOWyBXyX2tyj9RpGgigi6KwJ
                                                                                                                                                                                                MD5:69720A6D09230D9747BB2AA3C0EF650D
                                                                                                                                                                                                SHA1:4750E61EC19BA905D6F2BC5828510FD08D915AF8
                                                                                                                                                                                                SHA-256:B6EE3C8A14230AA7D1A17C5493E0A410C5C5C638BA7A9D81681FFED4A8DE6884
                                                                                                                                                                                                SHA-512:92230FEE3E5BC4B57013E359E43BF5F921DCFD9CAD4522E09B11EF8BF2F21F96555FC3AF72618A06D953F8D68050629358A8A7312A649489D6CA82780B793C88
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Mikel Hasko.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Albanian.Shqip.401.N. rregull.Anulim....&Po.&Jo.&Mbyll.Ndihm...&Vazhdim.440.Po p.r t. gjith&a.Jo p.r t. gjit&ha.Ndalo.Rinis.N. &sfond.N. pla&n t. par..&Pushim.N. pushim.Jeni t. sigurt se d.shironi ta anuloni?.500.&Skedari.&Redaktimi.&Pamja.&T. parap.lqyerit.&Veglat.&Ndihma.540.&Hap.Hap p.rbre&nda.Hap p.rjas&hta.&Pamja.&Redakto.Ri&em.rto.&Kopjo tek....&Zhvendos tek....&Fshi.N&daj skedarin....Kom&bino skedar.t....&Vetit..Ko&menti.Llogarit shum.n e verifikimit..Krijo nj. dosje.Krijo nj. skedar.&Dil.600.S&elekto t. gjith...se&lekto t. gjith..Anasill selekti&min.Selekto.....selekto....Selekto sipas tipit..selekto sipas tipit.700.Ikona t. &m.dha.Ikona t. &vogla.&List..&Detaje.730.&T. parenditur.Pamje e rrafsht..&2 panele.&Shiritat e veglave.Hap dosjen rr.nj..Nj. nivel m. lart..Historiku i dosjes....&Rifresko.750.Shiriti i veglave i arkivit.Shiriti standard i veglave.Butona t. m.dh
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11589
                                                                                                                                                                                                Entropy (8bit):4.212638798878335
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:b8TEDykT3a1oTLEKqX+KgU0XH9VL9dYALdOy7a+HSwOYAcvYxD/HI5wxhG9h2bZk:6VST0uKk9R9yAKcAcAxjJ6h8akS
                                                                                                                                                                                                MD5:D95E6FF9DAE7FA22083D9ED73588FE1A
                                                                                                                                                                                                SHA1:F061E9E1AFE02B7B92D626432CD9DA55BD8BC2DD
                                                                                                                                                                                                SHA-256:817D7A33F2ADB19F47F45F78C314F6AE6DF4CA4DA133C1F7A82703E0CDEE7E20
                                                                                                                                                                                                SHA-512:210BFDC206C2173BD680B6F319AFDA3228AC44CAF611C3846EF9AE0AD11701306BA923CCC9715086FF3CA5222F80713BF9FD6ABF61141232834DD95692EDC7C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Lazar.; 9.07 : Ozzii.;.;.;.;.;.;.;.;.;.0.7-Zip.Serbian - Cyrillic....... - .........401.. ............................................440... .. ...... .. ............................ ................... .. ... ....... .. ...... .. .........?.500................................................540................ .. 7-Zip-......... .. ........... ............................................. ............. .................. ............ ....................................... ........ ..................... ............. ...............600........ ........... ..... ........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6765
                                                                                                                                                                                                Entropy (8bit):4.998761539106251
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ebQDPq3odT/FQ66mJpo46+z6Khowcwz+/ODBs+sO+krfRZ:eqPq4N/FKmJ2N2FWmNdrfX
                                                                                                                                                                                                MD5:9E08D57D48B4D8CB16F98736C5C0511B
                                                                                                                                                                                                SHA1:85A597B74BCB1CBF918D6366705F0B0C0727DE31
                                                                                                                                                                                                SHA-256:D8C5223FE423129145C5B55A756E499D4680B1DF0A7115D72736F09E51C89C1F
                                                                                                                                                                                                SHA-512:13E431E00F5EC0373DE201897C68A55C91962BD3DF6CD693448D3D5D6EBB478B51A1834ECD37B456761DCE94DBC4E5214FD421FA7BAD3B5B8A51051D0D8D6964
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Lazar.; 9.07 : Ozzii.;.;.;.;.;.;.;.;.;.0.7-Zip.Serbian - Latin.Srpski - latinica.401.U redu.Otka.i....Da.Ne.Zatvori.Pomo...Nastavi.440.Da za sve.Ne za sve.Stani.Ponovo.Pozadina.Na vrhu.Pauza.Pauza.Da li ste sigurni da .elite da prekinete?.500.Datoteka.Ure.ivanje.Pregled.Omiljeno.Alati.Pomo..540.Pogledaj.Otvori sa 7-Zip-om.Otvori sa pridru.enom programom.Pregledaj.Promeni.Preimenuj.Kopiraj u....Premesti u....Obri.i.Podeli fajl....Spoj delove....Svojstva.Komentar.Izra.unajte provernu veli.inu.razlika.Nova fascikla.Nova datoteka.Izlaz.600.Izaberi sve.Poni.ti izbor svega.Obrnuti izbor.Izaberi....Poni.ti izbor....Izaberi po tipu.Poni.ti izbor po tipu.700.Ikone.Naporedno slaganje.Spisak.Detalji.730.Bez sortiranja.Ravan pregled.2 Prozora.Trake sa alatkama.Otvori po.etnu fasciklu.Gore za jedan nivo.Hronologija....Osve.avanje.750.Rad sa arhivama.Rad sa datotekama.Velika dugmad.Prika.i tekst ispod dugmadi.800.Dodaj.Izaberi.900.Opcije....Benchmark.960
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8711
                                                                                                                                                                                                Entropy (8bit):5.0441606790922044
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oEiQ9ofFPhWwxTyaN+tu0okvFFr7S6IqOsc9gw8tjD7FuPNfOloU31QHvBcw:oEiQibWwjNT8cotjD8NfL
                                                                                                                                                                                                MD5:9A27F7E51E2143F4258AAC9975F78F60
                                                                                                                                                                                                SHA1:49DFFBD91FE27A81DA38BECDE87DE6B2DF28962F
                                                                                                                                                                                                SHA-256:233596E0D29DAD356CD31C302EB1EB3A263736F166F5A7628A753BD808668EBB
                                                                                                                                                                                                SHA-512:83C6464E05C776910552591D6D4B8DCB5CD0CC8C627519AEFB7B61672F4478E42FDB8E023B5BFD29C313A22DEEEE75FCF66BF638F8D48156E98694F110B7D324
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Andreas M Nilsson, Christoffer Enqvist.; 4.59 : Bernhard Eriksson.; 22.00 : (2022-06-20) Mikael Hiort af Orn.s.;.;.;.;.;.;.;.;.0.7-Zip.Swedish.Svenska.401.OK.Avbryt....&Ja.&Nej.&St.ng.Hj.lp..F&orts.tt.440.Ja till &alla.Nej till a&lla.Stoppa.Starta om.&Bakgrunden.&F.rgrunden.&Pausa.Pausad..r du s.ker p. att du vill avbryta?.500.&Arkiv.&Redigera.&Visa.&Favoriter.Verkt&yg.&Hj.lp.540.&.ppna..ppna &internt..ppna &externt.&Visa.&Redigera.&Byt namn.&Kopiera till....&Flytta till....&Ta bort.&Dela upp fil....&Sammanfoga filer....E&genskaper.Komme&ntera.Ber.kna kontrollsumma.Differens.Skapa mapp.Skapa fil.&Avsluta.Skapa l.nk.&Alternativa datastr.mmar.600.Markera &alla.Avmarkera alla.&Invertera markering.Markera....Avmarkera....Markera efter typ.Avmarkera efter typ.700.St&ora ikoner.Sm&. ikoner.&Lista.&Detaljerad lista.730.Osorterad.Platt vy.&Tv. paneler.&Verktygsf.lt..ppna rotmappen.Upp en niv..Mapphistorik....&Uppdatera.Uppdatera automatiskt.75
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8039
                                                                                                                                                                                                Entropy (8bit):4.830174437133884
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:FGtF7C6fBky7MIFT0T222a6CjlHtLG0mHR7s:O/fNaS2J6CjxdN
                                                                                                                                                                                                MD5:BAAC3FF9FC4B6A656AC7C51D44117BD9
                                                                                                                                                                                                SHA1:FEACD226EFB71EE149424F39AB47EBF6F64CAB04
                                                                                                                                                                                                SHA-256:9FED3C0B4E67673BC1D8BBD67D1F6651FADE030F98D12173C3564F2C492A67F8
                                                                                                                                                                                                SHA-512:44413A73CD0DE02F245CB5D8B35BB457AE136C1C2BBB76934F120F6D0B14FCE928B4763475730F018C6E4B4AD4881A32CF1C99879C197CC4E70B8A992B3BFCA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 15.00 : 2020-05-15 : Mara Gati Lucky.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Swahili.Kiswahili.401.Sawa.Ghairi....&Ndio.&Hapana.&Funga.Usaidizi..&Endelea.440.Ndio kwa &zote.Hapana kwa z&ote.Simamisha.Washa upya.&Mandharinyuma.&Mandharimbele.&Tuliza.Imetulizwa.Una uhakika unataka kughairi?.500.&Faili.&Hariri.&Mwoneko.Z&inazopendwa.&Zana.&Usaidizi.540.&Fungua.Fungua &ndani.Fungua n&je.&Mwoneko.&Hariri.Pati&a jina upya.&Nakili hadi....&Sogeza hadi....&Futa.&Gawiza faili....Ung&anisha nyaraka....S&ifa.Toa m&aoni....Kokotoa checksum.Tofautisha.Unda kabrasha.Unda faili.F&unga.Kiungo.&Mitiririsho mbadala.600.Teua &zote.Ondoa uteuzi wote.&Pindua uteuzi.Teua....Ondoa uteuzi....Teua kulingana na aina.Ondoa uteuzi kulingana na aina.700.Iko&ni kubwa.Ikoni ndogo.&Orodha.&Maelezo.730.Haijapangwa.Mwoneko bapa.&2 paneli.&Miambaa zana.Fungua kabrasha shina.Juu kiwango kimoja.Historia ya folda....&Weka upya.Weka upya kioto.750.Mwambaa zana wa akiba.Mwambaa zana wa kawaida.Vitufe vikubwa.Onyesha m
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12057
                                                                                                                                                                                                Entropy (8bit):3.6721380731890467
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:MZOpgEdXp2Aj1N1YZsHFoXmj6OI1v/O2RmrNqBSXGdCdfy01K:x3X4xO2RmUqqX
                                                                                                                                                                                                MD5:DD0AE446AD4C5D6F20DB6ECE80F21606
                                                                                                                                                                                                SHA1:CDDB5DC08DA094FF69E48C1AF7E329F6B83FB6A6
                                                                                                                                                                                                SHA-256:AE1A795105574BF2674A5DE98A4F06CADD9C79DEBDE9FC288F64B3D607FA329D
                                                                                                                                                                                                SHA-512:543777575D32B9E1A67AFA2380B7953B79F3031AD6421314BA1DD957EC356FC0446903E09CA70A4E61F1264FC87846C968574D3ADF90F1563BAE3CCCA875636F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.13 : Ve Elanjelian : ThamiZha! team.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tamil.......401................................................440.............. ................. .......................................................... ................. .................... ...... ..... .................?.500..................................................540.......... .......... ........................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14632
                                                                                                                                                                                                Entropy (8bit):4.341973950530399
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:LzDXSHvMCtcY7SbE1BgUmOTfhEUDgkoSa4pTG++3slxxgYbgDfvCPKpTWO4z+dWE:uMC2YubdUmsKEAcb+3QbgDEK9KyQ2f
                                                                                                                                                                                                MD5:EA08A1D73A4A150D7EC590B094D4E0D5
                                                                                                                                                                                                SHA1:E4F3172CF52DB8DA27F7D95CFBA2EACFAB12D533
                                                                                                                                                                                                SHA-256:E029F34DDEA8B1358E1F519526EF643D79BE37CFCE55BB5EA21B4BD0D026F9D3
                                                                                                                                                                                                SHA-512:3661EC554C82F3608099E08808E5151B8D7BCCA385CF09D0FD4181073A52E1E835485DF0684F5091D0F5EF487A07298286DB463C3971E3986A6AD9B0BF7784C2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-20 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tajik........401..................&.....&...&..............&..........440..... ..... &........ ..... &............... .......&.......&.. ... ........&............ ............. ....... ......, .. ......... .... ...... .......?.500.&.....&.......&.......&......................&........540.&........... ..... &........... ..... ...............&............. ......&............ ......&........ ......&.... ................ ..... &.........&..... ....... ................................... ...... .............. .......&...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15450
                                                                                                                                                                                                Entropy (8bit):3.943828079014395
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:NrQMVEpEJbIRgAOaN2gs1KM5LypJ0/vrvQYKSK46smKhjlCqRK5ZThNFdHL0eF9s:Nr3m6JbIRgzaN2gs1/+J4vrvQYzK46Pg
                                                                                                                                                                                                MD5:6BE5BA977C60F103B54C4289399CE43E
                                                                                                                                                                                                SHA1:48DFF625438573A366D56ECEF43BC43A10E124A8
                                                                                                                                                                                                SHA-256:A1967002746961CDC4F3AD4F5F081BBA6DB231660CDFD5F2AB4A572EB11DD67C
                                                                                                                                                                                                SHA-512:DA61AA3C5389B5096F1C899AD17EBC20125B18D959F8C74AAE10665F65DE4A3C2069AFE47380C093926180C952336FCBEFF71329809D7FA59AB490849B647DBB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Chayanon Ruamcharoen.; 4.10 : Zafire06.; 9.13 : Kom10.;.;.;.;.;.;.;.;.0.7-Zip.Thai.....401................&....&....&...............&.............440...................................&..................&..................&..................................................500.&.....&......&.......&...........&...........&..........540.&...........................................&.......&......&............&...............&
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8736
                                                                                                                                                                                                Entropy (8bit):5.243048507979006
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:K9LGWUpW9ui2eHMMfj0RIC/2Naq49K5ztPYIzvPMdQpJzPq:859uigRr/2Yq4uJPYIzvPMZ
                                                                                                                                                                                                MD5:1F610DF86538A3ED788D6A8024C1982E
                                                                                                                                                                                                SHA1:3180F829602B83148C73A47EF4DAF841BB379A14
                                                                                                                                                                                                SHA-256:A0F485755CBC6356CFA4BEF5CB6134653DC6743F4BFCA89CED92D43EC31C5649
                                                                                                                                                                                                SHA-512:C184E3898944B2C0A12806E0B0592FD19BE05A75E7F3B2F9A69B8D39FA847E90AEBE93E1E96588AAA38DCDBB9FF89C1667BCA1B5A5FDFDB7F77E37A574981309
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 19.00 : 2019-03-04 : Merdan NURIYEV Hazar-Balkan H.K..;.;.;.;.;.;.;.;.;.;.0.7-Zip.Turkmen.T.rkmen.e.401.Howwa.Go.bolsun et....&Howwa.&.ok..a&p.K.mek al..&Dowam et.440.Hemmesine howw&a.Hemmesine &.ok.Dur.Ga.tadan ba.la.&G.r.nme.&..e .yksyn.&S.gindir.S.gindi.Go.bolsun etjekmi?.500.&Dos.a.&D.zelt.&G.r.F&aworitler.G&urallar.&K.mek.540.&A..&I.inde A..Da.&ynda A..&G.r.&D.zelt.Adyn&y ..tget..u .ere &kop.ala.....u .ere &g...r....&...r.Fa.ly &b.l....Fa.llary &birle.dir....&D.zg.nlemeler.Tes&wir....Barlag jemini hasapla.Tapawutlanma.Bukja d.ret.Fa.l d.ret.&.yk.Bag.Akymlary .&aly..600.Hemmesini Se..Hemmesini Se.me.Se.im&i tersine .w.r.Se.....Se.me....Tiplerine g.r. se..Tiplerine g.ra se.me.700.U&ly Ikon.Ki.i Ikon.Tablissa.Jikme-jikleri.730.Sortlanmadyk.D.z G.rn...&2 Paneller.&Esbaplar.D..p Bukjany A..Bir Tekje .okary...ki Bukjalar....T.zele.Awtomatiki T.zele.750.Arhiw Esbaplary.Standart Esbaplar.Uly K
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9756
                                                                                                                                                                                                Entropy (8bit):5.222646559853333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:CKtangmNvbq5nFczPipu9FS1zPf6MHH2L6NyE8uP+G0O249bgCGLpO6u:RtangimWPieFSRPyE8uvLyo
                                                                                                                                                                                                MD5:CD44EF9F1C6526A18D9956517E510C16
                                                                                                                                                                                                SHA1:DD65DAD1B27F26B538CB3C8FC11895A7C6A81F20
                                                                                                                                                                                                SHA-256:D8DDEEC7A1D5F98BE9FE727D47F8BDF733E21693E988DCFE48089AC3344DCF30
                                                                                                                                                                                                SHA-512:51676AE9C163686DAD3748E2DEC7898ED218673D15AF741404C4EB30E8E8C23CC8C5BB7E33E1B7CC40DE56C1ACFE2639711F47BFAC9EF9FAE5703EAA889F924D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 24.04 : 2024-04-05 : Ahmet Murat .ZHAN.; 22.00 : 2023-05-28 : Emir SARI.; 15.00 : 2018-11-21 : Kaya Zeren.; 9.07 : 2009-09-22 : X-FoRcE.;.;.;.;.;.;.;.0.7-Zip.Turkish.T.rk.e.401.Tamam..ptal....&Evet.&Hay.r.&Kapat.Yard.m..&Devam.440.T.m.ne &Evet.T.m.ne &Hay.r.Durdur.Yeniden Ba.lat.&Arka Planda..&n Planda.&Duraklat.Duraklat.ld...ptal etmek istiyor musunuz?.500.&Dosya.&D.zen.&G.r.n.m.&S.k Kullan.lanlar.&Ara.lar.&Yard.m.540.&A..7-Zip ..i&nde A..&Varsay.lan Uygulamada A..&G.r.nt.le.&D.zenle.&Yeniden Adland.r.Klas.re &Kopyala....Klas.re &Ta......&Sil.Dosyay. &B.l....Dosyalar. Bi&rle.tir.....&zellikler.A..kla&ma.....Sa.lamalar. Hesapla.Fark.Klas.r Olu.tur.Dosya Olu.tur.&..k.Ba.lant..&Di.er Ak..lar.600.&T.m.n. Se..T.m.n.n Se.imini Kald.r.Se.imi &Tersine .evir.Se.....Se.imi Kald.r....T.re G.re Se..T.re G.re Se.imi Kald.r.700.&B.y.k Simgeler.&K...k Simgeler.&Liste.&Ayr.nt.lar.730.S.ralamas.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13706
                                                                                                                                                                                                Entropy (8bit):4.512938543489413
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:4sAaGWnyUCvYb6klPJFdljLNCZXg54yd+yACOFFytAQm:maG39YeklPJFLjLN+g5h+MtAd
                                                                                                                                                                                                MD5:730C16345E2A2366C2221D5F22980666
                                                                                                                                                                                                SHA1:41E92F0B3AEE2436183E1263AAD85787ECBABF34
                                                                                                                                                                                                SHA-256:813B5264F3F2D2B632B346E800E738E04DC098C7B3A1A2AF64BCF3A6ACBCA037
                                                                                                                                                                                                SHA-512:339A9B6E5788B6B2D627C16B6DCA5A942133B2F113ADC21225C693951D87EE5C476A684565C2A38510A23C42E1DFA0689A62450CB2D741D4AC43A53B9B691606
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.10 : 2017-02-12 : Bulat Ibrahim.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tatar.........401.OK.... .........&....&...&..............&..... .......440.... &........ ....... .&....... .................&......&.... .......&.................... .. ....... ............?.500.&.....&........&......&..........&........&........540.&........... &............ ..&...........&................. &...........&................&.............&................ &.................... &...................&.............&.............. ...................&..... .........&.. ........&............&........... ........60
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10982
                                                                                                                                                                                                Entropy (8bit):4.662514332505228
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Ca+X3gDVs7FuvI9w83Dce6oF3DSiskkSx6NGhu1c9:XAwpe53uUkSWlc9
                                                                                                                                                                                                MD5:47C628C679FF488DDF4E14C457D2FCA0
                                                                                                                                                                                                SHA1:E8DA632E677A92224B5095271087A68C60504B9C
                                                                                                                                                                                                SHA-256:7FD494130F9B96DFCA492D495EF3FD7B4EAACF59F075172898ECE5AEBD1F6FCE
                                                                                                                                                                                                SHA-512:A4A22D6FE3C01A3E3D93C6D555B840EEECD72F396F0BCB5AFD871292BCA5B86F2CA76E3CF44FA71DD6C1B08D6672C50D16D0FBA679A4AF4AA677993A9900E497
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : Sahran.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uyghur..........401........... .......(&Y)........(&N)....(&C)....................(&C).440........ ....(&A)........ ...(&L)............ ........... ....(&B)...... ....(&F)......... .....(&P)......... ................... ... ..........500.......(&F).......(&E)........(&V).......(&A)......(&T).......(&H).540....(&O).......... ........ ...(&I)..... ........ ...(&U)........(&V).......(&E).... .......(&M)........ .....(&C)........ .....(&M).......(&D)....... .......(&S)........ .........(&B)........(&R)........(&N)....... ............. ........... ............(&X).600..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16420
                                                                                                                                                                                                Entropy (8bit):4.346958198063598
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:IyFxzaETT1SP58Hs+5tgxe3+edU74njAMcpsN0RxRgxExJx2B6LZExRlRYhT:ZvTf/eJT
                                                                                                                                                                                                MD5:14C60B55D5400607C7B6443D10B0A37C
                                                                                                                                                                                                SHA1:B92D556FF934F83AC3BEEC3DE20FBB909D0E1AFB
                                                                                                                                                                                                SHA-256:262BCC4EBAE464D1C96FBFCCDCA7813E6F6CC8FDFD78FBB933DE72A2B7AC8367
                                                                                                                                                                                                SHA-512:BC5951287DBAE1BC775293B1CCC3FCE37C2776905FBCF9EC47E49E9A28E6F54B1349B49EBF65631D04617666EED483A91870E255FEDAAAF9A4269B985310EFE1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Andrij Ilechko.; : Mokiy Mazaylo.; : Sergiy Gontaruk.; : Misha Padalka.; 23.01 : 2023-06-20 : Yurii Petrashko.; 24.04 : 2024-04-17 : MrIkso.;.;.;.;.;.0.7-Zip.Ukrainian............401.OK..............&....&...&.................&...........440.... ... &....... ... ..&..........................&.. ........ ......&.. .......... ......&.................... ........, .. ....... ......... ........?.500.&.....&............&.......&...........&............&.........540.&................. .&................. &......&............&...............&..........&......... ..........&....... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14672
                                                                                                                                                                                                Entropy (8bit):4.2852957756152215
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:2dRJSgU9qXjQ8Ob5bpXUa09uQEjvj1/vkW/J/Y/pfN15N:AU9qTQ8sZpXUa09uZp1BQRlB
                                                                                                                                                                                                MD5:0E053B461B1840743441F2B74D73E3EE
                                                                                                                                                                                                SHA1:C3F211F45C0702531C0BB09C13EAFE32634EE9CC
                                                                                                                                                                                                SHA-256:DD414D39F8DA2FBD5CAA0C7A7A9155C5F802B4D45F2E8828A79C7B4B63BD1179
                                                                                                                                                                                                SHA-512:8E2144242E9000290DAD52008B3DB9878B35C1C3182B74273965A5F7B4DC4AFE146D2C97A5318525ADE263753F08413A6FA45B7EC38F9C56D5042787D9E6C78E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-21 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uzbek-Cyrillic.........401......... ..........&...&....&.............&..... ......440....... &......... &.......................&......&..... .....&..... ............ ............. ..........?.500.&.....&............&........&.............&.........&......540.&......&........ ......&......... ......&........&............&..... .........&.......... ..............&.......... ............&.... .........&...... ..........&......... ................&............&.............. ...................... ........... .......&.....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8888
                                                                                                                                                                                                Entropy (8bit):5.049104436584185
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:cNml3r3hrOfvZQY19CUfwb8NKLHnxA4vN5rBBb7U7folni:Sml3r3hrWvZQ69CUfwb84LHxAulBv0oE
                                                                                                                                                                                                MD5:4479712709B19297483D020D11164745
                                                                                                                                                                                                SHA1:ADBF9F8EF1C44E7F7D13EF5E0ABE1F49C4ED3F1B
                                                                                                                                                                                                SHA-256:D62F8D3E7AA1F2636A1AD1B2AEDE0DA9FD725941A5F81D24A9B0B7599CAF0F50
                                                                                                                                                                                                SHA-512:A857B93E9991AEE4CDD6730DE538AB3BFD13620D0A99AEA1F49859B0D479EF4F757C4D99846FC1754691802B5DAFD044FC306BD31C0429DCF15EB5DC3C0B9036
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-20 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uzbek.O.zbekcha.401.OK.Bekor qilmoq....&Ha.&Yo.q.&Yopmoq.Ko.mak..&Davom etmoq.440.Bariga &ha.Bariga &yo.q.To.xtatmoq.Qaytadan.&Fonda.&Fonda emas.&Pauza qilmoq.Pauza qilindi.Bekor qilinsinmi?.500.&Fayl.&Tahrirlamoq.&Ko.rinish.&Tanlanganlar.&Jihozlar.&Ko.mak.540.&Ochmoq.&Ichkarida ochmoq.&Tashqariga ochmoq.&Ko.rinish.&Tahrirlamoq.&Qayta nomlamoq.&Quyidagiga nusxalamoq....&Quyidagiga ko.chirmoq....&Olib tashlamoq.&Faylni bo.lmoq....&Fayllarni birlashtirmoq....&Xususiyatlar.&Sharh....Yakuniy summa.Taqqoslamoq.Jild tuzmoq.Fayl tuzmoq.&Dasturdan chiqmoq.Havola.&Muqobil oqimlar.600.&Barini tanlamoq.Barini tanlamaslik.&Teskari tanlash.Tanlamoq....Tanlamaslik....Turi bo.yicha tanlamoq.Turi bo.yicha tanlamaslik.700.&Yirik ikonkalarda.&Kichik ikonkalarda.&Ro.yxatsimon.&Tafsilotli.730.Saralamaslik.Bejirim ko.rinish.&2 ta panelda.&Jihozlar.Asosiy jildni ochmoq.Bir pog.ona yuqoriga
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9508
                                                                                                                                                                                                Entropy (8bit):4.956382401228677
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bFIzlmWIGz4txB2GnYESx8EvawZP7/uHCkU331:5bUzwxB2GfJwZP7/uHCkO31
                                                                                                                                                                                                MD5:1651078BE7CE617922904CA7941FAE20
                                                                                                                                                                                                SHA1:1FE33F74AAA6AF59B5055B968EF6424107544538
                                                                                                                                                                                                SHA-256:C0D985DEA02778276BA3D3DF96B50B33F7BA0C1EC7C62761F0DCD67A05B62270
                                                                                                                                                                                                SHA-512:E1721EE191E1BA24212E85C013497C66D35DB0E48DF464D2E86762B4A0855AC04FFEC59AF8C259F91DFF0924D977FFEB1FBA92A7C9A951D5F8FDDFD0B02BB67E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.26 : Tomas Miralles.; 4.44 : Fernando Verd..; 24.05 : 2024-05-23 : David Chova.;.;.;.;.;.;.;.;.0.7-Zip.Valencian.Valenci..401.Accepta.Cancel.la....&Si.&No.Tan&ca.Ajuda..&Continua.440.Si a &tot.No a t&ot.Atura.Reinicia.Segon pla.Primer pla.&Pausa.Parat.Esteu segur que voleu cancel.lar?.500.&Fitxer.&Edita.&Mostra.Favorits.Eines.Ajuda.540.&Obri.Obri d&ins.Obri fora.&Mostra.&Edita.Canvia &nom.&Copia a....&Despla.a a....&Suprimeix.&Separa fitxer....Com&bina fitxers....P&ropietats.Come&ntari.Calcula checksum.Difer.ncia.Nova carpeta.Nou fitxer.Ix.Vincula.Fluxos &alternatius.600.Seleccion&a-ho tot.Deselecciona-ho tot.&Inverteix selecci..Selecciona....No selecciones....Selecciona per tipus.No selecciones per tipus.700.Icones g&rans.Icones menudes.&Llista.&Detall.730.No ordenat.Vista plana.&2 Taules.&Barres d'eines.Obri directori arrel.Directori pare.Historial de carpetes....Actualit&za.Actualitza autom.ticament.750.Barra d'eines de Fitxer.Barra d'eines Est.nda
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8111
                                                                                                                                                                                                Entropy (8bit):5.364411458818708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:EpyG/WRw/t50jb9+lrFwm9HIb4He0Wtd2iYNo+rRkRLTEMqbfMu9854Il2cqXK:Ekhw/tmlScwlni8CSku9bW
                                                                                                                                                                                                MD5:A0612FA9EB8196659D15C67AC965A5E6
                                                                                                                                                                                                SHA1:AE733BBAEF962F3A10C5855ED30B6D084C8C5D5F
                                                                                                                                                                                                SHA-256:C73634402C3EFFDB2750AB5CF6F1083ABD8771529BFF6F7E513D646E0FCDAE23
                                                                                                                                                                                                SHA-512:74991149573FBC7B5D9BEF36B0F8CB00951BEBE959F2D9058C227F3E75A874E22C8AA6219BBD643E483E0D969674A9CA9004E33F116BC923A30C872FC3F7909C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : : Tran Hong Ha.; 4.42 : : Le Vu Hoang.; 4.48 : : Nguyen Hong Quan.; 9.07 : 2011-04-12 : Vietnamize Team.;.;.;.;.;.;.;.0.7-Zip.Vietnamese.Ti.ng Vi.t.401...ng ..H.y b.....C..Kh.ng...ng.Gi.p ....Ti.p t.c.440.C. t.t c..Kh.ng t.t c..D.ng.L.m l.i.Ch.y n.n.Ch. .. .u ti.n.D.ng... d.ng.B.n ch.c ch.n mu.n h.y b.?.500.T.p tin.Bi.n t.p.Xem..a th.ch.C.ng c..Gi.p ...540.M..M. t.i ..y.M. trong c.a s. kh.c.Xem.Bi.n t.p...i t.n.Sao ch.p ..n....Di chuy.n ..n....Xo..Chia c.t t.p n.n....N.i t.p n.n....Thu.c t.nh.Ch. th.ch.T.nh checksum (md5).So s.nh.T.o th. m.c.T.o t.p n.n.Tho.t.600.Ch.n t.t c..B. ch.n t.t c....o l.a ch.n.Ch.n....B. ch.n....Ch.n theo lo.i.B. ch.n theo lo.i.700.Bi.u t..ng l.n.Bi.u t..ng nh..Danh s.ch.Chi ti.t.730.Kh.ng s.p x.p.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10469
                                                                                                                                                                                                Entropy (8bit):5.284564106594488
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:8F6LuxAINK+9IPpdcigPDojX4MmlmYplGPvxtdogal+7opiQRDev/4Fq/+ePRRtG:wxAELigPDoHITPjk6b9Fq/+1z
                                                                                                                                                                                                MD5:5D90F9C7771022E43C15A4393A0670CE
                                                                                                                                                                                                SHA1:689269A4B3AED23CDF59ED395732C592B515AC83
                                                                                                                                                                                                SHA-256:DE2497946932D806F822082C3CF9F2F26A18752D9973F9D09E0889A94CE4C28A
                                                                                                                                                                                                SHA-512:7A8BD040989CF66DD0F15BE68DFCF2799C34C491FDF900315AB82619938C79BE9F18C6A5B1A4AC7DF6BBA951B3B309DDAF4F5ED628A69B8B893406F68FBC9510
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 15.00 : 2015-03-29 : Ibrahim Oyekan.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Yoruba.Yoruba.401.O DAA.Pa re....&B..ni.&B..k..&P.d...r.nl.w...&T..-s.w.j..440.B..ni fun &gbogbo ..B..k. fun &gbogbo ..D.r....t.nb..r...&...h.n-.gb.h.n.&Oj.-.gb.h.n.&D.d.r...d.r...e . d.j. pe .nyin f.. paar..500.&Fa.li.&Tunk..&.w..&A.y..&Irin....&.r.nl.w..540.&.i..i &si .n...i &si .ta.&.w..&Tunk..&Tun oruk. k..&...d. si....&Gb. si....&Paar..&P.n fa.li...... .w.n fa.li k.p......&.b.d..&.r. .w.ye.....e i.iro checksum..y.t...D. .p. fa.li sil...D. fa.li sil...&P.d...t..kas..&Yiyan agbara d.t..600....y.n &gbogbo fa.li.Paa ...y.n gbogbo fa.li.&Yi ...y.n Pad.....y.n....Paa ...y.n.......y.n bi ir. fa.li.Paa ...y.n bi ir. fa.li.700.&.mi .l..&.mi K.ker..&Ak.j...&Aw.n alaye.730.Lai t. l.s.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8236
                                                                                                                                                                                                Entropy (8bit):6.029530102631068
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:6vCfchxHZbOVSVzaAP67peMNyE7nA95tLPggo:OxM0VLP677y4Y1PgF
                                                                                                                                                                                                MD5:D13839AF103477DF8CFD0BC2EB876EB0
                                                                                                                                                                                                SHA1:93AF39EBEB9677003DB67B386588409329104F4E
                                                                                                                                                                                                SHA-256:D04E5BD3BF1E3F3754C3603889AA1B659D1DAC518C5C6B5C1C49ECF16DCA1C01
                                                                                                                                                                                                SHA-512:DD79B5A8790E906E8BBE3FE69476126AB76ED472B4374E5FB7F4B272365BC305492832A1E3B95D22FC7D3C9EDD9B013C7BC8871C6BC85A717ACF3B361DA1900F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 2.30 : 2002-09-07 : Modern Tiger, kaZek, Hutu Li.; 3.08 : 2003-08-29 : Tunghsiao Liu.; 22.00 : 2022-06-09 : Tunghsiao Liu.; 24.05 : 2024-05-16 : MagicGenius.;.;.;.;.;.;.;.0.7-Zip.Chinese Simplified......401...........(&Y)..(&N)...(&C).......(&C).440...(&A)...(&L)...........(&B)...(&F)...(&P).............500...(&F)...(&E)...(&V)...(&A)...(&T)...(&H).540...(&O).......(&I).......(&U)...(&V)...(&E)....(&M)....(&C).......(&M)......(&D).....(&S)........(&B)......(&R)...(&N)........................(&X).........(&A).600...(&A)........(&I).....................................700....(&G)....(&M)...(&L).....(&D).730.............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8383
                                                                                                                                                                                                Entropy (8bit):6.039482945933355
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dIEm/UwNgrNf35q4H0PPTo0CCKL9xlDCrBYwlW/A2flOEBV:dxmMwN5LTo/CKJuBdMtNV
                                                                                                                                                                                                MD5:E6C38C199079BE58EE81E8DA55E783AC
                                                                                                                                                                                                SHA1:1AD09B0146F317786AFB0A09C7907E6CCB5C207E
                                                                                                                                                                                                SHA-256:76A17B0A97925E5D6DEB1EBE8AE14F83BD49957C492C3733A0EA178E28B0D74B
                                                                                                                                                                                                SHA-512:014D3FB64B22DA94D5AC7626B3E4BF9321FB05647BDB1BE3EEF79ADD3EFB06EF6B0FC1590031D4E781489AFC96BA4B7E4A86590BCE98C901812E890A4680ED02
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : Leon Tseng, sec2, ...; 9.07 - 24.04 : Jack Pang.;.;.;.;.;.;.;.;.;.0.7-Zip.Chinese Traditional......401...........(&Y)..(&N)...(&C).......(&C).440.....(&A).....(&L).............(&B).....(&F)...(&P)...........?.500...(&F)...(&E)...(&V).....(&A)...(&T)...(&H).540...(&O)......(&I)......(&U)...(&V)...(&E).....(&M)....(&C).......(&M)......(&D).....(&S)........(&B)......(&R)...(&N).........................(&X).........(&A).600...(&A).........(&I)............................700....(&G)....(&M)...(&L).....(&D).730.............(&2)....(&T)...........................(
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6031
                                                                                                                                                                                                Entropy (8bit):5.187853729445909
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:dNlju+xpEYNgOrLJIJzDJu3S3zVSwOrLJIJzAu3S3zVSw7Edxb1wp:pjuoDNgOrNcXJu3S3JSwOrNccu3S3JSE
                                                                                                                                                                                                MD5:761B393DAC39374A072E58AA6A4872FC
                                                                                                                                                                                                SHA1:FA049F28E907AB6A0489D1FEC1746DF3A26D22E2
                                                                                                                                                                                                SHA-256:3A9A7BCA133A8AF4560F48DFA351F941E110D80A2C2466E537EC6680B9FC2DDA
                                                                                                                                                                                                SHA-512:93C5A05469D4469C713370AC8D711CAF57BF87B91B4F77AAA6F950552180548624890EC0E910C0F0E2FA1E05417EDF37E31E9C128815A3811110BCA90885860E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: 7-Zip.. ~~~~~.. License for use and distribution.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.... 7-Zip Copyright (C) 1999-2024 Igor Pavlov..... The licenses for files are:.... - 7z.dll:.. - The "GNU LGPL" as main license for most of the code.. - The "GNU LGPL" with "unRAR license restriction" for some code.. - The "BSD 3-clause License" for some code.. - The "BSD 2-clause License" for some code.. - All other files: the "GNU LGPL"..... Redistributions in binary form must reproduce related license information from this file..... Note:.. You can use 7-Zip on any computer, including a computer in a commercial.. organization. You don't need to register or pay for 7-Zip.......GNU LGPL information..--------------------.... This library is free software; you can redistribute it and/or.. modify it under the terms of the GNU Lesser General Public.. License as published by the Free Software Foundation; either.. version 2.1 of the License, or
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):328296
                                                                                                                                                                                                Entropy (8bit):6.007199310246239
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ZTECIX8CYN9pu168zdrCqXBL0xhV4lH7suR:9s8CYbpu1ddv+xYH77
                                                                                                                                                                                                MD5:62D252FA6272006CA3E63EEE8C51DBDE
                                                                                                                                                                                                SHA1:4C679CED1658B8C57205E22AC507D1AB66DB0B3B
                                                                                                                                                                                                SHA-256:1D348A3EF33838E3D6C365FA34CBD7D667341CAFBE49F16A52D5D42A69F84B41
                                                                                                                                                                                                SHA-512:A6F991940634968C8B918D5488A80908073C6A68E01C21DECD8E5CD5514A313E464D2E5C7F640E84A165B01741B80C8FEDD58017C8B3A5CE678B7D90C4351E21
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................k.....k......k......................q.....a........t......t.....t....t......e...t....Rich..................PE..d...(*.f.........." .........................................................`............`.............................................`... ............r.......0......h(...P......0v..T....................w..(....v...............................................text...~........................... ..`.rdata..(m.......n..................@..@.data...dd... ......................@....pdata...0.......2...&..............@..@.rsrc....r.......t...X..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6031
                                                                                                                                                                                                Entropy (8bit):5.187853729445909
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:dNlju+xpEYNgOrLJIJzDJu3S3zVSwOrLJIJzAu3S3zVSw7Edxb1wp:pjuoDNgOrNcXJu3S3JSwOrNccu3S3JSE
                                                                                                                                                                                                MD5:761B393DAC39374A072E58AA6A4872FC
                                                                                                                                                                                                SHA1:FA049F28E907AB6A0489D1FEC1746DF3A26D22E2
                                                                                                                                                                                                SHA-256:3A9A7BCA133A8AF4560F48DFA351F941E110D80A2C2466E537EC6680B9FC2DDA
                                                                                                                                                                                                SHA-512:93C5A05469D4469C713370AC8D711CAF57BF87B91B4F77AAA6F950552180548624890EC0E910C0F0E2FA1E05417EDF37E31E9C128815A3811110BCA90885860E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: 7-Zip.. ~~~~~.. License for use and distribution.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.... 7-Zip Copyright (C) 1999-2024 Igor Pavlov..... The licenses for files are:.... - 7z.dll:.. - The "GNU LGPL" as main license for most of the code.. - The "GNU LGPL" with "unRAR license restriction" for some code.. - The "BSD 3-clause License" for some code.. - The "BSD 2-clause License" for some code.. - All other files: the "GNU LGPL"..... Redistributions in binary form must reproduce related license information from this file..... Note:.. You can use 7-Zip on any computer, including a computer in a commercial.. organization. You don't need to register or pay for 7-Zip.......GNU LGPL information..--------------------.... This library is free software; you can redistribute it and/or.. modify it under the terms of the GNU Lesser General Public.. License as published by the Free Software Foundation; either.. version 2.1 of the License, or
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1891840
                                                                                                                                                                                                Entropy (8bit):6.29517110582479
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:CmnN6yAgaTr17cdftN0+ju1zzHiDefMyUz/uDIVAlan:BnN34Th7criCDeUyXDiua
                                                                                                                                                                                                MD5:0009BD5E13766D11A23289734B383CBE
                                                                                                                                                                                                SHA1:913784502BE52CE33078D75B97A1C1396414CF44
                                                                                                                                                                                                SHA-256:3691ADCEFC6DA67EEDD02A1B1FC7A21894AFD83ECF1B6216D303ED55A5F8D129
                                                                                                                                                                                                SHA-512:D92CD55FCEF5B15975C741F645F9C3CC53AE7CD5DFFD5D5745ADECF098B9957E8ED379E50F3D0855D54598E950B2DBF79094DA70D94DFD7FC40BDA7163A09B2B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..........................................l................h.............................Rich....................PE..d.....rf.........." .....8...z...... .....................................................`.....................................................x.......p........=..............."...................................................P...............................text....6.......8.................. ..`.rdata..Q....P.......<..............@..@.data...............................@....pdata...=.......>..................@..@.rsrc...p...........................@..@.reloc..\5.......6..................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6210
                                                                                                                                                                                                Entropy (8bit):4.906576204359403
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:JB/W8Ncd1ccFoYjOvyQn5Oo615C94ghyBmIJeuoCueabLBQNksrWgd1kB6b5WlIm:J55UScE5UToWWioSwhbULfTvm4/qxzfN
                                                                                                                                                                                                MD5:553A02739D516379833451440076F884
                                                                                                                                                                                                SHA1:27A428D5EB9F961D6461F94AA3E414F0E3697296
                                                                                                                                                                                                SHA-256:83B1AE6D3486C2653766A28806AC110C9A0AFDE17020CA6AA0B7550A2F10E147
                                                                                                                                                                                                SHA-512:BE3CFF1E392F4216310B455D73E86B485245EBD9C94BC370233C130E14FC97F92FA1C74567025F506D42EADFC21CC1D7F845D76607BB933A1C654FB7A493796F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:HISTORY of the 7-Zip..--------------------....This file contains information about changes for latest versions of 7-Zip...The full changelog file can be downloaded here:..https://7-zip.org/history.txt......24.07 2024-06-19..-------------------------..- The bug was fixed: 7-Zip could crash for some incorrect ZSTD archives.......24.06 2024-05-26..-------------------------..- The bug was fixed: 7-Zip could not unpack some ZSTD archives.......24.05 2024-05-14..-------------------------..- New switch -myv={MMNN} to set decoder compatibility version for 7z archive creating... {MMNN} is 4-digit number that represents the version of 7-Zip without a dot... If -myv={MMNN} switch is specified, 7-Zip will only use compression methods that can.. be decoded by the specified version {MMNN} of 7-Zip and newer versions... If -myv={MMNN} switch is not specified, -myv=2300 is used, and 7-Zip will only.. use compression methods that can be decoded by 7-Zip 23.00 and newer v
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):328296
                                                                                                                                                                                                Entropy (8bit):6.007199310246239
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ZTECIX8CYN9pu168zdrCqXBL0xhV4lH7suR:9s8CYbpu1ddv+xYH77
                                                                                                                                                                                                MD5:62D252FA6272006CA3E63EEE8C51DBDE
                                                                                                                                                                                                SHA1:4C679CED1658B8C57205E22AC507D1AB66DB0B3B
                                                                                                                                                                                                SHA-256:1D348A3EF33838E3D6C365FA34CBD7D667341CAFBE49F16A52D5D42A69F84B41
                                                                                                                                                                                                SHA-512:A6F991940634968C8B918D5488A80908073C6A68E01C21DECD8E5CD5514A313E464D2E5C7F640E84A165B01741B80C8FEDD58017C8B3A5CE678B7D90C4351E21
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................k.....k......k......................q.....a........t......t.....t....t......e...t....Rich..................PE..d...(*.f.........." .........................................................`............`.............................................`... ............r.......0......h(...P......0v..T....................w..(....v...............................................text...~........................... ..`.rdata..(m.......n..................@..@.data...dd... ......................@....pdata...0.......2...&..............@..@.rsrc....r.......t...X..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16637
                                                                                                                                                                                                Entropy (8bit):5.266492744194956
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHbMCbWhkeeN8cWMCD6kRLCAomZrLXwlmIFDi/isobN55ThNDfYjpYa:UfxOD6jngLg6lopjLDwjpYa
                                                                                                                                                                                                MD5:6EE3558516C464A2FF43BDF6F0EF5F2F
                                                                                                                                                                                                SHA1:1CAFB5DB4467AEC4687782CC44F6DF8352BA588D
                                                                                                                                                                                                SHA-256:12707EAAB80F0608E53369D0E8D2ED213124DCB8DFFD65B9573743BAE2BCFB50
                                                                                                                                                                                                SHA-512:FEC1E8A620B435E4480329943F2F7447AFDC233757D8E6B568DD27F7652187730758E38FA2361823BC2A71C4EE083F1E2B0A8A4522EEF98AE6008A754A2FB1EA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginArguments">.. <get/>.. <put/>.. </property>.. <property name="PluginVariables">.. <get/>.. <put/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="AIConvertText"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">....var REGKEY_PATH = "Plugins\\AI.sct/";..var wsh = new ActiveXObject("WScript.Shell");..var fso = new ActiveXObject("Scripting.FileSystemObject");..var pluginArguments = "";..var variables = new Array();..var mergeApp;....function get_PluginEvent() { return "EDITOR_SCRIPT"; }..function get_PluginDescription() { return "AI-assisted text conversion functions"; }..funct
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17965
                                                                                                                                                                                                Entropy (8bit):5.164550570085457
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKeDxvWtmZftw8kloCzFRZqJ7Z36wZ3w1iYa:U6KeDxvWtm9tw8kloV36wZj
                                                                                                                                                                                                MD5:9DB6608941460DBBA2617D5854B5CDC0
                                                                                                                                                                                                SHA1:DD0BB0C8C11478A8E9B27D42BC5EF1E7A15EBB98
                                                                                                                                                                                                SHA-256:68009DB1C6BE9500E0241407CD2CCCD4EFA80CFEF2661BCEAE1C690C02EB745D
                                                                                                                                                                                                SHA-512:EF2EF0026750DBC896AA146493CF66F9799BBE1C935A4D7F5B8B41B9C075AEBFF76ADD491C00C2A24B47EFD89E0B2FF250E925C1AE6DBEEA7FD99A09CEFC600F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will apply selected patch to specified file or folder using GNU patch... Copyright (C) 2015-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Softwa
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):34503
                                                                                                                                                                                                Entropy (8bit):5.118612059167486
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:UqK2D4d3CUnOfqn3tWCk9kj6+I8kloI+duPKNxA1BT0oiD8Urjw:U5QUn4qn7wU8+duPKNb3Q
                                                                                                                                                                                                MD5:6B8B5C550D75510E680D5E776039D660
                                                                                                                                                                                                SHA1:71CBF6965228603AC7894ECBA0C1B8E5AB130546
                                                                                                                                                                                                SHA-256:8F214DA58127DED296C3FBD2CAA9A0F1BB2CDE235D75319D9BA6C18FD66A41E0
                                                                                                                                                                                                SHA-512:471EF8A5B415833B4F488CCE376A0D9DC64C65A8753336FA00377C08899472DCE44312EB2E88AB2C6190EB3E211B2889C71FFF53CD24D8A8C0DD802D3916ED45
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginUnpackedFileExtension">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Excel files... Copyright (C) 2005-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU Gener
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19450
                                                                                                                                                                                                Entropy (8bit):5.167929592463697
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXK+DSmGo3+RwTziNS3q8kloIsDGfPP8NJ2oC8UrxsYa:U6K+DS9RwTzuS3q8kloIsGPENJ2oC8Ui
                                                                                                                                                                                                MD5:F1711CB8222885CBEBCF6E5A169E5B32
                                                                                                                                                                                                SHA1:5AB3B84B4E22EA1B5685B19198B5FF3E5555C246
                                                                                                                                                                                                SHA-256:EDFCC75BF05222849A1AEB3B4565F58C491FBA5642CD49C4A355F3D76A54B898
                                                                                                                                                                                                SHA-512:EC6392BC3CAEA4672EA9F6F55018BF6AC433366E0D69055A2E8481F1B87184C544D116D788FA4144CB8AD0C8FEF7744B0D1A7FAC9ED08FBE736B9A563FC5CB11
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS PowerPoint files... Copyright (C) 2016-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; ei
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17248
                                                                                                                                                                                                Entropy (8bit):5.168586711019873
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKvDvqGlqejCinEr58kloIfs+wP0iNn7W8UIsYa:U6KvDvDqejC6Er58kloIfkPRNn7W8UIw
                                                                                                                                                                                                MD5:CF56F3A41C04830E8BB769BAD576B608
                                                                                                                                                                                                SHA1:49AAF7CF14DC6BB00DFC6C5E216E78CEAB17418E
                                                                                                                                                                                                SHA-256:DA48A7D487A2DDD8A7B8673002DB30AA40629C44744E8D3C3EAEE1EC184605D3
                                                                                                                                                                                                SHA-512:1408BB3AB411A09884DD3C49915E7925ECC54F67E238770E92E1D1CA2B272078504BA57462561A1170D1DD7CB76F3A7F7F40B53CE90555E3B1CDB21F12CBB40F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Visio files... Copyright (C) 2020 dedicatus.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either version 2 of
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19674
                                                                                                                                                                                                Entropy (8bit):5.183518757129629
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKuD/WGjTejV1T3i9RoKTD8kloIJsgDVPHf9NnIABURF8UIsYa:U6KuD/hTeZ1rCSKv8kloIJnP1NnIABUr
                                                                                                                                                                                                MD5:A28135FC9121216A06EF96744E39F09E
                                                                                                                                                                                                SHA1:DFFE34B4AB37B5281F98510F755937057CE25AEE
                                                                                                                                                                                                SHA-256:BBE31396185378BD2829299C8D0A8879A86AE8FA18E4E426AB4378F3D712D9CA
                                                                                                                                                                                                SHA-512:CCB042D9FDD2F5D8E547575AF75FDD94CD186359921654F46AAEF9782C9636567E84374E6544AA3B7DAFCB24413FFC30BC085F0EEB07755CEDE801691D297976
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Word files... Copyright (C) 2008-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either v
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):173160
                                                                                                                                                                                                Entropy (8bit):6.1281484959414785
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:epIp/Rcl3pWU4gM0M2Yy4KUS6XT+TkdxURy0SQJXdJGm1nkfGX2:Vcl3pk8cNKd6j+IYJtUtum
                                                                                                                                                                                                MD5:F7471F10F0D1B908A6A5886AAA7FD8B0
                                                                                                                                                                                                SHA1:41E3BEE7C9E9EC44B3F6A8A771A6630C69F96951
                                                                                                                                                                                                SHA-256:0418CAD9A771E4DF444B03DA6C1F2B0245FBFCEBFF696C3212D91B1F9EA8E51B
                                                                                                                                                                                                SHA-512:8A8B047D2B92F1E26F0FE3B298CD3B88A588A8F261BF83EC1409BDE57E766EF4216FEAFACD1280C22E60FE8638CC1A7B23F82F0BAFAEE63350475CC7FF657CA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....b...(............................................................ ..........................................>......l?..................H....|..h(..............T...................P...(...P................................................text....a.......b.................. ..`.rdata..@............f..............@..@.data....#...P.......4..............@....pdata..H............F..............@..@.rsrc................`..............@..@.reloc...............t..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):151656
                                                                                                                                                                                                Entropy (8bit):6.107937984384151
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:rg0ZJbBAa/nEOV/jk6pRX2f6/0Xq7xsjUpZSDJfynl6XWl3+1nkfGX8:xbWa/n5djx2f68GZqJangm11us
                                                                                                                                                                                                MD5:1A5B8F0D04015B8701E567AEF0436A06
                                                                                                                                                                                                SHA1:6D7EEB82DDEB3B8799817238C20D6967040182A4
                                                                                                                                                                                                SHA-256:67D7A521D61216F4D47EB968026145CB6986AF55F41D63D3BA3FF0EABD218075
                                                                                                                                                                                                SHA-512:B74EFD639258E71C960462FD29D071D502CF1F2D1C6F065A9C440005B322E25E1353CD746C7A23E032214EE1020A291BF2AE8B94B8CA08DEEC4F390E716BB3E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8wd.Y.7.Y.7.Y.7...7.Y.7...7.Y.7...7.Y.7.1.6.Y.7.1.6.Y.7.1.6.Y.7.!.7.Y.7.!.7.Y.7.Y.7.Y.7.0.6.Y.7.0.6.Y.7.0.7.Y.7.Y.7.Y.7.0.6.Y.7Rich.Y.7................PE..d.....;d.........." .....(...........{..............................................Jf.... .................................................\...x....P.. ....0..x....(..h(...p..T...`...T............................................@..0............................text...h&.......(.................. ..`.rdata......@.......,..............@..@.data...T"..........................@....pdata..x....0......................@..@.rsrc... ....P......................@..@.reloc..T....p....... ..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):174184
                                                                                                                                                                                                Entropy (8bit):6.130411111013584
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:oIFnRaH73DmxoWrqg28zF372HW+9IZrIJx8yqUftO0SQDPJ8bH1nkfGXd:Na73DLW2UL2HWuWI2YDybmuN
                                                                                                                                                                                                MD5:982101D523D4CBA30EC1624D24F16BC8
                                                                                                                                                                                                SHA1:2B679342C60D1C05A17952CCFF2180619B8FE04E
                                                                                                                                                                                                SHA-256:CF8CBE11924CE0D1F1872CA3D434A069F5D41D4354634E1D1150CCBB8266733F
                                                                                                                                                                                                SHA-512:61B689331B558848AE49DDB69AE0E4B1D130DF5407FD46D8226871AB9D0C7CF652E2AA2C2F589562532E014CC0F079B59E7B5FD847385FF70F7D57D88AB6507E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....f...(......................................................d~.... ..........................................?......p@..........@.......l.......h(..............T...................0...(...0................................................text....e.......f.................. ..`.rdata..H............j..............@..@.data....#...P.......8..............@....pdata..l............J..............@..@.rsrc...@............d..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):174184
                                                                                                                                                                                                Entropy (8bit):6.128025983894254
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:v4gU6RGJ3MLYu2Q/IgE1WNPOlUir8FlY6dnyUu3m0SQg3R+CbyKW+1nkfGXjD:3GFMaKIt1soUir6lfYgfyN1un
                                                                                                                                                                                                MD5:3F9B6394CEE6FCA47696D33E66BFE254
                                                                                                                                                                                                SHA1:8218E8E137360203245880C67F163B71DD07B5EC
                                                                                                                                                                                                SHA-256:C712D6AD1238CB2836552DCB5DE353C8D59BA02D45A47EB849F870421915CB55
                                                                                                                                                                                                SHA-512:F04515297B977E3DF2578BB968498E9F0D149B91A37BC0054B306DC6EFD458DF0DB57F96CA1878AD664E48FD84FEE4B8FAA825886EBEDCF2C0208AB157359833
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....f...(......................................................I.... .........................................`?.......@..........(.......l.......h(..............T.......................(....................................................text...Hd.......f.................. ..`.rdata...............j..............@..@.data....#...P.......8..............@....pdata..l............J..............@..@.rsrc...(............d..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3158
                                                                                                                                                                                                Entropy (8bit):4.913333479650651
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:UbP8KN8q8F78H8qbax+w+tyQHYZkgefPWSTBt+53v0y8AyOfPmQf:UjbNHM6TVjYcldySOXm6
                                                                                                                                                                                                MD5:10264FB7BBB923F9D4E68DCC7AD85BD1
                                                                                                                                                                                                SHA1:C0317FD2DF0ED86C8D8CB40E496D2B340187A9C2
                                                                                                                                                                                                SHA-256:104578B4B73333839AA5A53B3F827596D98282EB24A55E1E641237B3BD9D5F56
                                                                                                                                                                                                SHA-512:A064E3E43C575A046DCC40A03543A660C4172FD8517F030A0C8188C6AB0ACBFAD9E56E88364E092A41DFE893E2402B174535E15AB2E10721CBA2B80D5B99C642
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PrediffBufferW"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*..+----------------------------------------------------------------------+..| This is a plugin for WinMerge <www.winmerge.org>. |..| It will ignores leading line numbers in text files. |..| Copyright (C) 2007 by Tim Gerundt |..+----------------------------------------------------------------------+..| This program is free software; you can redistribute it and/or modify |..| it under the terms of the GNU Genera
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12982
                                                                                                                                                                                                Entropy (8bit):5.308012785936211
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:GAcOkiyn3B1jbk1pbFDIO9ia7gDQiJTxnVvlkmPEgRLVZQph1mZ7dv1WZQt1Fpys:y1z2hVg8gs2TxnVv+Ngpt
                                                                                                                                                                                                MD5:6EC2668BA9DE05F631D0C709EFA53294
                                                                                                                                                                                                SHA1:1CD6FE9852B3815C7533EA4FDE92FCA9C7480883
                                                                                                                                                                                                SHA-256:2138B9799D3724463D021FCBFC5975BE39C2A44342A23B470A7D039DEDC275F8
                                                                                                                                                                                                SHA-512:9B1B77DEC491699E2909E598FD3AEDC92CC237C68F2131C62C5A83665331388009E4330F35E8A187EB4CBD80270219B2700DD5173D90AC929BAE6F8300E3BEB2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<plugins>.. <plugin name="HandleSchemeHTTP">.. <event value="URL_PACK_UNPACK" />.. <description value="HTTP URL Scheme Handler with curl. &#xD;&#xA;Arguments: Command line options passed to the curl command." />.. <file-filters value="^http://.*$;^https://.*$" />.. <extended-properties value="ProcessType=URL Handling" />.. <is-automatic value="true" />.. <arguments value="--fail -L " />.. <unpack-file>.. <command>curl ${*} -o "${DST_FILE}" "${SRC_FILE}"</command>.. </unpack-file>.. </plugin>.. <plugin name="HandleSchemeReg">.. <event value="URL_PACK_UNPACK" />.. <description value="Windows Registry URL Scheme Handler. &#xD;&#xA;Arguments: Command line options passed to the reg.exe command." />.. <file-filters value="^reg:.*$" />.. <extended-properties value="ProcessType=URL Handling" />.. <is-automatic value="true" />.. <unpacked-file-extension value=".reg" />.. <arguments value="" />.. <unpack-file>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16019
                                                                                                                                                                                                Entropy (8bit):5.014576207070997
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHM60SD2eYGLACDjraBTAG7Y6cWZi/isooLiNb7AeOZXcyo1ToSUGaqdYa:UkSD2T5YZloYebLOZXchToSUGaqdYa
                                                                                                                                                                                                MD5:BF210CD748A78296534C436A735C0D4E
                                                                                                                                                                                                SHA1:815680EDC9568807125A98F7E0D88E672EC6952C
                                                                                                                                                                                                SHA-256:BA61472F28DD8701BC7D69CB41D35FFEA612B68D47892FD11DF293927C2E4148
                                                                                                                                                                                                SHA-512:75CC58DC7EDD8C99646E2C594F2CE1C50C4C21307CB17312B976A4E4B953D820B7A44566704F32A2D1076C4AAD9511B8F27D169CDEEFC692A3CBC66657964D84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="PrediffBufferW"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It does almost the same thing as Substitution filters... Copyright (C) 2018-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either version 2 of the License, or.. (at your option) any later version..... This program is distributed in the hop
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22862
                                                                                                                                                                                                Entropy (8bit):4.900094552445541
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHbMC1y/KAL41x2RjpLdZbde8MicK6vxa7Y6cWmPMu6POPLkXyPoOvLOaaRBTY:UgZ0x2RRDZMicNiYJsGwXy7YT/UCO7
                                                                                                                                                                                                MD5:C9781B687B8922BFDD40BA4551751151
                                                                                                                                                                                                SHA1:27D4D50F1C80A020FD3A50F184080603DE79A260
                                                                                                                                                                                                SHA-256:C30B40B32152E04EAC978AD1B1A1A9C39E66FF83CB58A3539179346EFA1F8627
                                                                                                                                                                                                SHA-512:10515CF98C943EA09D0466A9232E56CCFE3F42084C481DE47D45D631A2008355E8AB8E632AF718355994F21640EBDB7E1CC91D82EED585468137BC11414D14AD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginArguments">.. <get/>.. <put/>.. </property>.. <property name="PluginVariables">.. <get/>.. <put/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="ExecFilterCommand"/>.. <method name="MakeUpper"/>.. <method name="MakeLower"/>.. <method name="RemoveDuplicates"/>.. <method name="CountDuplicates"/>.. <method name="SortAscending"/>.. <method name="SortDescending"/>.. <method name="ReverseColumns"/>.. <method name="ReverseLines"/>.. <method name="SelectColumns"/>.. <method name="SelectLines"/>.. <method name="Replace" internalName="ReplaceText"/>.. <method name="Tokenize"/>.. <method name="Trim"/>..</imp
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                Entropy (8bit):4.993711086926044
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:RJbCX0K5z0mC2z0kz0F3Stje0L6CBxnHRwnfV+f3M15:zbZK5omokoF3SBe4HBxWnt+Ef
                                                                                                                                                                                                MD5:41C871180E6CDDAF7BE40507AF66D75C
                                                                                                                                                                                                SHA1:FA4E77B051B46B05041779E2B0FE6E542A552D6B
                                                                                                                                                                                                SHA-256:C68D5B3A64CC80B2FC08BA9A96404F935954D31EB2B952B1617DE84459CBEB8C
                                                                                                                                                                                                SHA-512:50A539412CB16EBF4B8D957F6D5C42D75AF9132FBA1B5F74633A588354B477F30A8B8F830D125D6015701489569EFD6A92380636B0D189B6D3D40648492EAF23
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>....<implements type="Automation" id="dispatcher">...<property name="PluginEvent">....<get/>...</property>...<property name="PluginDescription">....<get/>...</property>...<property name="PluginExtendedProperties">....<get/>...</property>...<property name="PluginFileFilters">....<get/>...</property>...<method name="InsertDate"/>...<method name="InsertTime"/>..</implements>....<script language="JScript">....function get_PluginEvent() {...return "EDITOR_SCRIPT";..}....function get_PluginDescription() {...return "Date and time insertion function";..}....function get_PluginFileFilters() {...return ".*";..}....function get_PluginExtendedProperties() {...return "InsertDate.MenuCaption=Insert Date;InsertTime.MenuCaption=Insert Time";..}....// transformation functions..function InsertDate(Text) {...return Text + (new Date()).toLocaleDateString();..}....function InsertTime(Text) {...return Text + (new Date()).toLocaleTimeString();..}....</script>..</scriptlet>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3158
                                                                                                                                                                                                Entropy (8bit):4.913333479650651
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:UbP8KN8q8F78H8qbax+w+tyQHYZkgefPWSTBt+53v0y8AyOfPmQf:UjbNHM6TVjYcldySOXm6
                                                                                                                                                                                                MD5:10264FB7BBB923F9D4E68DCC7AD85BD1
                                                                                                                                                                                                SHA1:C0317FD2DF0ED86C8D8CB40E496D2B340187A9C2
                                                                                                                                                                                                SHA-256:104578B4B73333839AA5A53B3F827596D98282EB24A55E1E641237B3BD9D5F56
                                                                                                                                                                                                SHA-512:A064E3E43C575A046DCC40A03543A660C4172FD8517F030A0C8188C6AB0ACBFAD9E56E88364E092A41DFE893E2402B174535E15AB2E10721CBA2B80D5B99C642
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PrediffBufferW"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*..+----------------------------------------------------------------------+..| This is a plugin for WinMerge <www.winmerge.org>. |..| It will ignores leading line numbers in text files. |..| Copyright (C) 2007 by Tim Gerundt |..+----------------------------------------------------------------------+..| This program is free software; you can redistribute it and/or modify |..| it under the terms of the GNU Genera
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):174184
                                                                                                                                                                                                Entropy (8bit):6.130411111013584
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:oIFnRaH73DmxoWrqg28zF372HW+9IZrIJx8yqUftO0SQDPJ8bH1nkfGXd:Na73DLW2UL2HWuWI2YDybmuN
                                                                                                                                                                                                MD5:982101D523D4CBA30EC1624D24F16BC8
                                                                                                                                                                                                SHA1:2B679342C60D1C05A17952CCFF2180619B8FE04E
                                                                                                                                                                                                SHA-256:CF8CBE11924CE0D1F1872CA3D434A069F5D41D4354634E1D1150CCBB8266733F
                                                                                                                                                                                                SHA-512:61B689331B558848AE49DDB69AE0E4B1D130DF5407FD46D8226871AB9D0C7CF652E2AA2C2F589562532E014CC0F079B59E7B5FD847385FF70F7D57D88AB6507E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....f...(......................................................d~.... ..........................................?......p@..........@.......l.......h(..............T...................0...(...0................................................text....e.......f.................. ..`.rdata..H............j..............@..@.data....#...P.......8..............@....pdata..l............J..............@..@.rsrc...@............d..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):151656
                                                                                                                                                                                                Entropy (8bit):6.107937984384151
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:rg0ZJbBAa/nEOV/jk6pRX2f6/0Xq7xsjUpZSDJfynl6XWl3+1nkfGX8:xbWa/n5djx2f68GZqJangm11us
                                                                                                                                                                                                MD5:1A5B8F0D04015B8701E567AEF0436A06
                                                                                                                                                                                                SHA1:6D7EEB82DDEB3B8799817238C20D6967040182A4
                                                                                                                                                                                                SHA-256:67D7A521D61216F4D47EB968026145CB6986AF55F41D63D3BA3FF0EABD218075
                                                                                                                                                                                                SHA-512:B74EFD639258E71C960462FD29D071D502CF1F2D1C6F065A9C440005B322E25E1353CD746C7A23E032214EE1020A291BF2AE8B94B8CA08DEEC4F390E716BB3E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8wd.Y.7.Y.7.Y.7...7.Y.7...7.Y.7...7.Y.7.1.6.Y.7.1.6.Y.7.1.6.Y.7.!.7.Y.7.!.7.Y.7.Y.7.Y.7.0.6.Y.7.0.6.Y.7.0.7.Y.7.Y.7.Y.7.0.6.Y.7Rich.Y.7................PE..d.....;d.........." .....(...........{..............................................Jf.... .................................................\...x....P.. ....0..x....(..h(...p..T...`...T............................................@..0............................text...h&.......(.................. ..`.rdata......@.......,..............@..@.data...T"..........................@....pdata..x....0......................@..@.rsrc... ....P......................@..@.reloc..T....p....... ..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22862
                                                                                                                                                                                                Entropy (8bit):4.900094552445541
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHbMC1y/KAL41x2RjpLdZbde8MicK6vxa7Y6cWmPMu6POPLkXyPoOvLOaaRBTY:UgZ0x2RRDZMicNiYJsGwXy7YT/UCO7
                                                                                                                                                                                                MD5:C9781B687B8922BFDD40BA4551751151
                                                                                                                                                                                                SHA1:27D4D50F1C80A020FD3A50F184080603DE79A260
                                                                                                                                                                                                SHA-256:C30B40B32152E04EAC978AD1B1A1A9C39E66FF83CB58A3539179346EFA1F8627
                                                                                                                                                                                                SHA-512:10515CF98C943EA09D0466A9232E56CCFE3F42084C481DE47D45D631A2008355E8AB8E632AF718355994F21640EBDB7E1CC91D82EED585468137BC11414D14AD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginArguments">.. <get/>.. <put/>.. </property>.. <property name="PluginVariables">.. <get/>.. <put/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="ExecFilterCommand"/>.. <method name="MakeUpper"/>.. <method name="MakeLower"/>.. <method name="RemoveDuplicates"/>.. <method name="CountDuplicates"/>.. <method name="SortAscending"/>.. <method name="SortDescending"/>.. <method name="ReverseColumns"/>.. <method name="ReverseLines"/>.. <method name="SelectColumns"/>.. <method name="SelectLines"/>.. <method name="Replace" internalName="ReplaceText"/>.. <method name="Tokenize"/>.. <method name="Trim"/>..</imp
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):34503
                                                                                                                                                                                                Entropy (8bit):5.118612059167486
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:UqK2D4d3CUnOfqn3tWCk9kj6+I8kloI+duPKNxA1BT0oiD8Urjw:U5QUn4qn7wU8+duPKNb3Q
                                                                                                                                                                                                MD5:6B8B5C550D75510E680D5E776039D660
                                                                                                                                                                                                SHA1:71CBF6965228603AC7894ECBA0C1B8E5AB130546
                                                                                                                                                                                                SHA-256:8F214DA58127DED296C3FBD2CAA9A0F1BB2CDE235D75319D9BA6C18FD66A41E0
                                                                                                                                                                                                SHA-512:471EF8A5B415833B4F488CCE376A0D9DC64C65A8753336FA00377C08899472DCE44312EB2E88AB2C6190EB3E211B2889C71FFF53CD24D8A8C0DD802D3916ED45
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginUnpackedFileExtension">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Excel files... Copyright (C) 2005-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU Gener
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):173160
                                                                                                                                                                                                Entropy (8bit):6.1281484959414785
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:epIp/Rcl3pWU4gM0M2Yy4KUS6XT+TkdxURy0SQJXdJGm1nkfGX2:Vcl3pk8cNKd6j+IYJtUtum
                                                                                                                                                                                                MD5:F7471F10F0D1B908A6A5886AAA7FD8B0
                                                                                                                                                                                                SHA1:41E3BEE7C9E9EC44B3F6A8A771A6630C69F96951
                                                                                                                                                                                                SHA-256:0418CAD9A771E4DF444B03DA6C1F2B0245FBFCEBFF696C3212D91B1F9EA8E51B
                                                                                                                                                                                                SHA-512:8A8B047D2B92F1E26F0FE3B298CD3B88A588A8F261BF83EC1409BDE57E766EF4216FEAFACD1280C22E60FE8638CC1A7B23F82F0BAFAEE63350475CC7FF657CA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....b...(............................................................ ..........................................>......l?..................H....|..h(..............T...................P...(...P................................................text....a.......b.................. ..`.rdata..@............f..............@..@.data....#...P.......4..............@....pdata..H............F..............@..@.rsrc................`..............@..@.reloc...............t..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12982
                                                                                                                                                                                                Entropy (8bit):5.308012785936211
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:GAcOkiyn3B1jbk1pbFDIO9ia7gDQiJTxnVvlkmPEgRLVZQph1mZ7dv1WZQt1Fpys:y1z2hVg8gs2TxnVv+Ngpt
                                                                                                                                                                                                MD5:6EC2668BA9DE05F631D0C709EFA53294
                                                                                                                                                                                                SHA1:1CD6FE9852B3815C7533EA4FDE92FCA9C7480883
                                                                                                                                                                                                SHA-256:2138B9799D3724463D021FCBFC5975BE39C2A44342A23B470A7D039DEDC275F8
                                                                                                                                                                                                SHA-512:9B1B77DEC491699E2909E598FD3AEDC92CC237C68F2131C62C5A83665331388009E4330F35E8A187EB4CBD80270219B2700DD5173D90AC929BAE6F8300E3BEB2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<plugins>.. <plugin name="HandleSchemeHTTP">.. <event value="URL_PACK_UNPACK" />.. <description value="HTTP URL Scheme Handler with curl. &#xD;&#xA;Arguments: Command line options passed to the curl command." />.. <file-filters value="^http://.*$;^https://.*$" />.. <extended-properties value="ProcessType=URL Handling" />.. <is-automatic value="true" />.. <arguments value="--fail -L " />.. <unpack-file>.. <command>curl ${*} -o "${DST_FILE}" "${SRC_FILE}"</command>.. </unpack-file>.. </plugin>.. <plugin name="HandleSchemeReg">.. <event value="URL_PACK_UNPACK" />.. <description value="Windows Registry URL Scheme Handler. &#xD;&#xA;Arguments: Command line options passed to the reg.exe command." />.. <file-filters value="^reg:.*$" />.. <extended-properties value="ProcessType=URL Handling" />.. <is-automatic value="true" />.. <unpacked-file-extension value=".reg" />.. <arguments value="" />.. <unpack-file>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16019
                                                                                                                                                                                                Entropy (8bit):5.014576207070997
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHM60SD2eYGLACDjraBTAG7Y6cWZi/isooLiNb7AeOZXcyo1ToSUGaqdYa:UkSD2T5YZloYebLOZXchToSUGaqdYa
                                                                                                                                                                                                MD5:BF210CD748A78296534C436A735C0D4E
                                                                                                                                                                                                SHA1:815680EDC9568807125A98F7E0D88E672EC6952C
                                                                                                                                                                                                SHA-256:BA61472F28DD8701BC7D69CB41D35FFEA612B68D47892FD11DF293927C2E4148
                                                                                                                                                                                                SHA-512:75CC58DC7EDD8C99646E2C594F2CE1C50C4C21307CB17312B976A4E4B953D820B7A44566704F32A2D1076C4AAD9511B8F27D169CDEEFC692A3CBC66657964D84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="PrediffBufferW"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It does almost the same thing as Substitution filters... Copyright (C) 2018-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either version 2 of the License, or.. (at your option) any later version..... This program is distributed in the hop
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17965
                                                                                                                                                                                                Entropy (8bit):5.164550570085457
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKeDxvWtmZftw8kloCzFRZqJ7Z36wZ3w1iYa:U6KeDxvWtm9tw8kloV36wZj
                                                                                                                                                                                                MD5:9DB6608941460DBBA2617D5854B5CDC0
                                                                                                                                                                                                SHA1:DD0BB0C8C11478A8E9B27D42BC5EF1E7A15EBB98
                                                                                                                                                                                                SHA-256:68009DB1C6BE9500E0241407CD2CCCD4EFA80CFEF2661BCEAE1C690C02EB745D
                                                                                                                                                                                                SHA-512:EF2EF0026750DBC896AA146493CF66F9799BBE1C935A4D7F5B8B41B9C075AEBFF76ADD491C00C2A24B47EFD89E0B2FF250E925C1AE6DBEEA7FD99A09CEFC600F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will apply selected patch to specified file or folder using GNU patch... Copyright (C) 2015-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Softwa
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19450
                                                                                                                                                                                                Entropy (8bit):5.167929592463697
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXK+DSmGo3+RwTziNS3q8kloIsDGfPP8NJ2oC8UrxsYa:U6K+DS9RwTzuS3q8kloIsGPENJ2oC8Ui
                                                                                                                                                                                                MD5:F1711CB8222885CBEBCF6E5A169E5B32
                                                                                                                                                                                                SHA1:5AB3B84B4E22EA1B5685B19198B5FF3E5555C246
                                                                                                                                                                                                SHA-256:EDFCC75BF05222849A1AEB3B4565F58C491FBA5642CD49C4A355F3D76A54B898
                                                                                                                                                                                                SHA-512:EC6392BC3CAEA4672EA9F6F55018BF6AC433366E0D69055A2E8481F1B87184C544D116D788FA4144CB8AD0C8FEF7744B0D1A7FAC9ED08FBE736B9A563FC5CB11
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS PowerPoint files... Copyright (C) 2016-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; ei
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                Entropy (8bit):4.993711086926044
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:RJbCX0K5z0mC2z0kz0F3Stje0L6CBxnHRwnfV+f3M15:zbZK5omokoF3SBe4HBxWnt+Ef
                                                                                                                                                                                                MD5:41C871180E6CDDAF7BE40507AF66D75C
                                                                                                                                                                                                SHA1:FA4E77B051B46B05041779E2B0FE6E542A552D6B
                                                                                                                                                                                                SHA-256:C68D5B3A64CC80B2FC08BA9A96404F935954D31EB2B952B1617DE84459CBEB8C
                                                                                                                                                                                                SHA-512:50A539412CB16EBF4B8D957F6D5C42D75AF9132FBA1B5F74633A588354B477F30A8B8F830D125D6015701489569EFD6A92380636B0D189B6D3D40648492EAF23
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>....<implements type="Automation" id="dispatcher">...<property name="PluginEvent">....<get/>...</property>...<property name="PluginDescription">....<get/>...</property>...<property name="PluginExtendedProperties">....<get/>...</property>...<property name="PluginFileFilters">....<get/>...</property>...<method name="InsertDate"/>...<method name="InsertTime"/>..</implements>....<script language="JScript">....function get_PluginEvent() {...return "EDITOR_SCRIPT";..}....function get_PluginDescription() {...return "Date and time insertion function";..}....function get_PluginFileFilters() {...return ".*";..}....function get_PluginExtendedProperties() {...return "InsertDate.MenuCaption=Insert Date;InsertTime.MenuCaption=Insert Time";..}....// transformation functions..function InsertDate(Text) {...return Text + (new Date()).toLocaleDateString();..}....function InsertTime(Text) {...return Text + (new Date()).toLocaleTimeString();..}....</script>..</scriptlet>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19674
                                                                                                                                                                                                Entropy (8bit):5.183518757129629
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKuD/WGjTejV1T3i9RoKTD8kloIJsgDVPHf9NnIABURF8UIsYa:U6KuD/hTeZ1rCSKv8kloIJnP1NnIABUr
                                                                                                                                                                                                MD5:A28135FC9121216A06EF96744E39F09E
                                                                                                                                                                                                SHA1:DFFE34B4AB37B5281F98510F755937057CE25AEE
                                                                                                                                                                                                SHA-256:BBE31396185378BD2829299C8D0A8879A86AE8FA18E4E426AB4378F3D712D9CA
                                                                                                                                                                                                SHA-512:CCB042D9FDD2F5D8E547575AF75FDD94CD186359921654F46AAEF9782C9636567E84374E6544AA3B7DAFCB24413FFC30BC085F0EEB07755CEDE801691D297976
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Word files... Copyright (C) 2008-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either v
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17248
                                                                                                                                                                                                Entropy (8bit):5.168586711019873
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKvDvqGlqejCinEr58kloIfs+wP0iNn7W8UIsYa:U6KvDvDqejC6Er58kloIfkPRNn7W8UIw
                                                                                                                                                                                                MD5:CF56F3A41C04830E8BB769BAD576B608
                                                                                                                                                                                                SHA1:49AAF7CF14DC6BB00DFC6C5E216E78CEAB17418E
                                                                                                                                                                                                SHA-256:DA48A7D487A2DDD8A7B8673002DB30AA40629C44744E8D3C3EAEE1EC184605D3
                                                                                                                                                                                                SHA-512:1408BB3AB411A09884DD3C49915E7925ECC54F67E238770E92E1D1CA2B272078504BA57462561A1170D1DD7CB76F3A7F7F40B53CE90555E3B1CDB21F12CBB40F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Visio files... Copyright (C) 2020 dedicatus.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either version 2 of
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16637
                                                                                                                                                                                                Entropy (8bit):5.266492744194956
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHbMCbWhkeeN8cWMCD6kRLCAomZrLXwlmIFDi/isobN55ThNDfYjpYa:UfxOD6jngLg6lopjLDwjpYa
                                                                                                                                                                                                MD5:6EE3558516C464A2FF43BDF6F0EF5F2F
                                                                                                                                                                                                SHA1:1CAFB5DB4467AEC4687782CC44F6DF8352BA588D
                                                                                                                                                                                                SHA-256:12707EAAB80F0608E53369D0E8D2ED213124DCB8DFFD65B9573743BAE2BCFB50
                                                                                                                                                                                                SHA-512:FEC1E8A620B435E4480329943F2F7447AFDC233757D8E6B568DD27F7652187730758E38FA2361823BC2A71C4EE083F1E2B0A8A4522EEF98AE6008A754A2FB1EA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginArguments">.. <get/>.. <put/>.. </property>.. <property name="PluginVariables">.. <get/>.. <put/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="AIConvertText"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">....var REGKEY_PATH = "Plugins\\AI.sct/";..var wsh = new ActiveXObject("WScript.Shell");..var fso = new ActiveXObject("Scripting.FileSystemObject");..var pluginArguments = "";..var variables = new Array();..var mergeApp;....function get_PluginEvent() { return "EDITOR_SCRIPT"; }..function get_PluginDescription() { return "AI-assisted text conversion functions"; }..funct
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):174184
                                                                                                                                                                                                Entropy (8bit):6.128025983894254
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:v4gU6RGJ3MLYu2Q/IgE1WNPOlUir8FlY6dnyUu3m0SQg3R+CbyKW+1nkfGXjD:3GFMaKIt1soUir6lfYgfyN1un
                                                                                                                                                                                                MD5:3F9B6394CEE6FCA47696D33E66BFE254
                                                                                                                                                                                                SHA1:8218E8E137360203245880C67F163B71DD07B5EC
                                                                                                                                                                                                SHA-256:C712D6AD1238CB2836552DCB5DE353C8D59BA02D45A47EB849F870421915CB55
                                                                                                                                                                                                SHA-512:F04515297B977E3DF2578BB968498E9F0D149B91A37BC0054B306DC6EFD458DF0DB57F96CA1878AD664E48FD84FEE4B8FAA825886EBEDCF2C0208AB157359833
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....f...(......................................................I.... .........................................`?.......@..........(.......l.......h(..............T.......................(....................................................text...Hd.......f.................. ..`.rdata...............j..............@..@.data....#...P.......8..............@....pdata..l............J..............@..@.rsrc...(............d..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):231528
                                                                                                                                                                                                Entropy (8bit):6.506056630709445
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:+CZG4+tGZQSUWBCQbYdMOS4vRUmg7ZqSblN7ZqSH6ruN:+8G4+hSU0CosMOSie/6g
                                                                                                                                                                                                MD5:48F286AB3AFD0BC27E7ED7B929D6FE61
                                                                                                                                                                                                SHA1:04AFC07428E16954DB452961CB4B19F5DBD3B50A
                                                                                                                                                                                                SHA-256:775F3855AFA14F54AB9DB1C2587C4B3558A65CE6F98BA818765A3A4462F96777
                                                                                                                                                                                                SHA-512:C422CB6EF070D9A5C92CBBBD95C2B8F1E8E619BCCD6B30F4CD041A9CE071ECE937CDCD1F7F0722803ABDBD17B8DBAB5900BD7419FA278FBDFFE27D30D04230E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......r..@6...6...6.....O.;.....M.......L./...d..$...d..$...d......?.=.0...?.-.'...6..........1......7.....A.7...6.).7......7...Rich6...........................PE..L.../..c...........!.........h......................................................A.....@.................................l...........x............`..h(...p...... ...............................@...@...............8............................text...i........................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):270952
                                                                                                                                                                                                Entropy (8bit):6.235786739473447
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:U9y9rRdn9lYRI5YN9neE1OlGqQMbWdg7ZqSblN7ZqSkulb:U9y99lYR0eoE1MhZWdeX
                                                                                                                                                                                                MD5:67DF5A575E5B257CD500BACA605EA4D1
                                                                                                                                                                                                SHA1:FD9530086765B59E852D57C48193A1D07CA2CE77
                                                                                                                                                                                                SHA-256:77D4DC3911803F369B47A8622191B77F77F8FAC6C7ED7607A6B58F1CFF454AEC
                                                                                                                                                                                                SHA-512:F8EF332CFF398E74EF9247C50EE120D1554C82545C15D617C38AED9D07E35DCC0F84A7B26506EBB09930F1AB80BE59C092142B25866A7DD320C02F50C30F201C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.r.n...n...n....z..i....z.......z..`...<...~...<...f...<...C...g...k...g...o...g.......n..........i......o......o...n..o......o...Richn...........PE..d...>..c.........." .....,...................................................0.......;....`................................................../..........x....p..........h(... ..@....................................................@...............................text....+.......,.................. ..`.rdata..:....@.......0..............@..@.data....$...@.......0..............@....pdata.......p... ...B..............@..@.rsrc...x............b..............@..@.reloc..@.... ......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18327
                                                                                                                                                                                                Entropy (8bit):4.734251349778708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lq2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDT2:lzun1iYWrTXo0UDT2
                                                                                                                                                                                                MD5:537A8603E1EDA9DE80EE34F607C0CB09
                                                                                                                                                                                                SHA1:9871A6FC4895037B02AC04978AB4A21D9BA4030C
                                                                                                                                                                                                SHA-256:D3533C10B656BEC2782600B05B471ABE3AC916E228B27929CDA1F83C49D7E7A5
                                                                                                                                                                                                SHA-512:5DDFA15A89DCF147072A442C05AA16AF6A215FE8A3811E5A71007099D260687929A5505373F96B9F70EF21E101DC7042345CD358150367905C4CBA18E5DA32B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed........ Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free software, we are referring to freedom, not..price. Our General Publi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5890152
                                                                                                                                                                                                Entropy (8bit):6.2624617822339985
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:Ea7Y1TumEKF433tbclfg+H3hPAQ+VX+1/v9WfdYZTqT8B/qGRzftBfKO1:Z7C0QXA4pgsRNKq
                                                                                                                                                                                                MD5:FB54BD8252D68DB9B863CAFF77C82BE8
                                                                                                                                                                                                SHA1:359870716D28C1C2AB5CDF09F2A73EBDCE4169FF
                                                                                                                                                                                                SHA-256:AE0380BF2A7871C5194369A41562253BD290F761DA712BC8BAFFD62DA404CE4B
                                                                                                                                                                                                SHA-512:4641C7D4DD25E4E1CE5B6FCA998DB4C2F1D8FF87D8D4FA7FDE55109AB875901C10595F23065AAEEFDF18BAE822055ADC29CD7F75E983DDF26873EDF55EF72F11
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......c.$.'.J.'.J.'.J.B.I.9.J.B.O...J..W..#.J.u.O.d.J.u.N...J.u.I.*.J.B.N...J.B.K.6.J.'.K...J...C...J...J.&.J.....&.J.'..&.J...H.&.J.Rich'.J.........................PE..d......f.........." ......&...3......_....................................... Z......zZ...`...........................................C.....|.C.......Y.......X.,9....Y.h(....Y..<....@.T...................p.@.(...p.@..............0&..............................text.....&.......&................. ..`.rdata.......0&.......&.............@..@.data...@\... C.. ....C.............@....pdata..,9....X..:...&X.............@..@_RDATA..P.....Y......`Y.............@..@.rsrc.........Y......lY.............@..@.reloc...<....Y..>...zY.............@..B........................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with very long lines (803), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17878
                                                                                                                                                                                                Entropy (8bit):4.695697603212868
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:BIQaInRRSW6sQwCbhwTJ7But8KMyTypHC:BbJWjKt2fRypHC
                                                                                                                                                                                                MD5:1FBED70BE9D970D3DA399F33DAE9CC51
                                                                                                                                                                                                SHA1:FCB646ADBB54442641203F196FA5B4A373AD3508
                                                                                                                                                                                                SHA-256:D51615A1A47F1DDBB027920D60D3FC30A00E1284C795A47857883E641349FADF
                                                                                                                                                                                                SHA-512:E445F64E5CBEE05C28194E56F66B09C27434E4815C9F1AE8089ABCD6F6F327B29A8ECEA5E7D1517D77F43B22443DC4864EA5DC10DDDA9C2C9FE95B4DEBF66198
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GNU General Public License, version 2 (GPL-2.0)..[OSI Approved License]..The GNU General Public License (GPL-2.0)..Version 2, June 1991....Copyright (C) 1989, 1991 Free Software Foundation, Inc...59 Temple Place, Suite 330, Boston, MA 02111-1307 USA....Everyone is permitted to copy and distribute verbatim copies..of this license document, but changing it is not allowed.....Preamble....The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.....When we speak of free software, we are referring t
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with very long lines (803), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17878
                                                                                                                                                                                                Entropy (8bit):4.695697603212868
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:BIQaInRRSW6sQwCbhwTJ7But8KMyTypHC:BbJWjKt2fRypHC
                                                                                                                                                                                                MD5:1FBED70BE9D970D3DA399F33DAE9CC51
                                                                                                                                                                                                SHA1:FCB646ADBB54442641203F196FA5B4A373AD3508
                                                                                                                                                                                                SHA-256:D51615A1A47F1DDBB027920D60D3FC30A00E1284C795A47857883E641349FADF
                                                                                                                                                                                                SHA-512:E445F64E5CBEE05C28194E56F66B09C27434E4815C9F1AE8089ABCD6F6F327B29A8ECEA5E7D1517D77F43B22443DC4864EA5DC10DDDA9C2C9FE95B4DEBF66198
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GNU General Public License, version 2 (GPL-2.0)..[OSI Approved License]..The GNU General Public License (GPL-2.0)..Version 2, June 1991....Copyright (C) 1989, 1991 Free Software Foundation, Inc...59 Temple Place, Suite 330, Boston, MA 02111-1307 USA....Everyone is permitted to copy and distribute verbatim copies..of this license document, but changing it is not allowed.....Preamble....The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.....When we speak of free software, we are referring t
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5890152
                                                                                                                                                                                                Entropy (8bit):6.2624617822339985
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:Ea7Y1TumEKF433tbclfg+H3hPAQ+VX+1/v9WfdYZTqT8B/qGRzftBfKO1:Z7C0QXA4pgsRNKq
                                                                                                                                                                                                MD5:FB54BD8252D68DB9B863CAFF77C82BE8
                                                                                                                                                                                                SHA1:359870716D28C1C2AB5CDF09F2A73EBDCE4169FF
                                                                                                                                                                                                SHA-256:AE0380BF2A7871C5194369A41562253BD290F761DA712BC8BAFFD62DA404CE4B
                                                                                                                                                                                                SHA-512:4641C7D4DD25E4E1CE5B6FCA998DB4C2F1D8FF87D8D4FA7FDE55109AB875901C10595F23065AAEEFDF18BAE822055ADC29CD7F75E983DDF26873EDF55EF72F11
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......c.$.'.J.'.J.'.J.B.I.9.J.B.O...J..W..#.J.u.O.d.J.u.N...J.u.I.*.J.B.N...J.B.K.6.J.'.K...J...C...J...J.&.J.....&.J.'..&.J...H.&.J.Rich'.J.........................PE..d......f.........." ......&...3......_....................................... Z......zZ...`...........................................C.....|.C.......Y.......X.,9....Y.h(....Y..<....@.T...................p.@.(...p.@..............0&..............................text.....&.......&................. ..`.rdata.......0&.......&.............@..@.data...@\... C.. ....C.............@....pdata..,9....X..:...&X.............@..@_RDATA..P.....Y......`Y.............@..@.rsrc.........Y......lY.............@..@.reloc...<....Y..>...zY.............@..B........................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18327
                                                                                                                                                                                                Entropy (8bit):4.734251349778708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lq2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDT2:lzun1iYWrTXo0UDT2
                                                                                                                                                                                                MD5:537A8603E1EDA9DE80EE34F607C0CB09
                                                                                                                                                                                                SHA1:9871A6FC4895037B02AC04978AB4A21D9BA4030C
                                                                                                                                                                                                SHA-256:D3533C10B656BEC2782600B05B471ABE3AC916E228B27929CDA1F83C49D7E7A5
                                                                                                                                                                                                SHA-512:5DDFA15A89DCF147072A442C05AA16AF6A215FE8A3811E5A71007099D260687929A5505373F96B9F70EF21E101DC7042345CD358150367905C4CBA18E5DA32B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed........ Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free software, we are referring to freedom, not..price. Our General Publi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):122632
                                                                                                                                                                                                Entropy (8bit):6.4016593965630335
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:TOjhZA084Keuiz5xVRmX+OzFYlifJJr95fQcCVK1nlsWjcdqOCXf9yjZUhchRIM:ih2euiFfRi+Gb954VKYqRX1yj0chuM
                                                                                                                                                                                                MD5:0BF44140B929D5B80CF5F3A8FBA33767
                                                                                                                                                                                                SHA1:C8B1D80346C5B1DD9BB76A5BEE624E790BC9C5D9
                                                                                                                                                                                                SHA-256:5A520B3DE6C24FBD81A0281F7B3D3FDB97455F1D5E14880BDE423DD765A2C8B6
                                                                                                                                                                                                SHA-512:3B6D236F48E0BA55D0835E83E940C54E9B81986669C1CA1DD0D1BCC1D11F32C9DF4A2DF657B83EDF9DA09B724E0761D1245F79717571150AAEBE1BC94D3330CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0h..^;..^;..^;...;..^;.;..^;.;..^;.;..^;..;..^;..;..^;.._;..^;...;..^;...;..^;.;..^;...;..^;...;..^;Rich..^;................PE..L....FiU............................e........0....@.......................... .......v....@............................................(...........................`2..8...........................X...@............0...............................text............................... ..`.rdata...m...0...n..................@..@.data....6..........................@....rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):340072
                                                                                                                                                                                                Entropy (8bit):6.236429451655527
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:uqI8aJqnYpaopav9rANh4iH/2mehHD09g7ZqSblN7ZqSeuWG:1I8ayYaooav4ifSw9eGG
                                                                                                                                                                                                MD5:7FA97064B821222911AB56418DDA766F
                                                                                                                                                                                                SHA1:94B700B2700768C350F9CF99C8D56AD06A4AB72C
                                                                                                                                                                                                SHA-256:D4AFC650BE1E06A0F046BEA8E40FE8BA9ADE737F4C04551A47A047F00A0B44A3
                                                                                                                                                                                                SHA-512:24B5811619B784100F353B388210D6FB50A24FD1CCD9323DD2DA06456FD3C7FCACC82F5245B7BC7AA51A2316EDEEDC42E495D6B8BB2C5ED2A4DBDC6EE25AE25C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................{................................................j.......g...H......H.......H........n.....H.......Rich...........PE..d...G..c.........." .........4...............................................P....../X....`.........................................p4.......5..........8}.......'......h(...@..0......p...................@...(...@................................................text...H........................... ..`.rdata..4C.......D..................@..@.data....<...P...(..................@....pdata...'.......(...V..............@..@.rsrc...8}.......~...~..............@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12963
                                                                                                                                                                                                Entropy (8bit):7.925718429173417
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:vow0jei22S1Q6TDcRT/OMsv+9erSN3WJvf3ef9:v1li22bxR7Omsw3wf3w
                                                                                                                                                                                                MD5:7F2D19F0BD3F3D39349A070A9CFAC515
                                                                                                                                                                                                SHA1:C54BD1C6293CB645C272EB8DEB8379AC15A131FC
                                                                                                                                                                                                SHA-256:38E98FD13D730A17F500A23FD57D6625CC1A84F2A198B25528BC943AAEE71DEC
                                                                                                                                                                                                SHA-512:544D10F78071DD19C89CDC5A12ABB7082FC2B2D2192CACD90C9D52EC8A2130163D778A234656837010E5AE47DD06AC16E9D47BB49131B4FAE1A728364B23FF9B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..-.....qG[V................resources.pri.YKo.U.>..#q.<.BB...Z.p&....i...".)E]@..Il.z\)b..._@b..`..%.,Y.`.uV.E.P7.;g<..=c%.....;.w...s....i...A$Qu..@0.h...... T.f..<l=..u,3..*.s`.?.....U.j7,...?....wl...F9...J.....k.v#.N.)./...K...l<..D<.....MA...........|?.........'...l<.k.^.#...?&.4..W.../.....{..Z ..h....H......D2L..0...N...M.`y.,l...[.-..&l...{.F.('..]...Z..g.*...W...}..\^.*b\...x......I..Q.K&w.Y...Z....s...h... .).^...7..j......U^....X...iX...M.t."........;..&0F.X..L.?..34.u...$F...y.<....(.A....|.....}................S1.$.M..D....S...?.q.j..,.gI../..aU..NboS.k.;..N..,..F(^.9...LX...U..r.i5l..B/#....".A......Q.w.C.vQM-....{.l.a...J..{.$7G.....?....F.H+z.LBy.....L.)W..:-...+"...1W.-8.h..[..D{...z..T..B.s.|GTq..........w....x...V....8v..V...i..>h7.h.......^..^.n9...m7...[.{.,..zSxwK..R.w..:v..=AJmn\..y..y./.B{...,>. Q.........i.u?.+....qZ.......3H.<..S.u..{Ux.y..$.I..'3Of..<.y2...).S..0Oa..<.y*.T..#..s.o..a?.~.}...........O....^..i.>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                Entropy (8bit):5.3027942884485455
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd6GyaVic4subiKFNFWZMXKmBwjxlXDhkQwYVkQwYzTpJL36YzTpJsCHDWVWx:TMHdj8iK9Wu3AzIToTrz6oTrsEKVWKQ
                                                                                                                                                                                                MD5:33F4B444448D11D1E9740FB35F5A7241
                                                                                                                                                                                                SHA1:3B94031F9A890979A111447F51B7056B3AE85ED8
                                                                                                                                                                                                SHA-256:9F57ABA99AC13C6CE2E76E29C9D11EC2BBDFD891E93E363EE77B2BE4C5A2DFFA
                                                                                                                                                                                                SHA-512:167D465162E170A84DA8E4A1D7F98D5987EAF5575DEFE3683C7B227053AEB5CE2321B1F5E8DD0A05AAF2341E61EED47E10A964C6427894008CF4C9A24789980E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <VisualElements ForegroundText="dark" BackgroundColor="#ffcc00" ShowNameOnSquare150x150Logo="on" Square150x150Logo="LogoImages\WinMergeLogo.png" Square70x70Logo="LogoImages\WinMergeLogoSmall.png"></VisualElements>..</Application>
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5942376
                                                                                                                                                                                                Entropy (8bit):6.299890332325301
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:bTjoHtA+frPbp1fMaF+1PRw5mstdq9ge6qk+LYoek5eo2wA1LScaXhTW/xIrMMHO:jo7LbHV89cJ6U67p0aa5pR+Fxk/n
                                                                                                                                                                                                MD5:4D8808EB623326E39416F884B2DF745B
                                                                                                                                                                                                SHA1:18E1ADF7FDCA89EC61658053EC30A43A932846DF
                                                                                                                                                                                                SHA-256:5F5662E7931C7FBE47EDC151D82786A77EF6BDC89E2D1841074E52624EFD03B9
                                                                                                                                                                                                SHA-512:91679935F1B83C2011E3E7BD0D915E61B39B3BFC0CFA48803F2A4E97B3D20C4A002B8E06E352B0C4831BDA0670794C8034BA0393CCFF3FC571D717B651DA2D1F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z...z...z...nt..l...nt..y...su.{...1......1...{...s..k...s..s...s.....1...x...1...k...1...T...1...e...z......nt..R..ntw.{...z...{...nt..{...Richz...........................PE..d......f.........."....(../..>+......."........@..............................[......#[...`.................................................H.C.,.....I..r....G.p9....Z.h(...`Z.|...0B=.8....................D=.(... .2.@.............0.X.....C......................text...../......./................. ..`.rdata..n.....0......./.............@..@.data.........C.......C.............@....pdata..p9....G..:....F.............@..@.didat........I.......H.............@....rsrc....r....I..t....H.............@..@.reloc..|....`Z......lY.............@..B................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with very long lines (755), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1487
                                                                                                                                                                                                Entropy (8bit):5.127789429693583
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ECUnezobbOOrYFTVJYrYFTzL6pfBTPZ90432smEOkus8WROL32s3yxtTfy13tT+u:EhOOrYJkrYJzIpPD0432sBG32s3Etm1J
                                                                                                                                                                                                MD5:9C0B1BF4EDDE006A1555AD00FD3FE284
                                                                                                                                                                                                SHA1:7407F5BB872A885E6661CE446BAEFCAABB2FF0B7
                                                                                                                                                                                                SHA-256:91C29D20C6B25189282AADBED84B966FFA15D43DF08F6E49C0219759AC41D6D0
                                                                                                                                                                                                SHA-512:107C3DFC9ADDC7DE0014EBF706EA400095E3F936139FC67C944F1B73BB2C68E5885886BC832C5C64D22D1F01853F759A3BD98155363BA3C5605E761FE879CB85
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:BSD License....Copyright 2022 Takashi Sawanaka....Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:....1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIG
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):860
                                                                                                                                                                                                Entropy (8bit):4.902937000591333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ThCV0SpcI8wr7yAIfSygoIOkHuaAPTbVLoex:ThkiI8wrunKytEH+Vfx
                                                                                                                                                                                                MD5:D5B7BAC1AE57582869ECF8B1F3243D8C
                                                                                                                                                                                                SHA1:A58DDA665AC087FA825BDA1FCEA44E34DAA2D196
                                                                                                                                                                                                SHA-256:FB7FA14CFDFD4BD21D64358765CD79DA2B404B44D49FA1C6B3BEC2242714EE18
                                                                                                                                                                                                SHA-512:A07863830A5958489E582FF9647C2ADFC2603AE97E2EE576E37AAC8D3853D5CDD41D652CD152909EF8AE5560C30F7E2DF1BEFF31320A05C72BB21614CFDDD279
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:/*.. * LibXDiff by Davide Libenzi ( File Differential Library ).. * Copyright (C) 2003 Davide Libenzi.. *.. * This library is free software; you can redistribute it and/or.. * modify it under the terms of the GNU Lesser General Public.. * License as published by the Free Software Foundation; either.. * version 2.1 of the License, or (at your option) any later version... *.. * This library is distributed in the hope that it will be useful,.. * but WITHOUT ANY WARRANTY; without even the implied warranty of.. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.. * Lesser General Public License for more details... *.. * You should have received a copy of the GNU Lesser General Public.. * License along with this library; if not, see.. * <http://www.gnu.org/licenses/>... *.. * Davide Libenzi <davidel@xmailserver.org>.. */..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):670
                                                                                                                                                                                                Entropy (8bit):4.884035919764548
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:wtVJ2jsmsenXezxIbMFuTw7MqL+TU0E+mbo5rHr1knd7FQ+psEP:wtVJo9nMxIbHvqoU0E+1Hr1k11psEP
                                                                                                                                                                                                MD5:45012EF845556A24C0B4DDD3B7F54A05
                                                                                                                                                                                                SHA1:317D02B655E4C5E0E36A98D7C1E172CC4D4D62FC
                                                                                                                                                                                                SHA-256:189C31AF9A4039BC88E2136808E05184DD6BC1FE4C6220E1E0E9CBCBCC1C7147
                                                                                                                                                                                                SHA-512:8DC210FC2A04BB6EC0BC0B89D60290AF10337B22DA4596BEE9A4DE4EDE39BE3F134FE5085D0F1493EFA37AEEC15B786363213E78F111DA6EFC501A331824980D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Tencent is pleased to support the open source community by making RapidJSON available.....Copyright (C) 2015 THL A29 Limited, a Tencent company, and Milo Yip.....Licensed under the MIT License (the "License"); you may not use this file except..in compliance with the License. You may obtain a copy of the License at....http://opensource.org/licenses/MIT....Unless required by applicable law or agreed to in writing, software distributed ..under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR ..CONDITIONS OF ANY KIND, either express or implied. See the License for the ..specific language governing permissions and limitations under the License...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1513
                                                                                                                                                                                                Entropy (8bit):5.136012912152702
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:SDQ3Unz/+bO3rYFT7+JrrYFTkL3DocKBTO9ws43z5Ezku+KWROm3zMyxWTfyJC3q:SDyO3rYJErYJkLDocu87439x3wEWmJC6
                                                                                                                                                                                                MD5:CC79FE00ADA185A51D411C9F952EA4E0
                                                                                                                                                                                                SHA1:05B7C80D0D0AF5295502A1765A6C45A0D42B9F70
                                                                                                                                                                                                SHA-256:24DEADEA987F1C7682753A8CEF4E70BDE8A13CC65684E06CAB9A965469362075
                                                                                                                                                                                                SHA-512:E863E26952F87942B104C513175A981B3DFC935D7CC7F4413810014F6CB4971B84DF0335B0B312AD8FA6F8058A13856204658C89C74CF207951068F6A455B4C3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (C) Microsoft Corporation. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:.... * Redistributions of source code must retain the above copyright..notice, this list of conditions and the following disclaimer... * Redistributions in binary form must reproduce the above..copyright notice, this list of conditions and the following disclaimer..in the documentation and/or other materials provided with the..distribution... * The name of Microsoft Corporation, or the names of its contributors ..may not be used to endorse or promote products derived from this..software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR..A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO E
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1183
                                                                                                                                                                                                Entropy (8bit):4.970653488973928
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:rbDQjrTJHjwH0ydO3gtzL001hzlY9QHbsUv45xHOk4/+M/3oqqFT:rbDYnJclEE/4QHbs55P6/3oDFT
                                                                                                                                                                                                MD5:27E94C0280987AB296B0B8DD02AB9FE5
                                                                                                                                                                                                SHA1:FC3DEFDB0EC07BABC6FA8696113812C5A4CCD74A
                                                                                                                                                                                                SHA-256:DEA9265341829002E2C23A7372393EB2ED6E26085FB623F38A4BA0AF833F30A6
                                                                                                                                                                                                SHA-512:380D4D2A2C7FAAB2B1C5F462B1509B1A65FBD1D3EA8EC467F3C3C57C1A034734AD6988E8F3432D6569FCBC33A76A5A7C2D4E0C2CF2419EA085ABF3BFE7759DFF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: MIT License.... Copyright (c) Microsoft Corporation. All rights reserved..... Permission is hereby granted, free of charge, to any person obtaining a copy.. of this software and associated documentation files (the "Software"), to deal.. in the Software without restriction, including without limitation the rights.. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.. copies of the Software, and to permit persons to whom the Software is.. furnished to do so, subject to the following conditions:.... The above copyright notice and this permission notice shall be included in all.. copies or substantial portions of the Software..... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHE
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):668776
                                                                                                                                                                                                Entropy (8bit):6.328514867434423
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:rvnq5biv9syEtOrklL2vcmY6+9san1ZfA6bnbgbdbUmb4oVtGTAc3Up/eUvuOssP:rvnq5ucx2vnY60Dn8
                                                                                                                                                                                                MD5:F3A37578A408E3EE7F623BE01E269B00
                                                                                                                                                                                                SHA1:6AE747FEE9E23F57A8F4C420B5018ED7122D949E
                                                                                                                                                                                                SHA-256:E98DF6AC7157C70A57C2E641268FF5BA512CE8FE852B4CAAC733F078A22EA33A
                                                                                                                                                                                                SHA-512:466C35C8AD51EFA57389716643B72C156F503171CBFF36D855A990ACA5850C509BB7BCD7AC43BFEF1A5931582ED96F08E22976B2D0F95C94000FFD713C58B8D4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}D..*...*...*..d/.(.*.......*...)...*.../...*..d)...*..d....*..d+...*...+.T.*...*...*..#...*..*...*.....*.......*..(...*.Rich..*.................PE..d....b.e.........." ...&.*...................................................P......>#....`..........................................G......LH...............P...D......h(...@......T1..p....................3..(....S..@............@..p....E..@....................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......L..............@....pdata...D...P...F...(..............@..@_RDATA...............n..............@..@.rsrc................p..............@..@.reloc.......@......................@..B................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with very long lines (755), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1487
                                                                                                                                                                                                Entropy (8bit):5.127789429693583
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ECUnezobbOOrYFTVJYrYFTzL6pfBTPZ90432smEOkus8WROL32s3yxtTfy13tT+u:EhOOrYJkrYJzIpPD0432sBG32s3Etm1J
                                                                                                                                                                                                MD5:9C0B1BF4EDDE006A1555AD00FD3FE284
                                                                                                                                                                                                SHA1:7407F5BB872A885E6661CE446BAEFCAABB2FF0B7
                                                                                                                                                                                                SHA-256:91C29D20C6B25189282AADBED84B966FFA15D43DF08F6E49C0219759AC41D6D0
                                                                                                                                                                                                SHA-512:107C3DFC9ADDC7DE0014EBF706EA400095E3F936139FC67C944F1B73BB2C68E5885886BC832C5C64D22D1F01853F759A3BD98155363BA3C5605E761FE879CB85
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:BSD License....Copyright 2022 Takashi Sawanaka....Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:....1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIG
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):670
                                                                                                                                                                                                Entropy (8bit):4.884035919764548
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:wtVJ2jsmsenXezxIbMFuTw7MqL+TU0E+mbo5rHr1knd7FQ+psEP:wtVJo9nMxIbHvqoU0E+1Hr1k11psEP
                                                                                                                                                                                                MD5:45012EF845556A24C0B4DDD3B7F54A05
                                                                                                                                                                                                SHA1:317D02B655E4C5E0E36A98D7C1E172CC4D4D62FC
                                                                                                                                                                                                SHA-256:189C31AF9A4039BC88E2136808E05184DD6BC1FE4C6220E1E0E9CBCBCC1C7147
                                                                                                                                                                                                SHA-512:8DC210FC2A04BB6EC0BC0B89D60290AF10337B22DA4596BEE9A4DE4EDE39BE3F134FE5085D0F1493EFA37AEEC15B786363213E78F111DA6EFC501A331824980D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Tencent is pleased to support the open source community by making RapidJSON available.....Copyright (C) 2015 THL A29 Limited, a Tencent company, and Milo Yip.....Licensed under the MIT License (the "License"); you may not use this file except..in compliance with the License. You may obtain a copy of the License at....http://opensource.org/licenses/MIT....Unless required by applicable law or agreed to in writing, software distributed ..under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR ..CONDITIONS OF ANY KIND, either express or implied. See the License for the ..specific language governing permissions and limitations under the License...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1183
                                                                                                                                                                                                Entropy (8bit):4.970653488973928
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:rbDQjrTJHjwH0ydO3gtzL001hzlY9QHbsUv45xHOk4/+M/3oqqFT:rbDYnJclEE/4QHbs55P6/3oDFT
                                                                                                                                                                                                MD5:27E94C0280987AB296B0B8DD02AB9FE5
                                                                                                                                                                                                SHA1:FC3DEFDB0EC07BABC6FA8696113812C5A4CCD74A
                                                                                                                                                                                                SHA-256:DEA9265341829002E2C23A7372393EB2ED6E26085FB623F38A4BA0AF833F30A6
                                                                                                                                                                                                SHA-512:380D4D2A2C7FAAB2B1C5F462B1509B1A65FBD1D3EA8EC467F3C3C57C1A034734AD6988E8F3432D6569FCBC33A76A5A7C2D4E0C2CF2419EA085ABF3BFE7759DFF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: MIT License.... Copyright (c) Microsoft Corporation. All rights reserved..... Permission is hereby granted, free of charge, to any person obtaining a copy.. of this software and associated documentation files (the "Software"), to deal.. in the Software without restriction, including without limitation the rights.. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.. copies of the Software, and to permit persons to whom the Software is.. furnished to do so, subject to the following conditions:.... The above copyright notice and this permission notice shall be included in all.. copies or substantial portions of the Software..... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHE
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):860
                                                                                                                                                                                                Entropy (8bit):4.902937000591333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ThCV0SpcI8wr7yAIfSygoIOkHuaAPTbVLoex:ThkiI8wrunKytEH+Vfx
                                                                                                                                                                                                MD5:D5B7BAC1AE57582869ECF8B1F3243D8C
                                                                                                                                                                                                SHA1:A58DDA665AC087FA825BDA1FCEA44E34DAA2D196
                                                                                                                                                                                                SHA-256:FB7FA14CFDFD4BD21D64358765CD79DA2B404B44D49FA1C6B3BEC2242714EE18
                                                                                                                                                                                                SHA-512:A07863830A5958489E582FF9647C2ADFC2603AE97E2EE576E37AAC8D3853D5CDD41D652CD152909EF8AE5560C30F7E2DF1BEFF31320A05C72BB21614CFDDD279
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:/*.. * LibXDiff by Davide Libenzi ( File Differential Library ).. * Copyright (C) 2003 Davide Libenzi.. *.. * This library is free software; you can redistribute it and/or.. * modify it under the terms of the GNU Lesser General Public.. * License as published by the Free Software Foundation; either.. * version 2.1 of the License, or (at your option) any later version... *.. * This library is distributed in the hope that it will be useful,.. * but WITHOUT ANY WARRANTY; without even the implied warranty of.. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.. * Lesser General Public License for more details... *.. * You should have received a copy of the GNU Lesser General Public.. * License along with this library; if not, see.. * <http://www.gnu.org/licenses/>... *.. * Davide Libenzi <davidel@xmailserver.org>.. */..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1513
                                                                                                                                                                                                Entropy (8bit):5.136012912152702
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:SDQ3Unz/+bO3rYFT7+JrrYFTkL3DocKBTO9ws43z5Ezku+KWROm3zMyxWTfyJC3q:SDyO3rYJErYJkLDocu87439x3wEWmJC6
                                                                                                                                                                                                MD5:CC79FE00ADA185A51D411C9F952EA4E0
                                                                                                                                                                                                SHA1:05B7C80D0D0AF5295502A1765A6C45A0D42B9F70
                                                                                                                                                                                                SHA-256:24DEADEA987F1C7682753A8CEF4E70BDE8A13CC65684E06CAB9A965469362075
                                                                                                                                                                                                SHA-512:E863E26952F87942B104C513175A981B3DFC935D7CC7F4413810014F6CB4971B84DF0335B0B312AD8FA6F8058A13856204658C89C74CF207951068F6A455B4C3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (C) Microsoft Corporation. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:.... * Redistributions of source code must retain the above copyright..notice, this list of conditions and the following disclaimer... * Redistributions in binary form must reproduce the above..copyright notice, this list of conditions and the following disclaimer..in the documentation and/or other materials provided with the..distribution... * The name of Microsoft Corporation, or the names of its contributors ..may not be used to endorse or promote products derived from this..software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR..A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO E
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):668776
                                                                                                                                                                                                Entropy (8bit):6.328514867434423
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:rvnq5biv9syEtOrklL2vcmY6+9san1ZfA6bnbgbdbUmb4oVtGTAc3Up/eUvuOssP:rvnq5ucx2vnY60Dn8
                                                                                                                                                                                                MD5:F3A37578A408E3EE7F623BE01E269B00
                                                                                                                                                                                                SHA1:6AE747FEE9E23F57A8F4C420B5018ED7122D949E
                                                                                                                                                                                                SHA-256:E98DF6AC7157C70A57C2E641268FF5BA512CE8FE852B4CAAC733F078A22EA33A
                                                                                                                                                                                                SHA-512:466C35C8AD51EFA57389716643B72C156F503171CBFF36D855A990ACA5850C509BB7BCD7AC43BFEF1A5931582ED96F08E22976B2D0F95C94000FFD713C58B8D4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}D..*...*...*..d/.(.*.......*...)...*.../...*..d)...*..d....*..d+...*...+.T.*...*...*..#...*..*...*.....*.......*..(...*.Rich..*.................PE..d....b.e.........." ...&.*...................................................P......>#....`..........................................G......LH...............P...D......h(...@......T1..p....................3..(....S..@............@..p....E..@....................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......L..............@....pdata...D...P...F...(..............@..@_RDATA...............n..............@..@.rsrc................p..............@..@.reloc.......@......................@..B................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):122632
                                                                                                                                                                                                Entropy (8bit):6.4016593965630335
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:TOjhZA084Keuiz5xVRmX+OzFYlifJJr95fQcCVK1nlsWjcdqOCXf9yjZUhchRIM:ih2euiFfRi+Gb954VKYqRX1yj0chuM
                                                                                                                                                                                                MD5:0BF44140B929D5B80CF5F3A8FBA33767
                                                                                                                                                                                                SHA1:C8B1D80346C5B1DD9BB76A5BEE624E790BC9C5D9
                                                                                                                                                                                                SHA-256:5A520B3DE6C24FBD81A0281F7B3D3FDB97455F1D5E14880BDE423DD765A2C8B6
                                                                                                                                                                                                SHA-512:3B6D236F48E0BA55D0835E83E940C54E9B81986669C1CA1DD0D1BCC1D11F32C9DF4A2DF657B83EDF9DA09B724E0761D1245F79717571150AAEBE1BC94D3330CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0h..^;..^;..^;...;..^;.;..^;.;..^;.;..^;..;..^;..;..^;.._;..^;...;..^;...;..^;.;..^;...;..^;...;..^;Rich..^;................PE..L....FiU............................e........0....@.......................... .......v....@............................................(...........................`2..8...........................X...@............0...............................text............................... ..`.rdata...m...0...n..................@..@.data....6..........................@....rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1189992
                                                                                                                                                                                                Entropy (8bit):6.415868713769688
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:WtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxytO:WqTytRFk6ek1LP
                                                                                                                                                                                                MD5:364B8FA0269A0789DCB7A9673C7757E4
                                                                                                                                                                                                SHA1:5C79E2DE33A41E75406CADD51C7B19AC46DC36D8
                                                                                                                                                                                                SHA-256:45C892CE5FD9A5A0AEDA80743C816038AEAAEB8A68B8217BDF88351E5B27B43B
                                                                                                                                                                                                SHA-512:F74ECA9DFDE0C9D90E3A0A505B7CE9A193A474881E9565281C77BBF615BC33B6228D70491C2ADC6FD7E6C2EF09E33C8B53DD7C2BD078036014655ACC584A9018
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................w.....@......@..............................@8...0..................h(................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                Entropy (8bit):5.3027942884485455
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd6GyaVic4subiKFNFWZMXKmBwjxlXDhkQwYVkQwYzTpJL36YzTpJsCHDWVWx:TMHdj8iK9Wu3AzIToTrz6oTrsEKVWKQ
                                                                                                                                                                                                MD5:33F4B444448D11D1E9740FB35F5A7241
                                                                                                                                                                                                SHA1:3B94031F9A890979A111447F51B7056B3AE85ED8
                                                                                                                                                                                                SHA-256:9F57ABA99AC13C6CE2E76E29C9D11EC2BBDFD891E93E363EE77B2BE4C5A2DFFA
                                                                                                                                                                                                SHA-512:167D465162E170A84DA8E4A1D7F98D5987EAF5575DEFE3683C7B227053AEB5CE2321B1F5E8DD0A05AAF2341E61EED47E10A964C6427894008CF4C9A24789980E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <VisualElements ForegroundText="dark" BackgroundColor="#ffcc00" ShowNameOnSquare150x150Logo="on" Square150x150Logo="LogoImages\WinMergeLogo.png" Square70x70Logo="LogoImages\WinMergeLogoSmall.png"></VisualElements>..</Application>
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):340072
                                                                                                                                                                                                Entropy (8bit):6.236429451655527
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:uqI8aJqnYpaopav9rANh4iH/2mehHD09g7ZqSblN7ZqSeuWG:1I8ayYaooav4ifSw9eGG
                                                                                                                                                                                                MD5:7FA97064B821222911AB56418DDA766F
                                                                                                                                                                                                SHA1:94B700B2700768C350F9CF99C8D56AD06A4AB72C
                                                                                                                                                                                                SHA-256:D4AFC650BE1E06A0F046BEA8E40FE8BA9ADE737F4C04551A47A047F00A0B44A3
                                                                                                                                                                                                SHA-512:24B5811619B784100F353B388210D6FB50A24FD1CCD9323DD2DA06456FD3C7FCACC82F5245B7BC7AA51A2316EDEEDC42E495D6B8BB2C5ED2A4DBDC6EE25AE25C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................{................................................j.......g...H......H.......H........n.....H.......Rich...........PE..d...G..c.........." .........4...............................................P....../X....`.........................................p4.......5..........8}.......'......h(...@..0......p...................@...(...@................................................text...H........................... ..`.rdata..4C.......D..................@..@.data....<...P...(..................@....pdata...'.......(...V..............@..@.rsrc...8}.......~...~..............@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5942376
                                                                                                                                                                                                Entropy (8bit):6.299890332325301
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:bTjoHtA+frPbp1fMaF+1PRw5mstdq9ge6qk+LYoek5eo2wA1LScaXhTW/xIrMMHO:jo7LbHV89cJ6U67p0aa5pR+Fxk/n
                                                                                                                                                                                                MD5:4D8808EB623326E39416F884B2DF745B
                                                                                                                                                                                                SHA1:18E1ADF7FDCA89EC61658053EC30A43A932846DF
                                                                                                                                                                                                SHA-256:5F5662E7931C7FBE47EDC151D82786A77EF6BDC89E2D1841074E52624EFD03B9
                                                                                                                                                                                                SHA-512:91679935F1B83C2011E3E7BD0D915E61B39B3BFC0CFA48803F2A4E97B3D20C4A002B8E06E352B0C4831BDA0670794C8034BA0393CCFF3FC571D717B651DA2D1F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z...z...z...nt..l...nt..y...su.{...1......1...{...s..k...s..s...s.....1...x...1...k...1...T...1...e...z......nt..R..ntw.{...z...{...nt..{...Richz...........................PE..d......f.........."....(../..>+......."........@..............................[......#[...`.................................................H.C.,.....I..r....G.p9....Z.h(...`Z.|...0B=.8....................D=.(... .2.@.............0.X.....C......................text...../......./................. ..`.rdata..n.....0......./.............@..@.data.........C.......C.............@....pdata..p9....G..:....F.............@..@.didat........I.......H.............@....rsrc....r....I..t....H.............@..@.reloc..|....`Z......lY.............@..B................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):154392
                                                                                                                                                                                                Entropy (8bit):6.410645671172494
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:ch1yOJV6GvMclVIWpkGX1KHgFR1xI+UvaV/IS4a6/YU8ia:ch1PVEfYxKH6RCx/4V
                                                                                                                                                                                                MD5:5712FDE78B6C327C4BCC9292FCC96453
                                                                                                                                                                                                SHA1:80FE537FCFDB3D139287F3D229DB511BFF6F487A
                                                                                                                                                                                                SHA-256:3A1B37A40F949236D15A23A124C64957C7A4A3B74C8E4BA0FD06BDF287E00D12
                                                                                                                                                                                                SHA-512:311AEA3A1BFC63B7550016385C0CF9D0BAE9F7BD12C7E71456BC5C7D80E940F1AC90824DFB63C6123947B03195DA1293D5EEBC03331E25FC952740E9F71C9DEA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...e.zUe.zUe.zU.@.Ua.zU.@.U..zU.@.Uh.zU7..Tn.zU7.~Ti.zU.@.U`.zUe.{U..zU7.yTl.zU7.sTk.zU7.zTd.zU7..Ud.zU7.xTd.zURiche.zU........................PE..d.....0].........." .....>...........d.......................................p............`.....................................................<....@....... ...........A...`..........8............................................P...............................text....<.......>.................. ..`.rdata......P.......B..............@..@.data...............................@....pdata....... ......................@..@.rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):270952
                                                                                                                                                                                                Entropy (8bit):6.235786739473447
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:U9y9rRdn9lYRI5YN9neE1OlGqQMbWdg7ZqSblN7ZqSkulb:U9y99lYR0eoE1MhZWdeX
                                                                                                                                                                                                MD5:67DF5A575E5B257CD500BACA605EA4D1
                                                                                                                                                                                                SHA1:FD9530086765B59E852D57C48193A1D07CA2CE77
                                                                                                                                                                                                SHA-256:77D4DC3911803F369B47A8622191B77F77F8FAC6C7ED7607A6B58F1CFF454AEC
                                                                                                                                                                                                SHA-512:F8EF332CFF398E74EF9247C50EE120D1554C82545C15D617C38AED9D07E35DCC0F84A7B26506EBB09930F1AB80BE59C092142B25866A7DD320C02F50C30F201C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.r.n...n...n....z..i....z.......z..`...<...~...<...f...<...C...g...k...g...o...g.......n..........i......o......o...n..o......o...Richn...........PE..d...>..c.........." .....,...................................................0.......;....`................................................../..........x....p..........h(... ..@....................................................@...............................text....+.......,.................. ..`.rdata..:....@.......0..............@..@.data....$...@.......0..............@....pdata.......p... ...B..............@..@.rsrc...x............b..............@..@.reloc..@.... ......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):231528
                                                                                                                                                                                                Entropy (8bit):6.506056630709445
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:+CZG4+tGZQSUWBCQbYdMOS4vRUmg7ZqSblN7ZqSH6ruN:+8G4+hSU0CosMOSie/6g
                                                                                                                                                                                                MD5:48F286AB3AFD0BC27E7ED7B929D6FE61
                                                                                                                                                                                                SHA1:04AFC07428E16954DB452961CB4B19F5DBD3B50A
                                                                                                                                                                                                SHA-256:775F3855AFA14F54AB9DB1C2587C4B3558A65CE6F98BA818765A3A4462F96777
                                                                                                                                                                                                SHA-512:C422CB6EF070D9A5C92CBBBD95C2B8F1E8E619BCCD6B30F4CD041A9CE071ECE937CDCD1F7F0722803ABDBD17B8DBAB5900BD7419FA278FBDFFE27D30D04230E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......r..@6...6...6.....O.;.....M.......L./...d..$...d..$...d......?.=.0...?.-.'...6..........1......7.....A.7...6.).7......7...Rich6...........................PE..L.../..c...........!.........h......................................................A.....@.................................l...........x............`..h(...p...... ...............................@...@...............8............................text...i........................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12963
                                                                                                                                                                                                Entropy (8bit):7.925718429173417
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:vow0jei22S1Q6TDcRT/OMsv+9erSN3WJvf3ef9:v1li22bxR7Omsw3wf3w
                                                                                                                                                                                                MD5:7F2D19F0BD3F3D39349A070A9CFAC515
                                                                                                                                                                                                SHA1:C54BD1C6293CB645C272EB8DEB8379AC15A131FC
                                                                                                                                                                                                SHA-256:38E98FD13D730A17F500A23FD57D6625CC1A84F2A198B25528BC943AAEE71DEC
                                                                                                                                                                                                SHA-512:544D10F78071DD19C89CDC5A12ABB7082FC2B2D2192CACD90C9D52EC8A2130163D778A234656837010E5AE47DD06AC16E9D47BB49131B4FAE1A728364B23FF9B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..-.....qG[V................resources.pri.YKo.U.>..#q.<.BB...Z.p&....i...".)E]@..Il.z\)b..._@b..`..%.,Y.`.uV.E.P7.;g<..=c%.....;.w...s....i...A$Qu..@0.h...... T.f..<l=..u,3..*.s`.?.....U.j7,...?....wl...F9...J.....k.v#.N.)./...K...l<..D<.....MA...........|?.........'...l<.k.^.#...?&.4..W.../.....{..Z ..h....H......D2L..0...N...M.`y.,l...[.-..&l...{.F.('..]...Z..g.*...W...}..\^.*b\...x......I..Q.K&w.Y...Z....s...h... .).^...7..j......U^....X...iX...M.t."........;..&0F.X..L.?..34.u...$F...y.<....(.A....|.....}................S1.$.M..D....S...?.q.j..,.gI../..aU..NboS.k.;..N..,..F(^.9...LX...U..r.i5l..B/#....".A......Q.w.C.vQM-....{.l.a...J..{.$7G.....?....F.H+z.LBy.....L.)W..:-...+"...1W.-8.h..[..D{...z..T..B.s.|GTq..........w....x...V....8v..V...i..>h7.h.......^..^.n9...m7...[.{.,..zSxwK..R.w..:v..=AJmn\..y..y./.B{...,>. Q.........i.u?.+....qZ.......3H.<..S.u..{Ux.y..$.I..'3Of..<.y2...).S..0Oa..<.y*.T..#..s.o..a?.~.}...........O....^..i.>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9087
                                                                                                                                                                                                Entropy (8bit):5.294161224264135
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:pk+y285bYzFCBShKc2cW6tMzG1im8ZOwy2q4CONE6XG:q+mMBhKc2G/8ZOwyN4CONVG
                                                                                                                                                                                                MD5:194C2FD9CF27231E588579683344DC09
                                                                                                                                                                                                SHA1:8F2A75989268609F0F41B6DFB1932E44120921D9
                                                                                                                                                                                                SHA-256:6A29845E6AFAFEF5252F8FE58CA07708620260FD71B3FBB36AD58651DCFA4BEB
                                                                                                                                                                                                SHA-512:C6C1138843585BCD9A990E20887C752D38B6A9F5B51EFB0A995B23AF79097694B6D4AC1D81052979A41A427A73B333CBEED113175B7A80AF194611B7A41B8232
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..People who have contributed to WinMerge..---------------------------------------....Original developer, project admin:..* Dean Grimm <grimmdp@yahoo.com>....Project lead:..* Christian List <list1974@hotmail.com>....Developers:..* Denis Bradford <denisbradford@users.sourceforge.net>..* Tim Gerundt <tim@gerundt.de>..* Marcel Gosselin <marcelgosselin@users.sourceforge.net>..* Gal Hammer <galh@users.sourceforge.net>..* Takashi Sawanaka <sdottaka@users.sourceforge.net>..* Alexander Skinner (Graphic Design) <neonapple@users.sourceforge.net>..* Jochen Tucht <jtuc@users.sourceforge.net>....Inactive/past developers:..* Laurent Ganier..* Dennis Limm..* Chris Mumford..* Perry Rapp..* Christian "Seier" Blackburn (Installer)..* Kimmo Varis <kimmov@winmerge.org>....Localization:..* Arabic:.. Downzen team <https://downzen.com>....* Basque:.. Xabier Aramendi <Azpidatziak@gmail.com> ....* Bulgarian:.. Sld <sld|mail.bg>.. tigertron <ivg_18@yahoo.com>.. Yanko Yankov <yankonik70 at hotmail.com>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:InnoSetup Log 64-bit WinMerge, version 0x418, 61365 bytes, 302494\37\user\376, C:\Program Files\WinMerge\376\377\377\007
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):61365
                                                                                                                                                                                                Entropy (8bit):3.9385900744175752
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:hir2aJjJhlUjaaZHRNTB9zAlpWNL9JdCbPIxayvf3s3h7MKhMeMxAOsip0Z/0aRu:h+WvDbCbesr6eM+OsO
                                                                                                                                                                                                MD5:F796A182B0EB3F5260CDE75EF7875F52
                                                                                                                                                                                                SHA1:93EE4CF1AE8A7262D2A5DE42B9A4A39F6EBD49EE
                                                                                                                                                                                                SHA-256:ED093DE749298C082B7A3139E13C14E3863435447F78630CA6D6220CBFCED9CA
                                                                                                                                                                                                SHA-512:93A36B5C14AA625BDA125E0A06A7817AE8DCCC08C3C68313CCFCC5E5C6DD4168A7182D604A7C0E22FB414E65AEF3DC0228F85B92238D87B7D52E514E2C0BF838
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Inno Setup Uninstall Log (b) 64-bit.............................WinMerge........................................................................................................................WinMerge....................................................................................................................................5................................................................................................................p...........V~.......m........3.0.2.4.9.4......j.o.n.e.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e....................... .....Lc...D...IFPS........Z...........................................................................................................................................................BOOLEAN..............TNEWCHECKLISTBOX....TNEWCHECKLISTBOX.............!OPENARRAYOFCONST..................TMSGBOXTYPE.........TEXECWAIT.............TARRAYOFSTRING.........TWIZARDPAGE....TWIZARDPAGE.........TSETUPSTEP.........TUNINSTALLSTEP
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1189992
                                                                                                                                                                                                Entropy (8bit):6.415868713769688
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:WtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxytO:WqTytRFk6ek1LP
                                                                                                                                                                                                MD5:364B8FA0269A0789DCB7A9673C7757E4
                                                                                                                                                                                                SHA1:5C79E2DE33A41E75406CADD51C7B19AC46DC36D8
                                                                                                                                                                                                SHA-256:45C892CE5FD9A5A0AEDA80743C816038AEAAEB8A68B8217BDF88351E5B27B43B
                                                                                                                                                                                                SHA-512:F74ECA9DFDE0C9D90E3A0A505B7CE9A193A474881E9565281C77BBF615BC33B6228D70491C2ADC6FD7E6C2EF09E33C8B53DD7C2BD078036014655ACC584A9018
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................w.....@......@..............................@8...0..................h(................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22665
                                                                                                                                                                                                Entropy (8bit):3.2741518410618657
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Q41EjXgkg3Sqf8sfr69FT0AKanzLYfMa1tzvoZ7Vzo+Fc51USQDz1fbKJUfWo:Q41Elvqf9r6fKVfMmUo+y1USQDzN+o
                                                                                                                                                                                                MD5:C296688D422A0D42726A63F059E66DCA
                                                                                                                                                                                                SHA1:AB9B224C4EC56B9D5A4BA2D6C88551EA0E5BCCEB
                                                                                                                                                                                                SHA-256:188BA40171BECDC1BA52F9D51C19B8BC49BAF8CE0831E42B60CC92E3E08B96FF
                                                                                                                                                                                                SHA-512:BB5FFBD5A5A9A9DD968A3C59C0E5DB31DC36C9BB4F34943F77556C26DD3D0C8D86A6078294313D6D2E74FAB73F0C3B04EF4D104179FAD3852619199BAF60F524
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Inno Setup Messages (5.5.3) (u).....................................<X.....>Z$b&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s... .A.f.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):154392
                                                                                                                                                                                                Entropy (8bit):6.410645671172494
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:ch1yOJV6GvMclVIWpkGX1KHgFR1xI+UvaV/IS4a6/YU8ia:ch1PVEfYxKH6RCx/4V
                                                                                                                                                                                                MD5:5712FDE78B6C327C4BCC9292FCC96453
                                                                                                                                                                                                SHA1:80FE537FCFDB3D139287F3D229DB511BFF6F487A
                                                                                                                                                                                                SHA-256:3A1B37A40F949236D15A23A124C64957C7A4A3B74C8E4BA0FD06BDF287E00D12
                                                                                                                                                                                                SHA-512:311AEA3A1BFC63B7550016385C0CF9D0BAE9F7BD12C7E71456BC5C7D80E940F1AC90824DFB63C6123947B03195DA1293D5EEBC03331E25FC952740E9F71C9DEA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...e.zUe.zUe.zU.@.Ua.zU.@.U..zU.@.Uh.zU7..Tn.zU7.~Ti.zU.@.U`.zUe.{U..zU7.yTl.zU7.sTk.zU7.zTd.zU7..Ud.zU7.xTd.zURiche.zU........................PE..d.....0].........." .....>...........d.......................................p............`.....................................................<....@....... ...........A...`..........8............................................P...............................text....<.......>.................. ..`.rdata......P.......B..............@..@.data...............................@....pdata....... ......................@..@.rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 24 09:20:20 2024, mtime=Thu Oct 24 09:20:20 2024, atime=Sun Jul 28 20:00:50 2024, length=1029392, window=hide
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):974
                                                                                                                                                                                                Entropy (8bit):4.484747913064256
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:8mQeCb4zcrYXfp1h96pgmbdpF4yjC9N9GPRKjT4cG6GiejA88gbdpCcstbdpC4vS:8mQZbjbbd589uKj87zAFUdQdxvBm
                                                                                                                                                                                                MD5:40927CBBEF7419C56FB4F0C13DA9D5F1
                                                                                                                                                                                                SHA1:63368135016609F2B0AD409591E83BA7DD032F44
                                                                                                                                                                                                SHA-256:C97A4313C7AD1DF3542762374BC7C6656099F99D94A21BF3F1CA98C7E1DD32DC
                                                                                                                                                                                                SHA-512:0721951A3A5A3864E056833FD4917DAA480E3EA7A845007698259B29B60AF3D5252937906291F18CEBE43C5033D5AF9BB126969166373ADCDC7F52BA5B9C3A18
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:L..................F.... ...s.{T.%..L..T.%...m.91................................P.O. .:i.....+00.../C:\.....................1.....XY.R..PROGRA~1..t......O.IXY.R....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....XY.R..WinMerge..B......XY.RXY.R..........................FaS.W.i.n.M.e.r.g.e.....N.1.....XY.R..Docs..:......XY.RXY.R.....C....................."..D.o.c.s.....f.2......X.. .WinMerge.chm..J......XY.RXY.R.....C........................W.i.n.M.e.r.g.e...c.h.m.......Z...............-.......Y............\[y.....C:\Program Files\WinMerge\Docs\WinMerge.chm..:.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.D.o.c.s.\.W.i.n.M.e.r.g.e...c.h.m...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.D.o.c.s.`.......X.......302494...........hT..CrF.f4... .(.T..b...,.......hT..CrF.f4... .(.T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 24 09:20:18 2024, mtime=Thu Oct 24 09:20:19 2024, atime=Sun Jul 28 20:11:38 2024, length=5942376, window=hide
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):973
                                                                                                                                                                                                Entropy (8bit):4.556487313786207
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:8mSeg0YXih9dKGbdpF4yjC9N/wZkRxHlONn+MXjA4pxbdpC7MzbdpC19MjRwmV:8mS/Kld58/wZeWnNzA2d7vdE9nm
                                                                                                                                                                                                MD5:A2F8136DDD638FF21E2588FE151A122D
                                                                                                                                                                                                SHA1:98AC1E9661700E724C457E03DA8155B4D7F87625
                                                                                                                                                                                                SHA-256:70771EA6727C97C6646B729438B41878F9458612F53DDC8954200586D6BCD12C
                                                                                                                                                                                                SHA-512:A0805C995131D36DA6745C3E93A7104D8BCC3A856AC3BA4B3140D130009011422E8ACB55FDE53BDA63DB69211824018FB9A9AD83B74B353E70883A2B3D4DA19D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:L..................F.... .....uS.%..[..S.%...a..2...h.Z.....................}....P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.IDWQ`....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....XY.R..WinMerge..B......XY.RXY.R..........................t.a.W.i.n.M.e.r.g.e.....h.2.h.Z..Xs. .WINMER~1.EXE..L......XY.RXY.R.............................W.i.n.M.e.r.g.e.U...e.x.e.......V...............-.......U............\[y.....C:\Program Files\WinMerge\WinMergeU.exe..6.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.W.i.n.M.e.r.g.e.U...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.`.......X.......302494...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..............a...1SPSU(L.y.9K....-...E............2...T.h.i.n.g.a.m.a.h.o.o.c.h.i.e...W.i.n.M.e.r.g.e.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6144
                                                                                                                                                                                                Entropy (8bit):4.720366600008286
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1189992
                                                                                                                                                                                                Entropy (8bit):6.415868713769688
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:WtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxytO:WqTytRFk6ek1LP
                                                                                                                                                                                                MD5:364B8FA0269A0789DCB7A9673C7757E4
                                                                                                                                                                                                SHA1:5C79E2DE33A41E75406CADD51C7B19AC46DC36D8
                                                                                                                                                                                                SHA-256:45C892CE5FD9A5A0AEDA80743C816038AEAAEB8A68B8217BDF88351E5B27B43B
                                                                                                                                                                                                SHA-512:F74ECA9DFDE0C9D90E3A0A505B7CE9A193A474881E9565281C77BBF615BC33B6228D70491C2ADC6FD7E6C2EF09E33C8B53DD7C2BD078036014655ACC584A9018
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................w.....@......@..............................@8...0..................h(................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................
                                                                                                                                                                                                Process:C:\Program Files\WinMerge\WinMergeU.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3446
                                                                                                                                                                                                Entropy (8bit):3.1448284111850398
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:LbbdjeNUecd7kETzJLdbbdjeNUhd7kET1JD1:LbZeNU3TXbZeNm3Td
                                                                                                                                                                                                MD5:8B8637F77139662A3291A7ECABCEDA7A
                                                                                                                                                                                                SHA1:4C80FF0076099BD26C101851F340BDCABF4B6777
                                                                                                                                                                                                SHA-256:BD04323674737DD59AB13FA79D0FBB9EDEAB70DE16D741E0163A9BBC03FDB75C
                                                                                                                                                                                                SHA-512:5969D5D468C0F8B5D9658203D10CB3357C6780F8BAFE29353B2A1DB05B895912FFAA5F17DDB4D8B00BE228977F54A0964F39AD5B73C573FB52FA7C2A4279C788
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...................................FL..................F.@.. .....uS.%...!bV.%...a..2...h.Z.....................}....P.O. .:i.....+00.../C:\.....................1.....XY.R..PROGRA~1..t......O.IXY.R....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....XY.R..WinMerge..B......XY.RXY.R...........................n..W.i.n.M.e.r.g.e.....h.2.h.Z..Xs. .WINMER~1.EXE..L......XY.RXY.R.............................W.i.n.M.e.r.g.e.U...e.x.e.......V...............-.......U............\[y.....C:\Program Files\WinMerge\WinMergeU.exe..../.n.e.w. ./.t. .t.e.x.t.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.W.i.n.M.e.r.g.e.U...e.x.e.........%ProgramFiles%\WinMerge\WinMergeU.exe...............................................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.%.\.W.i.n.M.e.r.g.e
                                                                                                                                                                                                Process:C:\Program Files\WinMerge\WinMergeU.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3446
                                                                                                                                                                                                Entropy (8bit):3.1448284111850398
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:LbbdjeNUecd7kETzJLdbbdjeNUhd7kET1JD1:LbZeNU3TXbZeNm3Td
                                                                                                                                                                                                MD5:8B8637F77139662A3291A7ECABCEDA7A
                                                                                                                                                                                                SHA1:4C80FF0076099BD26C101851F340BDCABF4B6777
                                                                                                                                                                                                SHA-256:BD04323674737DD59AB13FA79D0FBB9EDEAB70DE16D741E0163A9BBC03FDB75C
                                                                                                                                                                                                SHA-512:5969D5D468C0F8B5D9658203D10CB3357C6780F8BAFE29353B2A1DB05B895912FFAA5F17DDB4D8B00BE228977F54A0964F39AD5B73C573FB52FA7C2A4279C788
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...................................FL..................F.@.. .....uS.%...!bV.%...a..2...h.Z.....................}....P.O. .:i.....+00.../C:\.....................1.....XY.R..PROGRA~1..t......O.IXY.R....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....XY.R..WinMerge..B......XY.RXY.R...........................n..W.i.n.M.e.r.g.e.....h.2.h.Z..Xs. .WINMER~1.EXE..L......XY.RXY.R.............................W.i.n.M.e.r.g.e.U...e.x.e.......V...............-.......U............\[y.....C:\Program Files\WinMerge\WinMergeU.exe..../.n.e.w. ./.t. .t.e.x.t.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.W.i.n.M.e.r.g.e.U...e.x.e.........%ProgramFiles%\WinMerge\WinMergeU.exe...............................................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.%.\.W.i.n.M.e.r.g.e
                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Entropy (8bit):7.99789886212631
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                File size:9'992'352 bytes
                                                                                                                                                                                                MD5:694814dfeb6bc886adc91431fa3710f8
                                                                                                                                                                                                SHA1:d4eed6294c367837aa5ad810a79dd807ed2178b5
                                                                                                                                                                                                SHA256:5771f2a0553f53684b0e74161ed8749c4dda270f166edac253982366aee39bd3
                                                                                                                                                                                                SHA512:afaec9e57f3bfed046338bd1c8b0c7d02552cd6ae7cc6faa488121e3352be3573c010a689b72b375edce4036835ea54aac86eb3c6fde53b446e7a662e1a0eebc
                                                                                                                                                                                                SSDEEP:196608:rgsoqq57w8HRfZSpllW4rTpQILLzCkpbPUGByI:MqqBwAp0Ll9SILLzCqfyI
                                                                                                                                                                                                TLSH:74A63380F3CB2934F1154736E090C096AFB3B6B674D1549B3E31CA9D9BBA6C184B57B2
                                                                                                                                                                                                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                                                                                                                                                                Icon Hash:2d2e3797b32b2b99
                                                                                                                                                                                                Entrypoint:0x4117dc
                                                                                                                                                                                                Entrypoint Section:.itext
                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                Time Stamp:0x57051F88 [Wed Apr 6 14:39:04 2016 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                Import Hash:20dd26497880c05caed9305b3c8b9109
                                                                                                                                                                                                Signature Valid:true
                                                                                                                                                                                                Signature Issuer:CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
                                                                                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                Error Number:0
                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                • 10/09/2021 13:15:06 09/09/2024 13:15:05
                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                • E=winmergejp@gmail.com, CN=Takashi Sawanaka, O=Takashi Sawanaka, S=Chiba, C=JP
                                                                                                                                                                                                Version:3
                                                                                                                                                                                                Thumbprint MD5:89B9A22FCEFF02CB4A8B9AECF1E046CF
                                                                                                                                                                                                Thumbprint SHA-1:5CB97E5B154D62641F5C1EB94172EBCC5807D1FF
                                                                                                                                                                                                Thumbprint SHA-256:7C6186C5B702D2D1466A30BE206B464D596DFE03728CC416DEC871E560228F74
                                                                                                                                                                                                Serial:7CC6C06DAC2E59D843F5FD2A3761F340
                                                                                                                                                                                                Instruction
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                add esp, FFFFFFA4h
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                push esi
                                                                                                                                                                                                push edi
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                mov eax, 00410144h
                                                                                                                                                                                                call 00007F8DD4F2263Dh
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                push 00411EBEh
                                                                                                                                                                                                push dword ptr fs:[eax]
                                                                                                                                                                                                mov dword ptr fs:[eax], esp
                                                                                                                                                                                                xor edx, edx
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                push 00411E7Ah
                                                                                                                                                                                                push dword ptr fs:[edx]
                                                                                                                                                                                                mov dword ptr fs:[edx], esp
                                                                                                                                                                                                mov eax, dword ptr [00415B48h]
                                                                                                                                                                                                call 00007F8DD4F2AD83h
                                                                                                                                                                                                call 00007F8DD4F2A8D2h
                                                                                                                                                                                                cmp byte ptr [00412ADCh], 00000000h
                                                                                                                                                                                                je 00007F8DD4F2D87Eh
                                                                                                                                                                                                call 00007F8DD4F2AE98h
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                call 00007F8DD4F206D5h
                                                                                                                                                                                                lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                call 00007F8DD4F2791Bh
                                                                                                                                                                                                mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                mov eax, 00418658h
                                                                                                                                                                                                call 00007F8DD4F20CAAh
                                                                                                                                                                                                push 00000002h
                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                push 00000001h
                                                                                                                                                                                                mov ecx, dword ptr [00418658h]
                                                                                                                                                                                                mov dl, 01h
                                                                                                                                                                                                mov eax, dword ptr [0040C04Ch]
                                                                                                                                                                                                call 00007F8DD4F28232h
                                                                                                                                                                                                mov dword ptr [0041865Ch], eax
                                                                                                                                                                                                xor edx, edx
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                push 00411E26h
                                                                                                                                                                                                push dword ptr fs:[edx]
                                                                                                                                                                                                mov dword ptr fs:[edx], esp
                                                                                                                                                                                                call 00007F8DD4F2ADF6h
                                                                                                                                                                                                mov dword ptr [00418664h], eax
                                                                                                                                                                                                mov eax, dword ptr [00418664h]
                                                                                                                                                                                                cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                jne 00007F8DD4F2D8BAh
                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x190000xe04.idata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c0000xb200.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x9850380x2868
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x1b0000x18.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x193040x214.idata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x10000xf2440xf400a33e9ff7181115027d121cd377c28c8fFalse0.5481717469262295data6.3752135040515485IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .itext0x110000xf640x1000caec456c18277b579a94c9508daf36ecFalse0.55859375data5.732200666157372IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .data0x120000xc880xe00746954890499546d73dce0e994642192False0.2533482142857143data2.2967209087898324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .bss0x130000x56bc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .idata0x190000xe040x1000e9b9c0328fd9628ad4d6ab8283dcb20eFalse0.321533203125data4.597812557707959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .tls0x1a0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .rdata0x1b0000x180x2003dffc444ccc131c9dcee18db49ee6403False0.05078125data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rsrc0x1c0000xb2000xb200c7e04a9e8349d31e73af26797deb91e9False0.179906952247191data4.148040484708059IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                RT_ICON0x1c41c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                                                                                                                                RT_ICON0x1c5440x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                                                                                                                                RT_ICON0x1caac0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                                                                                                                                RT_ICON0x1cd940x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                                                                                                                                RT_STRING0x1d63c0x68data0.6538461538461539
                                                                                                                                                                                                RT_STRING0x1d6a40xd4data0.5283018867924528
                                                                                                                                                                                                RT_STRING0x1d7780xa4data0.6524390243902439
                                                                                                                                                                                                RT_STRING0x1d81c0x2acdata0.45614035087719296
                                                                                                                                                                                                RT_STRING0x1dac80x34cdata0.4218009478672986
                                                                                                                                                                                                RT_STRING0x1de140x294data0.4106060606060606
                                                                                                                                                                                                RT_RCDATA0x1e0a80x82e8dataEnglishUnited States0.11261637622344235
                                                                                                                                                                                                RT_RCDATA0x263900x10data1.5
                                                                                                                                                                                                RT_RCDATA0x263a00x150data0.8392857142857143
                                                                                                                                                                                                RT_RCDATA0x264f00x2cdata1.2045454545454546
                                                                                                                                                                                                RT_GROUP_ICON0x2651c0x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                                                                RT_VERSION0x2655c0x4f4dataEnglishUnited States0.333596214511041
                                                                                                                                                                                                RT_MANIFEST0x26a500x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924
                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                                                advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                                                                                                user32.dllGetKeyboardType, LoadStringW, MessageBoxA, CharNextW
                                                                                                                                                                                                kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
                                                                                                                                                                                                kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
                                                                                                                                                                                                user32.dllCreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
                                                                                                                                                                                                kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
                                                                                                                                                                                                advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
                                                                                                                                                                                                comctl32.dllInitCommonControls
                                                                                                                                                                                                kernel32.dllSleep
                                                                                                                                                                                                advapi32.dllAdjustTokenPrivileges
                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                DutchNetherlands
                                                                                                                                                                                                EnglishUnited States
                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Oct 24, 2024 12:20:44.825510025 CEST5355317162.159.36.2192.168.2.4
                                                                                                                                                                                                Oct 24, 2024 12:20:45.549973965 CEST53569341.1.1.1192.168.2.4

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:06:19:58
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:9'992'352 bytes
                                                                                                                                                                                                MD5 hash:694814DFEB6BC886ADC91431FA3710F8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                Start time:06:19:58
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-HF95R.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$20436,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:1'189'992 bytes
                                                                                                                                                                                                MD5 hash:364B8FA0269A0789DCB7A9673C7757E4
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 4%, ReversingLabs
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                Start time:06:20:22
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
                                                                                                                                                                                                Imagebase:0x7ff70df70000
                                                                                                                                                                                                File size:25'088 bytes
                                                                                                                                                                                                MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                Start time:06:20:22
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer
                                                                                                                                                                                                Imagebase:0x5b0000
                                                                                                                                                                                                File size:122'632 bytes
                                                                                                                                                                                                MD5 hash:0BF44140B929D5B80CF5F3A8FBA33767
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                Start time:06:20:23
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Program Files\WinMerge\WinMergeU.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097
                                                                                                                                                                                                Imagebase:0x7ff64b140000
                                                                                                                                                                                                File size:5'942'376 bytes
                                                                                                                                                                                                MD5 hash:4D8808EB623326E39416F884B2DF745B
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                Start time:06:20:25
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Program Files\WinMerge\WinMergeU.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Program Files\WinMerge\WinMergeU.exe"
                                                                                                                                                                                                Imagebase:0x7ff64b140000
                                                                                                                                                                                                File size:5'942'376 bytes
                                                                                                                                                                                                MD5 hash:4D8808EB623326E39416F884B2DF745B
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:6.6%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:6.6%
                                                                                                                                                                                                  Total number of Nodes:1794
                                                                                                                                                                                                  Total number of Limit Nodes:84
                                                                                                                                                                                                  execution_graph 10969 5b43d6 10970 5b43e8 10969->10970 10971 5b43ff MultiByteToWideChar 10970->10971 10978 5b43f8 10970->10978 10972 5b4418 10971->10972 10973 5b441f 10971->10973 10974 5b2a10 GetLastError 10972->10974 10975 5b4150 127 API calls 10973->10975 10974->10978 10975->10978 10976 5b444c 10979 5b4465 10976->10979 10980 5b3220 59 API calls 10976->10980 10977 5b4445 FreeLibrary 10977->10976 10978->10976 10978->10977 10981 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 10979->10981 10980->10979 10982 5b448a 10981->10982 10991 5b7bc7 10994 5b7b9b 10991->10994 10993 5b7bd2 10997 5baefc 10994->10997 10996 5b7ba7 10996->10993 10998 5baf08 __setmbcp 10997->10998 10999 5bb996 __lock 59 API calls 10998->10999 11003 5baf0f 10999->11003 11000 5baf49 11007 5baf64 11000->11007 11002 5baf40 11005 5b66f3 _free 59 API calls 11002->11005 11003->11000 11003->11002 11006 5b66f3 _free 59 API calls 11003->11006 11004 5baf5a __setmbcp 11004->10996 11005->11000 11006->11002 11010 5bbb00 LeaveCriticalSection 11007->11010 11009 5baf6b 11009->11004 11010->11009 9372 5bb046 9373 5bb07b 9372->9373 9375 5bb056 9372->9375 9375->9373 9379 5b953c 9375->9379 9380 5b9548 __setmbcp 9379->9380 9385 5b9e7b 9380->9385 9386 5b9e93 __getptd_noexit 59 API calls 9385->9386 9387 5b9e81 9386->9387 9388 5b954d 9387->9388 9389 5b8089 __lock 59 API calls 9387->9389 9390 5b95b3 9388->9390 9389->9388 9401 5bbc61 DecodePointer 9390->9401 9392 5b95b8 9393 5b95c3 9392->9393 9402 5bbc8a 9392->9402 9395 5b95cd IsProcessorFeaturePresent 9393->9395 9400 5b95eb 9393->9400 9396 5b95d8 9395->9396 9398 5b9bae __call_reportfault 7 API calls 9396->9398 9397 5b8147 _abort 59 API calls 9399 5b95f5 9397->9399 9398->9400 9400->9397 9401->9392 9405 5bbc96 __setmbcp 9402->9405 9403 5bbd00 9404 5bbcdd DecodePointer 9403->9404 9409 5bbd0f 9403->9409 9410 5bbccc _siglookup 9404->9410 9405->9403 9405->9404 9406 5bbcc7 9405->9406 9412 5bbcc3 9405->9412 9407 5b9e93 __getptd_noexit 59 API calls 9406->9407 9407->9410 9411 5b7fa3 __recalloc 59 API calls 9409->9411 9414 5bbd6d 9410->9414 9416 5b8147 _abort 59 API calls 9410->9416 9422 5bbcd5 __setmbcp 9410->9422 9413 5bbd14 9411->9413 9412->9406 9412->9409 9415 5b9d0b __fptostr 9 API calls 9413->9415 9417 5bb996 __lock 59 API calls 9414->9417 9418 5bbd78 9414->9418 9415->9422 9416->9414 9417->9418 9419 5bbdda EncodePointer 9418->9419 9420 5bbdad 9418->9420 9419->9420 9423 5bbe0b 9420->9423 9422->9393 9424 5bbe0f 9423->9424 9425 5bbe16 9423->9425 9427 5bbb00 LeaveCriticalSection 9424->9427 9425->9422 9427->9425 10675 5b9d46 10677 5b9d52 __setmbcp 10675->10677 10676 5b9d6b 10679 5b9d7a 10676->10679 10681 5b66f3 _free 59 API calls 10676->10681 10677->10676 10678 5b66f3 _free 59 API calls 10677->10678 10680 5b9e5a __setmbcp 10677->10680 10678->10676 10682 5b9d89 10679->10682 10683 5b66f3 _free 59 API calls 10679->10683 10681->10679 10684 5b9d98 10682->10684 10685 5b66f3 _free 59 API calls 10682->10685 10683->10682 10686 5b9da7 10684->10686 10687 5b66f3 _free 59 API calls 10684->10687 10685->10684 10688 5b9db6 10686->10688 10689 5b66f3 _free 59 API calls 10686->10689 10687->10686 10690 5b9dc5 10688->10690 10691 5b66f3 _free 59 API calls 10688->10691 10689->10688 10692 5b9dd7 10690->10692 10693 5b66f3 _free 59 API calls 10690->10693 10691->10690 10694 5bb996 __lock 59 API calls 10692->10694 10693->10692 10696 5b9ddf 10694->10696 10698 5b66f3 _free 59 API calls 10696->10698 10700 5b9e02 10696->10700 10698->10700 10699 5bb996 __lock 59 API calls 10705 5b9e16 ___removelocaleref 10699->10705 10707 5b9e66 10700->10707 10701 5b9e47 10710 5b9e72 10701->10710 10704 5b66f3 _free 59 API calls 10704->10680 10705->10701 10706 5bc89f ___freetlocinfo 59 API calls 10705->10706 10706->10701 10713 5bbb00 LeaveCriticalSection 10707->10713 10709 5b9e0f 10709->10699 10714 5bbb00 LeaveCriticalSection 10710->10714 10712 5b9e54 10712->10704 10713->10709 10714->10712 8173 5b7dee 8174 5b7dfa __setmbcp 8173->8174 8210 5b9689 GetStartupInfoW 8174->8210 8176 5b7dff 8212 5b7ff7 GetProcessHeap 8176->8212 8178 5b7e57 8179 5b7e62 8178->8179 8289 5b7f3e 8178->8289 8213 5b9fb5 8179->8213 8182 5b7e68 8183 5b7e73 __RTC_Initialize 8182->8183 8184 5b7f3e _fast_error_exit 59 API calls 8182->8184 8234 5bb1f0 8183->8234 8184->8183 8186 5b7e82 8187 5b7e8e GetCommandLineW 8186->8187 8188 5b7f3e _fast_error_exit 59 API calls 8186->8188 8253 5bb8ec GetEnvironmentStringsW 8187->8253 8191 5b7e8d 8188->8191 8191->8187 8193 5b7ea8 8194 5b7eb3 8193->8194 8297 5b8089 8193->8297 8263 5bb6e1 8194->8263 8197 5b7eb9 8198 5b7ec4 8197->8198 8199 5b8089 __lock 59 API calls 8197->8199 8277 5b80c3 8198->8277 8199->8198 8201 5b7ecc 8202 5b7ed7 __wwincmdln 8201->8202 8203 5b8089 __lock 59 API calls 8201->8203 8283 5b66d0 8202->8283 8203->8202 8206 5b7efa 8304 5b80b4 8206->8304 8209 5b7eff __setmbcp 8211 5b969f 8210->8211 8211->8176 8212->8178 8307 5b815b EncodePointer 8213->8307 8215 5b9fba 8312 5bbac7 8215->8312 8218 5b9fc3 8316 5ba02b 8218->8316 8223 5b9fe0 8328 5baf6d 8223->8328 8226 5ba022 8228 5ba02b __mtterm 62 API calls 8226->8228 8230 5ba027 8228->8230 8229 5ba001 8229->8226 8231 5ba007 8229->8231 8230->8182 8337 5b9f02 8231->8337 8233 5ba00f GetCurrentThreadId 8233->8182 8235 5bb1fc __setmbcp 8234->8235 8236 5bb996 __lock 59 API calls 8235->8236 8237 5bb203 8236->8237 8238 5baf6d __calloc_crt 59 API calls 8237->8238 8240 5bb214 8238->8240 8239 5bb27f GetStartupInfoW 8247 5bb294 8239->8247 8250 5bb3c3 8239->8250 8240->8239 8241 5bb21f @_EH4_CallFilterFunc@8 __setmbcp 8240->8241 8241->8186 8242 5bb48b 8598 5bb49b 8242->8598 8244 5baf6d __calloc_crt 59 API calls 8244->8247 8245 5bb410 GetStdHandle 8245->8250 8246 5bb423 GetFileType 8246->8250 8247->8244 8249 5bb2e2 8247->8249 8247->8250 8248 5bb316 GetFileType 8248->8249 8249->8248 8249->8250 8251 5b96ac __mtinitlocks InitializeCriticalSectionAndSpinCount 8249->8251 8250->8242 8250->8245 8250->8246 8252 5b96ac __mtinitlocks InitializeCriticalSectionAndSpinCount 8250->8252 8251->8249 8252->8250 8254 5bb8fd 8253->8254 8255 5b7e9e 8253->8255 8256 5bafb5 __malloc_crt 59 API calls 8254->8256 8259 5bb4a4 GetModuleFileNameW 8255->8259 8257 5bb923 _memmove 8256->8257 8258 5bb939 FreeEnvironmentStringsW 8257->8258 8258->8255 8260 5bb4d8 _wparse_cmdline 8259->8260 8261 5bafb5 __malloc_crt 59 API calls 8260->8261 8262 5bb518 _wparse_cmdline 8260->8262 8261->8262 8262->8193 8264 5bb6f2 8263->8264 8265 5bb6fa __wsetenvp 8263->8265 8264->8197 8266 5baf6d __calloc_crt 59 API calls 8265->8266 8273 5bb723 __wsetenvp 8266->8273 8267 5bb77a 8268 5b66f3 _free 59 API calls 8267->8268 8268->8264 8269 5baf6d __calloc_crt 59 API calls 8269->8273 8270 5bb79f 8271 5b66f3 _free 59 API calls 8270->8271 8271->8264 8272 5b7d92 __wsetenvp 59 API calls 8272->8273 8273->8264 8273->8267 8273->8269 8273->8270 8273->8272 8274 5bb7b6 8273->8274 8275 5b9d1b __invoke_watson 8 API calls 8274->8275 8276 5bb7c2 8275->8276 8276->8197 8278 5b80cf __IsNonwritableInCurrentImage 8277->8278 8602 5b92e8 8278->8602 8280 5b80ed __initterm_e 8282 5b810c __cinit __IsNonwritableInCurrentImage 8280->8282 8605 5b7d11 8280->8605 8282->8201 8671 5b6570 8283->8671 8285 5b66e0 8285->8206 8286 5b832c 8285->8286 9326 5b81fd 8286->9326 8288 5b833b 8288->8206 8290 5b7f4a 8289->8290 8291 5b7f4f 8289->8291 8292 5b8340 __FF_MSGBANNER 59 API calls 8290->8292 8293 5b839d __NMSG_WRITE 59 API calls 8291->8293 8292->8291 8294 5b7f57 8293->8294 8295 5b8073 __mtinitlocknum 3 API calls 8294->8295 8296 5b7f61 8295->8296 8296->8179 8298 5b8340 __FF_MSGBANNER 59 API calls 8297->8298 8299 5b8091 8298->8299 8300 5b839d __NMSG_WRITE 59 API calls 8299->8300 8301 5b8099 8300->8301 9353 5b8147 8301->9353 8305 5b81fd _doexit 59 API calls 8304->8305 8306 5b80bf 8305->8306 8306->8209 8308 5b816c __init_pointers __initp_misc_winsig 8307->8308 8347 5b9583 EncodePointer 8308->8347 8310 5b8184 __init_pointers 8311 5b971a 34 API calls 8310->8311 8311->8215 8315 5bbad3 8312->8315 8314 5b9fbf 8314->8218 8325 5b960b 8314->8325 8315->8314 8348 5b96ac 8315->8348 8317 5ba035 8316->8317 8319 5ba03b 8316->8319 8351 5b9629 8317->8351 8320 5bb9e0 DeleteCriticalSection 8319->8320 8321 5bb9fc 8319->8321 8354 5b66f3 8320->8354 8323 5bba08 DeleteCriticalSection 8321->8323 8324 5b9fc8 8321->8324 8323->8321 8324->8182 8326 5b961b 8325->8326 8327 5b9622 TlsAlloc 8325->8327 8326->8218 8326->8223 8330 5baf74 8328->8330 8331 5b9fed 8330->8331 8333 5baf92 8330->8333 8380 5bdf16 8330->8380 8331->8226 8334 5b9667 8331->8334 8333->8330 8333->8331 8388 5b99b3 Sleep 8333->8388 8335 5b967d 8334->8335 8336 5b9681 TlsSetValue 8334->8336 8335->8229 8336->8229 8338 5b9f0e __setmbcp 8337->8338 8391 5bb996 8338->8391 8340 5b9f4b 8398 5b9fa3 8340->8398 8343 5bb996 __lock 59 API calls 8344 5b9f6c ___addlocaleref 8343->8344 8401 5b9fac 8344->8401 8346 5b9f97 __setmbcp 8346->8233 8347->8310 8349 5b96c9 InitializeCriticalSectionAndSpinCount 8348->8349 8350 5b96bc 8348->8350 8349->8315 8350->8315 8352 5b963c 8351->8352 8353 5b9640 TlsFree 8351->8353 8352->8319 8353->8319 8355 5b66fc HeapFree 8354->8355 8359 5b6725 __dosmaperr 8354->8359 8356 5b6711 8355->8356 8355->8359 8360 5b7fa3 8356->8360 8359->8319 8363 5b9e93 GetLastError 8360->8363 8362 5b6717 GetLastError 8362->8359 8377 5b9648 8363->8377 8365 5b9ea8 8366 5b9ef6 SetLastError 8365->8366 8367 5baf6d __calloc_crt 56 API calls 8365->8367 8366->8362 8368 5b9ebb 8367->8368 8368->8366 8369 5b9667 __getptd_noexit TlsSetValue 8368->8369 8370 5b9ecf 8369->8370 8371 5b9eed 8370->8371 8372 5b9ed5 8370->8372 8374 5b66f3 _free 56 API calls 8371->8374 8373 5b9f02 __initptd 56 API calls 8372->8373 8375 5b9edd GetCurrentThreadId 8373->8375 8376 5b9ef3 8374->8376 8375->8366 8376->8366 8378 5b965b 8377->8378 8379 5b965f TlsGetValue 8377->8379 8378->8365 8379->8365 8381 5bdf21 8380->8381 8385 5bdf3c 8380->8385 8382 5bdf2d 8381->8382 8381->8385 8384 5b7fa3 __recalloc 58 API calls 8382->8384 8383 5bdf4c HeapAlloc 8383->8385 8386 5bdf32 8383->8386 8384->8386 8385->8383 8385->8386 8389 5b800c DecodePointer 8385->8389 8386->8330 8388->8333 8390 5b801f 8389->8390 8390->8385 8392 5bb9ba EnterCriticalSection 8391->8392 8393 5bb9a7 8391->8393 8392->8340 8404 5bba1e 8393->8404 8395 5bb9ad 8395->8392 8396 5b8089 __lock 58 API calls 8395->8396 8397 5bb9b9 8396->8397 8397->8392 8596 5bbb00 LeaveCriticalSection 8398->8596 8400 5b9f65 8400->8343 8597 5bbb00 LeaveCriticalSection 8401->8597 8403 5b9fb3 8403->8346 8405 5bba2a __setmbcp 8404->8405 8419 5bba49 8405->8419 8426 5b8340 8405->8426 8411 5bba67 8415 5b7fa3 __recalloc 59 API calls 8411->8415 8412 5bba76 8416 5bb996 __lock 59 API calls 8412->8416 8413 5bba6c __setmbcp 8413->8395 8414 5bba3f 8466 5b8073 8414->8466 8415->8413 8418 5bba7d 8416->8418 8420 5bba8a 8418->8420 8421 5bbaa2 8418->8421 8419->8413 8469 5bafb5 8419->8469 8422 5b96ac __mtinitlocks InitializeCriticalSectionAndSpinCount 8420->8422 8423 5b66f3 _free 59 API calls 8421->8423 8424 5bba96 8422->8424 8423->8424 8474 5bbabe 8424->8474 8477 5bb7d0 8426->8477 8428 5b8347 8429 5b8354 8428->8429 8430 5bb7d0 __FF_MSGBANNER 59 API calls 8428->8430 8431 5b839d __NMSG_WRITE 59 API calls 8429->8431 8433 5b8376 8429->8433 8430->8429 8432 5b836c 8431->8432 8434 5b839d __NMSG_WRITE 59 API calls 8432->8434 8435 5b839d 8433->8435 8434->8433 8436 5b83bb __NMSG_WRITE 8435->8436 8438 5bb7d0 __FF_MSGBANNER 55 API calls 8436->8438 8465 5b84e2 8436->8465 8440 5b83ce 8438->8440 8439 5b854b 8439->8414 8441 5b84e7 GetStdHandle 8440->8441 8442 5bb7d0 __FF_MSGBANNER 55 API calls 8440->8442 8445 5b84f5 _strlen 8441->8445 8441->8465 8443 5b83df 8442->8443 8443->8441 8444 5b83f1 8443->8444 8444->8465 8507 5b7d92 8444->8507 8447 5b852e WriteFile 8445->8447 8445->8465 8447->8465 8449 5b854f 8452 5b9d1b __invoke_watson 8 API calls 8449->8452 8450 5b841e GetModuleFileNameW 8451 5b843e 8450->8451 8455 5b844e __wsetenvp 8450->8455 8453 5b7d92 __wsetenvp 55 API calls 8451->8453 8454 5b8559 IsProcessorFeaturePresent 8452->8454 8453->8455 8458 5b8580 8454->8458 8455->8449 8456 5b8494 8455->8456 8516 5b73c1 8455->8516 8456->8449 8525 5b7d26 8456->8525 8458->8414 8461 5b7d26 __NMSG_WRITE 55 API calls 8462 5b84cb 8461->8462 8462->8449 8463 5b84d2 8462->8463 8534 5bc624 EncodePointer 8463->8534 8559 5b66e4 8465->8559 8574 5b803f GetModuleHandleExW 8466->8574 8473 5bafc3 8469->8473 8471 5baff5 8471->8411 8471->8412 8473->8471 8578 5b672b 8473->8578 8594 5b99b3 Sleep 8473->8594 8595 5bbb00 LeaveCriticalSection 8474->8595 8476 5bbac5 8476->8413 8478 5bb7da 8477->8478 8479 5bb7e4 8478->8479 8480 5b7fa3 __recalloc 59 API calls 8478->8480 8479->8428 8481 5bb800 8480->8481 8484 5b9d0b 8481->8484 8487 5b9ce0 DecodePointer 8484->8487 8488 5b9cf3 8487->8488 8493 5b9d1b IsProcessorFeaturePresent 8488->8493 8491 5b9ce0 __fptostr 8 API calls 8492 5b9d17 8491->8492 8492->8428 8494 5b9d26 8493->8494 8499 5b9bae 8494->8499 8498 5b9d0a 8498->8491 8500 5b9bc8 _memset ___raise_securityfailure 8499->8500 8501 5b9be8 IsDebuggerPresent 8500->8501 8502 5b99d6 ___raise_securityfailure SetUnhandledExceptionFilter UnhandledExceptionFilter 8501->8502 8505 5b9cac ___raise_securityfailure 8502->8505 8503 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8504 5b9ccf 8503->8504 8506 5b99c1 GetCurrentProcess TerminateProcess 8504->8506 8505->8503 8506->8498 8508 5b7d9d 8507->8508 8509 5b7dab 8507->8509 8508->8509 8514 5b7dc4 8508->8514 8510 5b7fa3 __recalloc 59 API calls 8509->8510 8511 5b7db5 8510->8511 8512 5b9d0b __fptostr 9 API calls 8511->8512 8513 5b7dbf 8512->8513 8513->8449 8513->8450 8514->8513 8515 5b7fa3 __recalloc 59 API calls 8514->8515 8515->8511 8520 5b73cf 8516->8520 8517 5b73d3 8518 5b7fa3 __recalloc 59 API calls 8517->8518 8519 5b73d8 8517->8519 8524 5b7403 8518->8524 8519->8456 8520->8517 8520->8519 8521 5b7412 8520->8521 8521->8519 8523 5b7fa3 __recalloc 59 API calls 8521->8523 8522 5b9d0b __fptostr 9 API calls 8522->8519 8523->8524 8524->8522 8526 5b7d32 8525->8526 8527 5b7d40 8525->8527 8526->8527 8531 5b7d6c 8526->8531 8528 5b7fa3 __recalloc 59 API calls 8527->8528 8533 5b7d4a 8528->8533 8529 5b9d0b __fptostr 9 API calls 8530 5b7d54 8529->8530 8530->8449 8530->8461 8531->8530 8532 5b7fa3 __recalloc 59 API calls 8531->8532 8532->8533 8533->8529 8535 5bc658 ___crtIsPackagedApp 8534->8535 8536 5bc717 IsDebuggerPresent 8535->8536 8537 5bc667 LoadLibraryExW 8535->8537 8540 5bc73c 8536->8540 8541 5bc721 8536->8541 8538 5bc67e GetLastError 8537->8538 8539 5bc6a4 GetProcAddress 8537->8539 8542 5bc68d LoadLibraryExW 8538->8542 8549 5bc734 8538->8549 8543 5bc6b8 7 API calls 8539->8543 8539->8549 8545 5bc72f 8540->8545 8546 5bc741 DecodePointer 8540->8546 8544 5bc728 OutputDebugStringW 8541->8544 8541->8545 8542->8539 8542->8549 8547 5bc700 GetProcAddress EncodePointer 8543->8547 8548 5bc714 8543->8548 8544->8545 8545->8549 8550 5bc768 DecodePointer DecodePointer 8545->8550 8553 5bc780 8545->8553 8546->8549 8547->8548 8548->8536 8552 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8549->8552 8550->8553 8551 5bc7b8 DecodePointer 8555 5bc7bf 8551->8555 8558 5bc7a4 DecodePointer 8551->8558 8556 5bc806 8552->8556 8553->8551 8553->8558 8557 5bc7d0 DecodePointer 8555->8557 8555->8558 8556->8465 8557->8558 8558->8549 8560 5b66ee IsProcessorFeaturePresent 8559->8560 8561 5b66ec 8559->8561 8563 5b70be 8560->8563 8561->8439 8566 5b706d IsDebuggerPresent 8563->8566 8567 5b7082 ___raise_securityfailure 8566->8567 8572 5b99d6 SetUnhandledExceptionFilter UnhandledExceptionFilter 8567->8572 8569 5b708a ___raise_securityfailure 8573 5b99c1 GetCurrentProcess TerminateProcess 8569->8573 8571 5b70a7 8571->8439 8572->8569 8573->8571 8575 5b8058 GetProcAddress 8574->8575 8576 5b806f ExitProcess 8574->8576 8575->8576 8577 5b806a 8575->8577 8577->8576 8579 5b67a6 8578->8579 8585 5b6737 8578->8585 8580 5b800c _malloc DecodePointer 8579->8580 8581 5b67ac 8580->8581 8582 5b7fa3 __recalloc 58 API calls 8581->8582 8593 5b679e 8582->8593 8583 5b8340 __FF_MSGBANNER 58 API calls 8583->8585 8584 5b676a HeapAlloc 8584->8585 8584->8593 8585->8583 8585->8584 8586 5b839d __NMSG_WRITE 58 API calls 8585->8586 8587 5b6792 8585->8587 8588 5b800c _malloc DecodePointer 8585->8588 8590 5b8073 __mtinitlocknum 3 API calls 8585->8590 8591 5b6790 8585->8591 8586->8585 8589 5b7fa3 __recalloc 58 API calls 8587->8589 8588->8585 8589->8591 8590->8585 8592 5b7fa3 __recalloc 58 API calls 8591->8592 8592->8593 8593->8473 8594->8473 8595->8476 8596->8400 8597->8403 8601 5bbb00 LeaveCriticalSection 8598->8601 8600 5bb4a2 8600->8241 8601->8600 8603 5b92eb EncodePointer 8602->8603 8603->8603 8604 5b9305 8603->8604 8604->8280 8608 5b7c15 8605->8608 8607 5b7d1c 8607->8282 8609 5b7c21 __setmbcp 8608->8609 8616 5b81eb 8609->8616 8615 5b7c48 __setmbcp 8615->8607 8617 5bb996 __lock 59 API calls 8616->8617 8618 5b7c2a 8617->8618 8619 5b7c59 DecodePointer DecodePointer 8618->8619 8620 5b7c36 8619->8620 8621 5b7c86 8619->8621 8630 5b7c53 8620->8630 8621->8620 8633 5b9a97 8621->8633 8623 5b7ce9 EncodePointer EncodePointer 8623->8620 8624 5b7cbd 8624->8620 8627 5baffc __realloc_crt 62 API calls 8624->8627 8628 5b7cd7 EncodePointer 8624->8628 8625 5b7c98 8625->8623 8625->8624 8640 5baffc 8625->8640 8629 5b7cd1 8627->8629 8628->8623 8629->8620 8629->8628 8667 5b81f4 8630->8667 8634 5b9aa0 8633->8634 8635 5b9ab5 HeapSize 8633->8635 8636 5b7fa3 __recalloc 59 API calls 8634->8636 8635->8625 8637 5b9aa5 8636->8637 8638 5b9d0b __fptostr 9 API calls 8637->8638 8639 5b9ab0 8638->8639 8639->8625 8643 5bb003 8640->8643 8642 5bb040 8642->8624 8643->8642 8645 5b99ec 8643->8645 8666 5b99b3 Sleep 8643->8666 8646 5b9a00 8645->8646 8647 5b99f5 8645->8647 8649 5b9a08 8646->8649 8658 5b9a15 8646->8658 8648 5b672b _malloc 59 API calls 8647->8648 8650 5b99fd 8648->8650 8651 5b66f3 _free 59 API calls 8649->8651 8650->8643 8665 5b9a10 __dosmaperr 8651->8665 8652 5b9a4d 8653 5b800c _malloc DecodePointer 8652->8653 8655 5b9a53 8653->8655 8654 5b9a1d HeapReAlloc 8654->8658 8654->8665 8656 5b7fa3 __recalloc 59 API calls 8655->8656 8656->8665 8657 5b9a7d 8660 5b7fa3 __recalloc 59 API calls 8657->8660 8658->8652 8658->8654 8658->8657 8659 5b800c _malloc DecodePointer 8658->8659 8662 5b9a65 8658->8662 8659->8658 8661 5b9a82 GetLastError 8660->8661 8661->8665 8663 5b7fa3 __recalloc 59 API calls 8662->8663 8664 5b9a6a GetLastError 8663->8664 8664->8665 8665->8643 8666->8643 8670 5bbb00 LeaveCriticalSection 8667->8670 8669 5b7c58 8669->8615 8670->8669 8672 5b658a CoInitialize 8671->8672 8673 5b6580 8671->8673 8674 5b65bd 8672->8674 8675 5b659c 8672->8675 8673->8285 8678 5b65c1 GetCommandLineW 8674->8678 8676 5b65f4 8675->8676 8677 5b65a4 GetModuleHandleW 8675->8677 8676->8285 8677->8678 8679 5b65b3 8677->8679 8687 5b6060 8678->8687 8679->8285 8681 5b65d3 8682 5b65d7 8681->8682 8683 5b65e5 8681->8683 8719 5b63e0 8682->8719 8683->8676 8686 5b65ee CoUninitialize 8683->8686 8686->8676 8728 5b5f60 8687->8728 8689 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8690 5b613c 8689->8690 8690->8681 8692 5b609e 8693 5b6190 8692->8693 8695 5b61df 8692->8695 8704 5b6600 6 API calls 8692->8704 8707 5b6151 8692->8707 8710 5b6124 CharNextW 8692->8710 8712 5b611d CharNextW 8692->8712 8713 5b6142 CharNextW 8692->8713 8715 5b612d 8692->8715 8694 5b61ba 8693->8694 8799 5b56e0 8693->8799 8697 5b61c8 8694->8697 8806 5b6530 8694->8806 8734 5b4f30 8695->8734 8700 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8697->8700 8698 5b620e 8705 5b6222 8698->8705 8784 5b55e0 8698->8784 8701 5b61d9 8700->8701 8701->8681 8703 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8706 5b624c 8703->8706 8704->8692 8705->8703 8706->8681 8793 5b6300 8707->8793 8710->8692 8710->8715 8711 5b616e 8796 5b63b0 8711->8796 8712->8692 8712->8710 8713->8692 8713->8715 8715->8689 8717 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8718 5b618a 8717->8718 8718->8681 9285 5b6260 8719->9285 8721 5b63ee 8722 5b63f9 8721->8722 9302 5b6430 GetMessageW 8721->9302 8726 5b6419 8722->8726 9306 5b5690 8722->9306 8725 5b6408 8725->8726 8727 5b6410 Sleep 8725->8727 8726->8683 8727->8726 8729 5b5f9f 8728->8729 8730 5b5f6d 8728->8730 8729->8692 8730->8729 8731 5b5f96 CharNextW 8730->8731 8732 5b5f8f CharNextW 8730->8732 8733 5b5fa6 CharNextW 8730->8733 8731->8729 8731->8730 8732->8730 8732->8731 8733->8692 8735 5b4fa2 8734->8735 8736 5b4f77 8734->8736 8737 5b4fb6 GetModuleFileNameW 8735->8737 8783 5b4fe2 8735->8783 8736->8735 8817 5b20d0 8736->8817 8739 5b4fdd 8737->8739 8740 5b5003 8737->8740 8834 5b2a10 GetLastError 8739->8834 8742 5b500a 8740->8742 8743 5b5037 8740->8743 8845 5b1d10 8742->8845 8750 5b506d 8743->8750 8751 5b5056 GetModuleHandleW 8743->8751 8746 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8748 5b4ffd 8746->8748 8748->8698 8849 5b5260 8750->8849 8751->8750 8753 5b5062 8751->8753 8752 5b1e90 60 API calls 8755 5b5020 8752->8755 8756 5b50ee 8753->8756 8758 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8755->8758 8809 5b22b0 8756->8809 8762 5b5031 8758->8762 8760 5b5098 8764 5b1d10 59 API calls 8760->8764 8761 5b50c5 8761->8756 8770 5b517e 8761->8770 8762->8698 8763 5b5110 8765 5b516c 8763->8765 8768 5b22b0 64 API calls 8763->8768 8766 5b50a3 8764->8766 8767 5b1d10 59 API calls 8765->8767 8769 5b1e90 60 API calls 8766->8769 8767->8783 8772 5b512e 8768->8772 8773 5b50ae 8769->8773 8856 5b71a5 8770->8856 8772->8765 8776 5b5150 8772->8776 8777 5b5167 8772->8777 8775 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8773->8775 8778 5b50bf 8775->8778 8814 5b4c90 8776->8814 8853 5b4cf0 8777->8853 8778->8698 8782 5b1d10 59 API calls 8782->8783 8836 5b1e90 8783->8836 8785 5b55ec 8784->8785 8789 5b55f8 8784->8789 8785->8705 8786 5b566b 8787 5b567f 8786->8787 9143 5b5d40 8786->9143 8787->8705 8789->8786 8789->8787 8791 5b5642 8789->8791 9140 5b1b90 8789->9140 8791->8787 8791->8789 9165 5b5a20 8791->9165 8794 5b4f30 143 API calls 8793->8794 8795 5b6168 8794->8795 8795->8697 8795->8711 8797 5b55e0 160 API calls 8796->8797 8798 5b6179 8797->8798 8798->8717 8800 5b56ec 8799->8800 8804 5b56f8 8799->8804 8800->8694 8801 5b576b 8802 5b577f 8801->8802 9278 5b5ea0 8801->9278 8802->8694 8804->8801 8804->8802 8805 5b5a20 76 API calls 8804->8805 8805->8804 8807 5b4f30 143 API calls 8806->8807 8808 5b6565 8807->8808 8808->8697 8810 5b231a 8809->8810 8811 5b22d9 8809->8811 8810->8763 8811->8810 8812 5b20d0 64 API calls 8811->8812 8813 5b22fb 8812->8813 8813->8763 8859 5b42b0 LoadLibraryExW 8814->8859 8818 5b2230 8817->8818 8819 5b2106 8817->8819 8818->8736 8819->8818 9080 5b7318 8819->9080 8821 5b214a 8822 5b7318 60 API calls 8821->8822 8823 5b2195 8822->8823 8833 5b21e5 8823->8833 9084 5b7342 8823->9084 8825 5b21b8 8826 5b2970 RaiseException 8825->8826 8827 5b21be 8826->8827 8828 5b7342 _memcpy_s 59 API calls 8827->8828 8829 5b21cc 8828->8829 8830 5b2970 RaiseException 8829->8830 8831 5b21d2 8830->8831 9098 5b2060 8831->9098 8833->8736 8835 5b2a1a 8834->8835 8835->8783 9126 5b2cf0 8836->9126 8838 5b1ece 8839 5b2cf0 60 API calls 8838->8839 8840 5b1edf 8839->8840 8841 5b1eeb 8840->8841 8842 5b66f3 _free 59 API calls 8840->8842 8843 5b1f01 8841->8843 8844 5b66f3 _free 59 API calls 8841->8844 8842->8841 8843->8746 8844->8843 8846 5b1d2c 8845->8846 8848 5b1d18 8845->8848 8846->8752 8847 5b66f3 _free 59 API calls 8847->8848 8848->8846 8848->8847 8850 5b526a 8849->8850 8850->8850 8851 5b7342 _memcpy_s 59 API calls 8850->8851 8852 5b5091 8851->8852 8852->8760 8852->8761 8854 5b42b0 135 API calls 8853->8854 8855 5b4d38 8854->8855 8855->8765 9136 5b71b1 IsProcessorFeaturePresent 8856->9136 8860 5b433e LoadLibraryExW 8859->8860 8861 5b435c FindResourceW 8859->8861 8860->8861 8864 5b4350 8860->8864 8862 5b437f LoadResource 8861->8862 8863 5b4375 8861->8863 8866 5b439d SizeofResource 8862->8866 8867 5b4393 8862->8867 8865 5b2a10 GetLastError 8863->8865 8868 5b2a10 GetLastError 8864->8868 8871 5b437a 8865->8871 8870 5b43be 8866->8870 8866->8871 8869 5b2a10 GetLastError 8867->8869 8872 5b4355 8868->8872 8869->8871 8885 5b2840 8870->8885 8871->8872 8874 5b4445 FreeLibrary 8871->8874 8875 5b4465 8872->8875 8909 5b3220 8872->8909 8874->8872 8878 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8875->8878 8876 5b43ce 8876->8871 8880 5b43ff MultiByteToWideChar 8876->8880 8879 5b448a 8878->8879 8879->8782 8881 5b4418 8880->8881 8882 5b441f 8880->8882 8883 5b2a10 GetLastError 8881->8883 8894 5b4150 8882->8894 8883->8871 8886 5b2879 8885->8886 8887 5b2855 8885->8887 8918 5b2bc0 8886->8918 8887->8886 8888 5b285a 8887->8888 8890 5b286f 8888->8890 8912 5b2890 8888->8912 8890->8876 8895 5b415d __write_nolock 8894->8895 8924 5b3c50 8895->8924 8897 5b41f4 8898 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8897->8898 8900 5b4200 8898->8900 8899 5b41e6 CoTaskMemFree 8899->8897 8900->8871 8901 5b3a10 7 API calls 8903 5b4187 8901->8903 8902 5b41c0 lstrcmpiW 8902->8903 8903->8897 8903->8899 8903->8901 8903->8902 8904 5b4490 107 API calls 8903->8904 8905 5b425a 8903->8905 8908 5b41e0 8903->8908 8992 5b4e90 8903->8992 8904->8903 8949 5b4490 8905->8949 8908->8899 8910 5b66f3 _free 59 API calls 8909->8910 8911 5b3227 8910->8911 8911->8875 8913 5b672b _malloc 59 API calls 8912->8913 8914 5b289e 8913->8914 8915 5b2868 8914->8915 8916 5b2bc0 RaiseException 8914->8916 8915->8876 8917 5b28b6 8916->8917 8921 5b7712 8918->8921 8920 5b2bd7 8923 5b7731 RaiseException 8921->8923 8923->8920 8925 5b3ef6 8924->8925 8927 5b3c8e 8924->8927 8926 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8925->8926 8928 5b3f13 8926->8928 8927->8925 8929 5b3cd8 CoTaskMemAlloc 8927->8929 8947 5b3ce6 _wcsstr 8927->8947 8928->8903 8929->8947 8930 5b3e1c CoTaskMemFree 8930->8925 8931 5b3ed8 CoTaskMemFree 8931->8925 8932 5b3dfe CharNextW 8932->8947 8933 5b28c0 61 API calls 8933->8947 8935 5b3d92 CharNextW 8937 5b3da6 CharNextW 8935->8937 8935->8947 8936 5b3e9d CharNextW 8936->8931 8936->8947 9001 5b28c0 8937->9001 8939 5b3d4c CharNextW CharNextW CharNextW CharNextW 8996 5b2330 8939->8996 8940 5b3eb4 CoTaskMemFree 8940->8925 8942 5b3ec6 CoTaskMemFree 8942->8925 8943 5b73c1 __NMSG_WRITE 59 API calls 8943->8947 8944 5b2330 61 API calls 8944->8947 8947->8930 8947->8931 8947->8932 8947->8933 8947->8935 8947->8936 8947->8939 8947->8940 8947->8942 8947->8943 8947->8944 8948 5b3e90 CharNextW 8947->8948 9008 5b4ee0 8947->9008 9014 5b2970 8947->9014 9023 5b39b0 8947->9023 8948->8947 8948->8948 8950 5b44ab __write_nolock 8949->8950 9034 5b3a10 8950->9034 8952 5b4b85 8954 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 8952->8954 8953 5b4520 lstrcmpiW lstrcmpiW 8983 5b450c 8953->8983 8955 5b4b9f 8954->8955 8955->8908 8956 5b4b7e RegCloseKey 8956->8952 8957 5b466f lstrcmpiW 8958 5b469d lstrcmpiW 8957->8958 8957->8983 8958->8983 8959 5b3a10 7 API calls 8959->8983 8960 5b4818 CharNextW 8960->8983 8961 5b45c6 lstrcmpiW 8961->8983 8962 5b45a6 CharNextW 8962->8983 8963 5b4b0d 8965 5b1e70 RegCloseKey 8963->8965 8964 5b73c1 __NMSG_WRITE 59 API calls 8964->8983 8972 5b4a13 8965->8972 8966 5b2970 RaiseException 8966->8983 8967 5b4b1f 8970 5b1e70 RegCloseKey 8967->8970 8969 5b4e20 13 API calls 8969->8983 8970->8972 8971 5b23e0 75 API calls 8971->8983 8972->8952 8972->8956 8973 5b4b2c 8975 5b1e70 RegCloseKey 8973->8975 8974 5b3ba0 GetModuleHandleW GetProcAddress RegOpenKeyExW RegCloseKey 8974->8983 8975->8972 8976 5b4b39 8979 5b1e70 RegCloseKey 8976->8979 8977 5b47b1 RegDeleteValueW 8988 5b47c9 8977->8988 8978 5b47d6 RegCloseKey 8978->8988 8979->8972 8980 5b4490 96 API calls 8980->8983 8981 5b3660 RegQueryInfoKeyW 8981->8983 8982 5b4a89 RegCloseKey 8982->8983 8983->8952 8983->8953 8983->8957 8983->8958 8983->8959 8983->8960 8983->8961 8983->8962 8983->8963 8983->8964 8983->8966 8983->8967 8983->8969 8983->8971 8983->8972 8983->8973 8983->8974 8983->8976 8983->8977 8983->8980 8983->8981 8983->8982 8986 5b4000 20 API calls 8983->8986 8983->8988 9049 5b2dd0 8983->9049 9059 5b2be0 8983->9059 8986->8983 8987 5b4b51 8990 5b1e70 RegCloseKey 8987->8990 8988->8976 8988->8978 8988->8983 8988->8987 9064 5b30f0 8988->9064 9077 5b1e70 8988->9077 8991 5b4b67 8990->8991 8991->8972 8994 5b4e93 8992->8994 8993 5b4eb9 8993->8903 8994->8993 8995 5b4eae CharNextW 8994->8995 8995->8994 8997 5b235d 8996->8997 8998 5b2372 8996->8998 8997->8947 8999 5b28c0 61 API calls 8998->8999 9000 5b239d 8999->9000 9000->8947 9002 5b2961 9001->9002 9003 5b28d7 9001->9003 9002->8947 9003->9002 9004 5b2919 9003->9004 9006 5b290b CoTaskMemRealloc 9003->9006 9004->9002 9029 5b5240 9004->9029 9006->9002 9006->9004 9009 5b4eed 9008->9009 9010 5b4ef0 9008->9010 9009->8947 9011 5b4f1b 9010->9011 9012 5b4f09 CharNextW 9010->9012 9011->8947 9012->9010 9013 5b4f14 9012->9013 9013->8947 9015 5b297b 9014->9015 9016 5b29a1 9014->9016 9015->9016 9017 5b2989 9015->9017 9018 5b2997 9015->9018 9020 5b2bc0 RaiseException 9015->9020 9019 5b2bc0 RaiseException 9016->9019 9017->8947 9021 5b2bc0 RaiseException 9018->9021 9022 5b29ab 9019->9022 9020->9018 9021->9016 9024 5b39bf 9023->9024 9028 5b39d9 9023->9028 9025 5b39c2 lstrcmpiW 9024->9025 9024->9028 9025->9024 9026 5b39e2 9025->9026 9027 5b39fd RaiseException 9026->9027 9026->9028 9028->8947 9030 5b7342 _memcpy_s 59 API calls 9029->9030 9031 5b5254 9030->9031 9032 5b2970 RaiseException 9031->9032 9033 5b2948 9032->9033 9033->8947 9035 5b4e90 CharNextW 9034->9035 9036 5b3a21 9035->9036 9037 5b3a2d 9036->9037 9038 5b3a4f CharNextW 9036->9038 9044 5b3b00 9036->9044 9037->8983 9048 5b3a5a 9038->9048 9039 5b3b1b CharNextW 9041 5b3b6d 9039->9041 9039->9044 9040 5b3b5f 9040->8983 9041->8983 9042 5b3ada 9042->9041 9043 5b3ae7 CharNextW 9042->9043 9043->8983 9044->9039 9044->9040 9045 5b3a6d CharNextW 9045->9042 9045->9048 9046 5b3a81 CharNextW 9047 5b3a86 CharNextW 9046->9047 9047->9041 9047->9048 9048->9042 9048->9045 9048->9046 9048->9047 9050 5b2dea 9049->9050 9051 5b2e44 RegCreateKeyExW 9049->9051 9053 5b2def GetModuleHandleW 9050->9053 9054 5b2e37 9050->9054 9052 5b2e3d 9051->9052 9056 5b2e8b 9052->9056 9057 5b2e7c RegCloseKey 9052->9057 9055 5b2e05 GetProcAddress 9053->9055 9058 5b2dfe 9053->9058 9054->9051 9054->9052 9055->9052 9055->9058 9056->8983 9057->9056 9058->9052 9060 5b2bf4 lstrcmpiW 9059->9060 9061 5b2bfd 9060->9061 9062 5b2c14 9060->9062 9061->9060 9063 5b2c08 9061->9063 9062->8983 9063->8983 9065 5b3159 9064->9065 9066 5b30fe 9064->9066 9069 5b3162 GetModuleHandleW 9065->9069 9072 5b318b 9065->9072 9067 5b3138 9066->9067 9068 5b3105 GetModuleHandleW 9066->9068 9071 5b313e RegDeleteKeyW 9067->9071 9076 5b3124 9067->9076 9070 5b3114 GetProcAddress 9068->9070 9068->9076 9069->9072 9073 5b3171 GetProcAddress 9069->9073 9070->9076 9071->8988 9074 5b31a2 9072->9074 9075 5b31b4 RegDeleteKeyW 9072->9075 9073->9072 9074->8988 9075->8988 9076->8988 9078 5b1e79 RegCloseKey 9077->9078 9079 5b1e86 9077->9079 9078->9079 9079->8983 9081 5b72ea __EH_prolog3_catch 9080->9081 9103 5b9aee 9081->9103 9083 5b7302 9083->8821 9085 5b7351 9084->9085 9094 5b734d _memmove 9084->9094 9086 5b7358 9085->9086 9089 5b736b _memset 9085->9089 9087 5b7fa3 __recalloc 59 API calls 9086->9087 9088 5b735d 9087->9088 9090 5b9d0b __fptostr 9 API calls 9088->9090 9091 5b7399 9089->9091 9092 5b73a2 9089->9092 9089->9094 9090->9094 9093 5b7fa3 __recalloc 59 API calls 9091->9093 9092->9094 9096 5b7fa3 __recalloc 59 API calls 9092->9096 9095 5b739e 9093->9095 9094->8825 9097 5b9d0b __fptostr 9 API calls 9095->9097 9096->9095 9097->9094 9117 5b7281 9098->9117 9100 5b2074 9101 5b7281 __recalloc 63 API calls 9100->9101 9102 5b207b 9100->9102 9101->9102 9102->8833 9106 5b9af6 9103->9106 9104 5b672b _malloc 59 API calls 9104->9106 9105 5b9b10 9105->9083 9106->9104 9106->9105 9107 5b800c _malloc DecodePointer 9106->9107 9108 5b9b14 std::exception::exception 9106->9108 9107->9106 9109 5b7712 __CxxThrowException@8 RaiseException 9108->9109 9110 5b9b3e 9109->9110 9113 5bdd05 9110->9113 9112 5b9b50 9112->9083 9114 5bdda6 9113->9114 9115 5bddb7 9114->9115 9116 5b66f3 _free 59 API calls 9114->9116 9115->9112 9116->9115 9118 5b72aa 9117->9118 9119 5b728f 9117->9119 9121 5b72bc 9118->9121 9123 5b9a97 __recalloc 60 API calls 9118->9123 9119->9118 9120 5b729b 9119->9120 9122 5b7fa3 __recalloc 59 API calls 9120->9122 9124 5b99ec __recalloc 62 API calls 9121->9124 9125 5b72a0 _memset 9122->9125 9123->9121 9124->9125 9125->9100 9127 5b2d2f 9126->9127 9135 5b2cfb 9126->9135 9128 5b2d3b 9127->9128 9131 5b66f3 _free 59 API calls 9127->9131 9129 5b2d51 9128->9129 9132 5b66f3 _free 59 API calls 9128->9132 9129->8838 9130 5b2d67 RaiseException 9133 5b2cf0 59 API calls 9130->9133 9131->9128 9132->9129 9134 5b2d8e 9133->9134 9134->8838 9135->9127 9135->9130 9137 5b71c5 9136->9137 9138 5b706d ___raise_securityfailure 5 API calls 9137->9138 9139 5b5183 9138->9139 9141 5b4f30 143 API calls 9140->9141 9142 5b1ba5 9141->9142 9142->8789 9216 5b5830 9143->9216 9145 5b5d83 9146 5b5e5c SysFreeString 9145->9146 9149 5b5e02 9145->9149 9153 5b5dbb SysStringLen 9145->9153 9148 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 9146->9148 9150 5b5e85 9148->9150 9151 5b5e1b GetModuleHandleW 9149->9151 9152 5b5e3a 9149->9152 9150->8787 9151->9152 9154 5b5e2a GetProcAddress 9151->9154 9155 5b5e3f RegisterTypeLib SysFreeString 9152->9155 9156 5b73c1 __NMSG_WRITE 59 API calls 9153->9156 9154->9152 9154->9155 9155->9146 9157 5b5dda 9156->9157 9158 5b2970 RaiseException 9157->9158 9159 5b5de0 9158->9159 9250 5b57e0 9159->9250 9161 5b5df5 9161->9149 9162 5b5e8b 9161->9162 9163 5b71a5 6 API calls 9162->9163 9164 5b5e90 9163->9164 9167 5b5a4c 9165->9167 9168 5b5d04 9165->9168 9166 5b5a7b CoCreateInstance 9166->9168 9172 5b5a9e 9166->9172 9167->9166 9167->9168 9169 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 9168->9169 9170 5b5d25 9169->9170 9170->8791 9171 5b5b1c StringFromGUID2 9173 5b7d92 __wsetenvp 59 API calls 9171->9173 9172->9168 9172->9171 9174 5b5b48 9173->9174 9175 5b2970 RaiseException 9174->9175 9176 5b5b4e 9175->9176 9177 5b7d26 __NMSG_WRITE 59 API calls 9176->9177 9178 5b5b66 9177->9178 9179 5b2970 RaiseException 9178->9179 9180 5b5b6c 9179->9180 9181 5b7d26 __NMSG_WRITE 59 API calls 9180->9181 9182 5b5b82 9181->9182 9183 5b2970 RaiseException 9182->9183 9184 5b5b88 9183->9184 9265 5b3ba0 9184->9265 9187 5b5bdf RegQueryInfoKeyW 9275 5b2da0 9187->9275 9188 5b5c23 9189 5b7d92 __wsetenvp 59 API calls 9188->9189 9192 5b5c39 9189->9192 9191 5b5c05 9191->9188 9195 5b30f0 6 API calls 9191->9195 9193 5b2970 RaiseException 9192->9193 9194 5b5c3f 9193->9194 9196 5b7d26 __NMSG_WRITE 59 API calls 9194->9196 9195->9188 9197 5b5c57 9196->9197 9198 5b2970 RaiseException 9197->9198 9199 5b5c5d 9198->9199 9200 5b7d26 __NMSG_WRITE 59 API calls 9199->9200 9201 5b5c73 9200->9201 9202 5b2970 RaiseException 9201->9202 9203 5b5c79 9202->9203 9204 5b3ba0 4 API calls 9203->9204 9205 5b5c98 9204->9205 9206 5b5c9c RegQueryInfoKeyW 9205->9206 9207 5b5ce3 9205->9207 9208 5b2da0 RegCloseKey 9206->9208 9209 5b1e70 RegCloseKey 9207->9209 9210 5b5cc5 9208->9210 9211 5b5cee 9209->9211 9210->9207 9214 5b30f0 6 API calls 9210->9214 9212 5b1e70 RegCloseKey 9211->9212 9213 5b5cf9 9212->9213 9215 5b1d10 59 API calls 9213->9215 9214->9207 9215->9168 9217 5b585f 9216->9217 9218 5b5a05 9216->9218 9217->9218 9219 5b5867 GetModuleFileNameW 9217->9219 9220 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 9218->9220 9221 5b588d 9219->9221 9222 5b58a7 9219->9222 9223 5b5a16 9220->9223 9224 5b2a10 GetLastError 9221->9224 9225 5b58c9 9222->9225 9226 5b58af 9222->9226 9223->9145 9227 5b5892 9224->9227 9255 5b5790 9225->9255 9228 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 9226->9228 9230 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 9227->9230 9231 5b58c3 9228->9231 9232 5b58a1 9230->9232 9231->9145 9232->9145 9233 5b5933 LoadTypeLib 9234 5b594b 9233->9234 9235 5b59ca SysAllocString 9233->9235 9237 5b599b 9234->9237 9238 5b5981 9234->9238 9236 5b59dd 9235->9236 9239 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 9236->9239 9241 5b7d92 __wsetenvp 59 API calls 9237->9241 9240 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 9238->9240 9242 5b59ff 9239->9242 9243 5b5995 9240->9243 9244 5b59ad 9241->9244 9242->9145 9243->9145 9246 5b2970 RaiseException 9244->9246 9245 5b58d5 9245->9233 9245->9238 9260 5b66b0 9245->9260 9248 5b59b3 LoadTypeLib 9246->9248 9248->9235 9248->9236 9251 5b57eb 9250->9251 9252 5b57f2 9250->9252 9251->9161 9253 5b5823 9252->9253 9254 5b5800 CharNextW 9252->9254 9253->9161 9254->9252 9256 5b579a 9255->9256 9258 5b579c 9255->9258 9256->9245 9257 5b57ce 9257->9245 9258->9257 9259 5b57c3 CharNextW 9258->9259 9259->9257 9259->9258 9261 5b7d92 __wsetenvp 59 API calls 9260->9261 9262 5b66c1 9261->9262 9263 5b2970 RaiseException 9262->9263 9264 5b5930 9263->9264 9264->9233 9266 5b3bba 9265->9266 9267 5b3c07 RegOpenKeyExW 9265->9267 9268 5b3bfa 9266->9268 9269 5b3bbf GetModuleHandleW 9266->9269 9270 5b3c00 9267->9270 9268->9267 9268->9270 9271 5b3bce 9269->9271 9272 5b3bd5 GetProcAddress 9269->9272 9273 5b3c26 RegCloseKey 9270->9273 9274 5b3c35 9270->9274 9271->9270 9272->9270 9272->9271 9273->9274 9274->9187 9274->9188 9276 5b2da9 RegCloseKey 9275->9276 9277 5b2dbf 9275->9277 9276->9191 9277->9191 9279 5b5830 66 API calls 9278->9279 9280 5b5ec8 9279->9280 9281 5b5f0b SysFreeString 9280->9281 9283 5b5eea GetModuleHandleW 9280->9283 9281->8802 9283->9281 9284 5b5ef9 GetProcAddress 9283->9284 9284->9281 9311 5b5590 9285->9311 9287 5b6272 9288 5b62ee 9287->9288 9289 5b6281 9287->9289 9290 5b62d0 CoResumeClassObjects 9287->9290 9288->8721 9316 5b6490 CreateEventW 9289->9316 9291 5b62d8 9290->9291 9291->9288 9294 5b5690 CoRevokeClassObject 9291->9294 9293 5b6288 9295 5b628e 9293->9295 9296 5b62a5 CoResumeClassObjects 9293->9296 9299 5b62e6 9294->9299 9300 5b5690 CoRevokeClassObject 9295->9300 9297 5b62b1 SetEvent WaitForSingleObject 9296->9297 9298 5b62c7 CloseHandle 9296->9298 9297->9298 9298->9291 9299->8721 9301 5b629d 9300->9301 9301->8721 9303 5b644d 9302->9303 9305 5b647c 9302->9305 9304 5b6460 TranslateMessage DispatchMessageW GetMessageW 9303->9304 9304->9304 9304->9305 9305->8722 9307 5b569b 9306->9307 9309 5b56a5 9306->9309 9307->8725 9308 5b56d6 9308->8725 9309->9308 9310 5b56cb CoRevokeClassObject 9309->9310 9310->9309 9312 5b559b 9311->9312 9314 5b55a5 9311->9314 9312->9287 9313 5b55d5 9313->9287 9314->9313 9321 5b6340 9314->9321 9317 5b64ac 9316->9317 9318 5b64b1 CreateThread 9316->9318 9317->9293 9319 5b64da 9318->9319 9320 5b64ce CloseHandle 9318->9320 9319->9293 9320->9319 9322 5b635d 9321->9322 9323 5b6356 9321->9323 9324 5b638c 9322->9324 9325 5b6372 CoRegisterClassObject 9322->9325 9323->9314 9324->9314 9325->9324 9327 5b8209 __setmbcp 9326->9327 9328 5bb996 __lock 52 API calls 9327->9328 9329 5b8210 9328->9329 9330 5b82c9 __cinit 9329->9330 9331 5b823e DecodePointer 9329->9331 9346 5b8317 9330->9346 9331->9330 9333 5b8255 DecodePointer 9331->9333 9339 5b8265 9333->9339 9335 5b8326 __setmbcp 9335->8288 9337 5b8272 EncodePointer 9337->9339 9338 5b830e 9340 5b8073 __mtinitlocknum 3 API calls 9338->9340 9339->9330 9339->9337 9342 5b8282 DecodePointer EncodePointer 9339->9342 9341 5b8317 9340->9341 9343 5b8324 9341->9343 9351 5bbb00 LeaveCriticalSection 9341->9351 9344 5b8294 DecodePointer DecodePointer 9342->9344 9343->8288 9344->9339 9347 5b831d 9346->9347 9349 5b82f7 9346->9349 9352 5bbb00 LeaveCriticalSection 9347->9352 9349->9335 9350 5bbb00 LeaveCriticalSection 9349->9350 9350->9338 9351->9343 9352->9349 9354 5b81fd _doexit 59 API calls 9353->9354 9355 5b80a4 9354->9355 9460 5ba211 9461 5b9e7b FindHandler 59 API calls 9460->9461 9462 5ba219 9461->9462 9467 5bac44 9462->9467 9464 5ba28c 9477 5ba2b9 9464->9477 9466 5ba2ab __setmbcp 9468 5bac50 __setmbcp 9467->9468 9469 5b9e7b FindHandler 59 API calls 9468->9469 9471 5bac70 _CallCatchBlock2 9469->9471 9470 5bacde 9492 5bad03 9470->9492 9471->9470 9486 5b9504 9471->9486 9475 5bacf4 __setmbcp 9475->9464 9476 5b9504 FindHandler 64 API calls 9476->9475 9498 5b7ab2 9477->9498 9480 5b9e7b FindHandler 59 API calls 9481 5ba2cd 9480->9481 9482 5b9e7b FindHandler 59 API calls 9481->9482 9483 5ba2db 9482->9483 9485 5ba322 ___DestructExceptionObject 9483->9485 9506 5b7b02 9483->9506 9485->9466 9497 5b9310 9486->9497 9488 5b9510 DecodePointer 9489 5b9520 9488->9489 9490 5b953c FindHandler 63 API calls 9489->9490 9491 5b953b 9490->9491 9493 5b9e7b FindHandler 59 API calls 9492->9493 9494 5bad08 9493->9494 9495 5bacea 9494->9495 9496 5b9e7b FindHandler 59 API calls 9494->9496 9495->9475 9495->9476 9496->9495 9497->9488 9499 5b9e7b FindHandler 59 API calls 9498->9499 9500 5b7abb 9499->9500 9501 5b7ad7 9500->9501 9502 5b7ac6 9500->9502 9503 5b9e7b FindHandler 59 API calls 9501->9503 9504 5b9e7b FindHandler 59 API calls 9502->9504 9505 5b7acb 9503->9505 9504->9505 9505->9480 9507 5b9e7b FindHandler 59 API calls 9506->9507 9508 5b7b0a 9507->9508 9508->9485 10497 5bbe8d 10500 5bc1e9 10497->10500 10499 5bbe9c 10501 5bc1f5 __setmbcp 10500->10501 10502 5b9e7b FindHandler 59 API calls 10501->10502 10503 5bc1fd 10502->10503 10504 5bc143 __setmbcp 59 API calls 10503->10504 10505 5bc207 10504->10505 10525 5bbee4 10505->10525 10508 5bafb5 __malloc_crt 59 API calls 10509 5bc229 10508->10509 10510 5bc356 __setmbcp 10509->10510 10532 5bc391 10509->10532 10510->10499 10513 5bc25f 10515 5bc27f 10513->10515 10519 5b66f3 _free 59 API calls 10513->10519 10514 5bc366 10514->10510 10516 5bc379 10514->10516 10517 5b66f3 _free 59 API calls 10514->10517 10515->10510 10520 5bb996 __lock 59 API calls 10515->10520 10518 5b7fa3 __recalloc 59 API calls 10516->10518 10517->10516 10518->10510 10519->10515 10521 5bc2ae 10520->10521 10522 5bc33c 10521->10522 10524 5b66f3 _free 59 API calls 10521->10524 10542 5bc35b 10522->10542 10524->10522 10526 5b879b _LocaleUpdate::_LocaleUpdate 59 API calls 10525->10526 10527 5bbef4 10526->10527 10528 5bbf03 GetOEMCP 10527->10528 10529 5bbf15 10527->10529 10530 5bbf2c 10528->10530 10529->10530 10531 5bbf1a GetACP 10529->10531 10530->10508 10530->10510 10531->10530 10533 5bbee4 getSystemCP 61 API calls 10532->10533 10534 5bc3ae 10533->10534 10536 5bc3ff IsValidCodePage 10534->10536 10539 5bc3b5 setSBCS 10534->10539 10541 5bc424 _memset __setmbcp_nolock 10534->10541 10535 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 10537 5bc250 10535->10537 10538 5bc411 GetCPInfo 10536->10538 10536->10539 10537->10513 10537->10514 10538->10539 10538->10541 10539->10535 10545 5bbfb1 GetCPInfo 10541->10545 10611 5bbb00 LeaveCriticalSection 10542->10611 10544 5bc362 10544->10510 10551 5bbfe9 10545->10551 10554 5bc093 10545->10554 10548 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 10550 5bc13f 10548->10550 10550->10539 10555 5be442 10551->10555 10553 5be304 ___crtLCMapStringA 63 API calls 10553->10554 10554->10548 10556 5b879b _LocaleUpdate::_LocaleUpdate 59 API calls 10555->10556 10557 5be453 10556->10557 10565 5be34a 10557->10565 10560 5be304 10561 5b879b _LocaleUpdate::_LocaleUpdate 59 API calls 10560->10561 10562 5be315 10561->10562 10582 5be100 10562->10582 10566 5be371 MultiByteToWideChar 10565->10566 10567 5be364 10565->10567 10571 5be39d 10566->10571 10577 5be396 10566->10577 10567->10566 10568 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 10569 5bc04a 10568->10569 10569->10560 10570 5be3bf _memset __crtLCMapStringA_stat 10573 5be3fb MultiByteToWideChar 10570->10573 10570->10577 10571->10570 10572 5b672b _malloc 59 API calls 10571->10572 10572->10570 10574 5be425 10573->10574 10575 5be415 GetStringTypeW 10573->10575 10578 5bdb52 10574->10578 10575->10574 10577->10568 10579 5bdb6d 10578->10579 10580 5bdb5c 10578->10580 10579->10577 10580->10579 10581 5b66f3 _free 59 API calls 10580->10581 10581->10579 10585 5be119 MultiByteToWideChar 10582->10585 10584 5be178 10586 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 10584->10586 10585->10584 10588 5be17f 10585->10588 10589 5bc06b 10586->10589 10587 5be1de MultiByteToWideChar 10590 5be245 10587->10590 10591 5be1f7 10587->10591 10594 5b672b _malloc 59 API calls 10588->10594 10596 5be1a7 __crtLCMapStringA_stat 10588->10596 10589->10553 10593 5bdb52 __freea 59 API calls 10590->10593 10607 5bdbe8 10591->10607 10593->10584 10594->10596 10595 5be20b 10595->10590 10597 5be221 10595->10597 10598 5be24d 10595->10598 10596->10584 10596->10587 10597->10590 10599 5bdbe8 __crtLCMapStringA_stat LCMapStringW 10597->10599 10602 5b672b _malloc 59 API calls 10598->10602 10605 5be275 __crtLCMapStringA_stat 10598->10605 10599->10590 10600 5bdbe8 __crtLCMapStringA_stat LCMapStringW 10601 5be2b8 10600->10601 10603 5be2e0 10601->10603 10606 5be2d2 WideCharToMultiByte 10601->10606 10602->10605 10604 5bdb52 __freea 59 API calls 10603->10604 10604->10590 10605->10590 10605->10600 10606->10603 10608 5bdbf8 10607->10608 10609 5bdc13 __crtLCMapStringA_stat 10607->10609 10608->10595 10610 5bdc2a LCMapStringW 10609->10610 10610->10595 10611->10544 9514 5be003 9521 5be5a4 9514->9521 9517 5be016 9519 5b66f3 _free 59 API calls 9517->9519 9520 5be021 9519->9520 9534 5be5ad 9521->9534 9523 5be008 9523->9517 9524 5c0e35 9523->9524 9525 5c0e41 __setmbcp 9524->9525 9526 5bb996 __lock 59 API calls 9525->9526 9528 5c0e4d 9526->9528 9527 5c0eb2 9575 5c0ec9 9527->9575 9528->9527 9532 5c0e86 DeleteCriticalSection 9528->9532 9562 5c1bd1 9528->9562 9530 5c0ebe __setmbcp 9530->9517 9533 5b66f3 _free 59 API calls 9532->9533 9533->9528 9535 5be5b9 __setmbcp 9534->9535 9536 5bb996 __lock 59 API calls 9535->9536 9543 5be5c8 9536->9543 9537 5be666 9552 5be688 9537->9552 9540 5be672 __setmbcp 9540->9523 9542 5be4fa 83 API calls __fflush_nolock 9542->9543 9543->9537 9543->9542 9544 5be069 9543->9544 9549 5be655 9543->9549 9545 5be08a EnterCriticalSection 9544->9545 9546 5be074 9544->9546 9545->9543 9547 5bb996 __lock 59 API calls 9546->9547 9548 5be07d 9547->9548 9548->9543 9555 5be0d3 9549->9555 9551 5be663 9551->9543 9561 5bbb00 LeaveCriticalSection 9552->9561 9554 5be68f 9554->9540 9556 5be0e1 9555->9556 9557 5be0f4 LeaveCriticalSection 9555->9557 9560 5bbb00 LeaveCriticalSection 9556->9560 9557->9551 9559 5be0f1 9559->9551 9560->9559 9561->9554 9563 5c1bdd __setmbcp 9562->9563 9564 5c1c09 9563->9564 9565 5c1bf1 9563->9565 9571 5c1c01 __setmbcp 9564->9571 9578 5be02a 9564->9578 9566 5b7fa3 __recalloc 59 API calls 9565->9566 9567 5c1bf6 9566->9567 9569 5b9d0b __fptostr 9 API calls 9567->9569 9569->9571 9571->9528 9865 5bbb00 LeaveCriticalSection 9575->9865 9577 5c0ed0 9577->9530 9579 5be03a 9578->9579 9580 5be05c EnterCriticalSection 9578->9580 9579->9580 9581 5be042 9579->9581 9582 5be052 9580->9582 9583 5bb996 __lock 59 API calls 9581->9583 9584 5c1b65 9582->9584 9583->9582 9585 5c1b88 9584->9585 9586 5c1b74 9584->9586 9588 5c1b84 9585->9588 9603 5be540 9585->9603 9587 5b7fa3 __recalloc 59 API calls 9586->9587 9590 5c1b79 9587->9590 9600 5c1c40 9588->9600 9592 5b9d0b __fptostr 9 API calls 9590->9592 9592->9588 9596 5c1ba2 9620 5c1fe4 9596->9620 9598 5c1ba8 9598->9588 9599 5b66f3 _free 59 API calls 9598->9599 9599->9588 9858 5be099 9600->9858 9602 5c1c46 9602->9571 9604 5be553 9603->9604 9608 5be577 9603->9608 9605 5be482 __fflush_nolock 59 API calls 9604->9605 9604->9608 9606 5be570 9605->9606 9646 5c0fbb 9606->9646 9609 5c2159 9608->9609 9610 5c1b9c 9609->9610 9611 5c2166 9609->9611 9613 5be482 9610->9613 9611->9610 9612 5b66f3 _free 59 API calls 9611->9612 9612->9610 9614 5be48c 9613->9614 9615 5be4a1 9613->9615 9616 5b7fa3 __recalloc 59 API calls 9614->9616 9615->9596 9617 5be491 9616->9617 9618 5b9d0b __fptostr 9 API calls 9617->9618 9619 5be49c 9618->9619 9619->9596 9621 5c1ff0 __setmbcp 9620->9621 9622 5c1ffd 9621->9622 9623 5c2014 9621->9623 9624 5b7f6f __write_nolock 59 API calls 9622->9624 9625 5c209f 9623->9625 9627 5c2024 9623->9627 9626 5c2002 9624->9626 9628 5b7f6f __write_nolock 59 API calls 9625->9628 9629 5b7fa3 __recalloc 59 API calls 9626->9629 9630 5c204c 9627->9630 9631 5c2042 9627->9631 9632 5c2047 9628->9632 9642 5c2009 __setmbcp 9629->9642 9633 5c1c48 ___lock_fhandle 60 API calls 9630->9633 9634 5b7f6f __write_nolock 59 API calls 9631->9634 9635 5b7fa3 __recalloc 59 API calls 9632->9635 9636 5c2052 9633->9636 9634->9632 9637 5c20ab 9635->9637 9638 5c2065 9636->9638 9639 5c2070 9636->9639 9640 5b9d0b __fptostr 9 API calls 9637->9640 9830 5c20bf 9638->9830 9643 5b7fa3 __recalloc 59 API calls 9639->9643 9640->9642 9642->9598 9644 5c206b 9643->9644 9845 5c2097 9644->9845 9647 5c0fc7 __setmbcp 9646->9647 9648 5c0feb 9647->9648 9649 5c0fd4 9647->9649 9651 5c108a 9648->9651 9653 5c0fff 9648->9653 9674 5b7f6f 9649->9674 9654 5b7f6f __write_nolock 59 API calls 9651->9654 9656 5c101d 9653->9656 9657 5c1027 9653->9657 9658 5c1022 9654->9658 9655 5b7fa3 __recalloc 59 API calls 9660 5c0fe0 __setmbcp 9655->9660 9661 5b7f6f __write_nolock 59 API calls 9656->9661 9677 5c1c48 9657->9677 9663 5b7fa3 __recalloc 59 API calls 9658->9663 9660->9608 9661->9658 9662 5c102d 9664 5c1040 9662->9664 9665 5c1053 9662->9665 9666 5c1096 9663->9666 9686 5c10aa 9664->9686 9669 5b7fa3 __recalloc 59 API calls 9665->9669 9668 5b9d0b __fptostr 9 API calls 9666->9668 9668->9660 9670 5c1058 9669->9670 9672 5b7f6f __write_nolock 59 API calls 9670->9672 9671 5c104c 9745 5c1082 9671->9745 9672->9671 9675 5b9e93 __getptd_noexit 59 API calls 9674->9675 9676 5b7f74 9675->9676 9676->9655 9678 5c1c54 __setmbcp 9677->9678 9679 5c1ca3 EnterCriticalSection 9678->9679 9681 5bb996 __lock 59 API calls 9678->9681 9680 5c1cc9 __setmbcp 9679->9680 9680->9662 9682 5c1c79 9681->9682 9683 5b96ac __mtinitlocks InitializeCriticalSectionAndSpinCount 9682->9683 9685 5c1c91 9682->9685 9683->9685 9748 5c1ccd 9685->9748 9687 5c10b7 __write_nolock 9686->9687 9688 5c1115 9687->9688 9689 5c10f6 9687->9689 9717 5c10eb 9687->9717 9692 5c116d 9688->9692 9693 5c1151 9688->9693 9691 5b7f6f __write_nolock 59 API calls 9689->9691 9690 5b66e4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 6 API calls 9694 5c190b 9690->9694 9695 5c10fb 9691->9695 9697 5c1186 9692->9697 9752 5c1de9 9692->9752 9696 5b7f6f __write_nolock 59 API calls 9693->9696 9694->9671 9698 5b7fa3 __recalloc 59 API calls 9695->9698 9699 5c1156 9696->9699 9761 5be4a6 9697->9761 9701 5c1102 9698->9701 9704 5b7fa3 __recalloc 59 API calls 9699->9704 9705 5b9d0b __fptostr 9 API calls 9701->9705 9703 5c1194 9706 5c14ed 9703->9706 9711 5b9e7b FindHandler 59 API calls 9703->9711 9707 5c115d 9704->9707 9705->9717 9708 5c150b 9706->9708 9709 5c1880 WriteFile 9706->9709 9710 5b9d0b __fptostr 9 API calls 9707->9710 9712 5c162f 9708->9712 9720 5c1521 9708->9720 9713 5c14e0 GetLastError 9709->9713 9718 5c14ad 9709->9718 9710->9717 9714 5c11c0 GetConsoleMode 9711->9714 9724 5c163a 9712->9724 9737 5c1724 9712->9737 9713->9718 9714->9706 9716 5c11ff 9714->9716 9715 5c18b9 9715->9717 9722 5b7fa3 __recalloc 59 API calls 9715->9722 9716->9706 9719 5c120f GetConsoleCP 9716->9719 9717->9690 9718->9715 9718->9717 9723 5c160d 9718->9723 9719->9715 9743 5c123e 9719->9743 9720->9715 9720->9718 9721 5c1590 WriteFile 9720->9721 9721->9713 9721->9720 9725 5c18e7 9722->9725 9727 5c1618 9723->9727 9728 5c18b0 9723->9728 9724->9715 9724->9718 9730 5c169f WriteFile 9724->9730 9726 5b7f6f __write_nolock 59 API calls 9725->9726 9726->9717 9731 5b7fa3 __recalloc 59 API calls 9727->9731 9773 5b7f82 9728->9773 9729 5c1799 WideCharToMultiByte 9729->9713 9729->9737 9730->9713 9730->9724 9733 5c161d 9731->9733 9735 5b7f6f __write_nolock 59 API calls 9733->9735 9734 5c17e8 WriteFile 9734->9737 9738 5c183b GetLastError 9734->9738 9735->9717 9737->9715 9737->9718 9737->9729 9737->9734 9738->9737 9739 5c1f51 61 API calls __write_nolock 9739->9743 9740 5c1f69 WriteConsoleW CreateFileW __putwch_nolock 9740->9743 9741 5c1327 WideCharToMultiByte 9741->9718 9742 5c1362 WriteFile 9741->9742 9742->9713 9742->9743 9743->9713 9743->9718 9743->9739 9743->9740 9743->9741 9744 5c13bc WriteFile 9743->9744 9770 5becb1 9743->9770 9744->9713 9744->9743 9829 5c1dc3 LeaveCriticalSection 9745->9829 9747 5c1088 9747->9660 9751 5bbb00 LeaveCriticalSection 9748->9751 9750 5c1cd4 9750->9679 9751->9750 9778 5c1d5c 9752->9778 9754 5c1df9 9755 5c1e01 9754->9755 9756 5c1e12 SetFilePointerEx 9754->9756 9757 5b7fa3 __recalloc 59 API calls 9755->9757 9758 5c1e2a GetLastError 9756->9758 9760 5c1e06 9756->9760 9757->9760 9759 5b7f82 __dosmaperr 59 API calls 9758->9759 9759->9760 9760->9697 9762 5be4be 9761->9762 9763 5be4b1 9761->9763 9766 5be4ca 9762->9766 9767 5b7fa3 __recalloc 59 API calls 9762->9767 9764 5b7fa3 __recalloc 59 API calls 9763->9764 9765 5be4b6 9764->9765 9765->9703 9766->9703 9768 5be4eb 9767->9768 9769 5b9d0b __fptostr 9 API calls 9768->9769 9769->9765 9791 5bec77 9770->9791 9774 5b7f6f __write_nolock 59 API calls 9773->9774 9775 5b7f8b __dosmaperr 9774->9775 9776 5b7fa3 __recalloc 59 API calls 9775->9776 9777 5b7f9e 9776->9777 9777->9717 9779 5c1d7c 9778->9779 9780 5c1d67 9778->9780 9782 5b7f6f __write_nolock 59 API calls 9779->9782 9784 5c1da1 9779->9784 9781 5b7f6f __write_nolock 59 API calls 9780->9781 9783 5c1d6c 9781->9783 9785 5c1dab 9782->9785 9786 5b7fa3 __recalloc 59 API calls 9783->9786 9784->9754 9787 5b7fa3 __recalloc 59 API calls 9785->9787 9789 5c1d74 9786->9789 9788 5c1db3 9787->9788 9790 5b9d0b __fptostr 9 API calls 9788->9790 9789->9754 9790->9789 9794 5b879b 9791->9794 9795 5b87ac 9794->9795 9801 5b87f9 9794->9801 9796 5b9e7b FindHandler 59 API calls 9795->9796 9797 5b87b2 9796->9797 9798 5b87d9 9797->9798 9802 5bca99 9797->9802 9798->9801 9817 5bc143 9798->9817 9801->9743 9803 5bcaa5 __setmbcp 9802->9803 9804 5b9e7b FindHandler 59 API calls 9803->9804 9805 5bcaae 9804->9805 9806 5bcadd 9805->9806 9808 5bcac1 9805->9808 9807 5bb996 __lock 59 API calls 9806->9807 9809 5bcae4 9807->9809 9810 5b9e7b FindHandler 59 API calls 9808->9810 9811 5bcb19 __updatetlocinfoEx_nolock 59 API calls 9809->9811 9812 5bcac6 9810->9812 9813 5bcaf8 9811->9813 9815 5bcad4 __setmbcp 9812->9815 9816 5b8089 __lock 59 API calls 9812->9816 9814 5bcb10 _LocaleUpdate::_LocaleUpdate LeaveCriticalSection 9813->9814 9814->9812 9815->9798 9816->9815 9818 5bc14f __setmbcp 9817->9818 9819 5b9e7b FindHandler 59 API calls 9818->9819 9820 5bc159 9819->9820 9821 5bb996 __lock 59 API calls 9820->9821 9822 5bc16b 9820->9822 9827 5bc189 9821->9827 9824 5bc179 __setmbcp 9822->9824 9826 5b8089 __lock 59 API calls 9822->9826 9823 5bc1b6 9825 5bc1e0 __setmbcp LeaveCriticalSection 9823->9825 9824->9801 9825->9822 9826->9824 9827->9823 9828 5b66f3 _free 59 API calls 9827->9828 9828->9823 9829->9747 9831 5c1d5c __lseeki64_nolock 59 API calls 9830->9831 9834 5c20cd 9831->9834 9832 5c2123 9848 5c1cd6 9832->9848 9834->9832 9836 5c1d5c __lseeki64_nolock 59 API calls 9834->9836 9844 5c2101 9834->9844 9835 5c1d5c __lseeki64_nolock 59 API calls 9838 5c210d CloseHandle 9835->9838 9837 5c20f8 9836->9837 9841 5c1d5c __lseeki64_nolock 59 API calls 9837->9841 9838->9832 9842 5c2119 GetLastError 9838->9842 9840 5c214d 9840->9644 9841->9844 9842->9832 9843 5b7f82 __dosmaperr 59 API calls 9843->9840 9844->9832 9844->9835 9857 5c1dc3 LeaveCriticalSection 9845->9857 9847 5c209d 9847->9642 9849 5c1d42 9848->9849 9851 5c1ce2 9848->9851 9850 5b7fa3 __recalloc 59 API calls 9849->9850 9852 5c1d47 9850->9852 9851->9849 9856 5c1d0b 9851->9856 9853 5b7f6f __write_nolock 59 API calls 9852->9853 9854 5c1d33 9853->9854 9854->9840 9854->9843 9855 5c1d2d SetStdHandle 9855->9854 9856->9854 9856->9855 9857->9847 9859 5be0a8 9858->9859 9860 5be0c7 LeaveCriticalSection 9858->9860 9859->9860 9861 5be0af 9859->9861 9860->9602 9864 5bbb00 LeaveCriticalSection 9861->9864 9863 5be0c4 9863->9602 9864->9863 9865->9577 10119 5bec25 10120 5bec31 __setmbcp 10119->10120 10121 5bb996 __lock 59 API calls 10120->10121 10122 5bec68 __setmbcp 10120->10122 10123 5bec45 10121->10123 10127 5bcb19 10123->10127 10128 5bcb59 10127->10128 10129 5bcb24 ___addlocaleref ___removelocaleref 10127->10129 10131 5bec6e 10128->10131 10129->10128 10134 5bc89f 10129->10134 10380 5bbb00 LeaveCriticalSection 10131->10380 10133 5bec75 10133->10122 10135 5bc918 10134->10135 10140 5bc8b4 10134->10140 10136 5bc965 10135->10136 10137 5b66f3 _free 59 API calls 10135->10137 10159 5bc98e 10136->10159 10204 5be7f4 10136->10204 10139 5bc939 10137->10139 10144 5b66f3 _free 59 API calls 10139->10144 10140->10135 10142 5bc8e5 10140->10142 10146 5b66f3 _free 59 API calls 10140->10146 10143 5bc903 10142->10143 10153 5b66f3 _free 59 API calls 10142->10153 10145 5b66f3 _free 59 API calls 10143->10145 10149 5bc94c 10144->10149 10150 5bc90d 10145->10150 10151 5bc8da 10146->10151 10147 5b66f3 _free 59 API calls 10147->10159 10148 5bc9ed 10152 5b66f3 _free 59 API calls 10148->10152 10154 5b66f3 _free 59 API calls 10149->10154 10155 5b66f3 _free 59 API calls 10150->10155 10164 5be691 10151->10164 10157 5bc9f3 10152->10157 10158 5bc8f8 10153->10158 10160 5bc95a 10154->10160 10155->10135 10157->10128 10192 5be78d 10158->10192 10159->10148 10162 5b66f3 59 API calls _free 10159->10162 10163 5b66f3 _free 59 API calls 10160->10163 10162->10159 10163->10136 10165 5be6a0 10164->10165 10191 5be789 10164->10191 10166 5be6b1 10165->10166 10168 5b66f3 _free 59 API calls 10165->10168 10167 5be6c3 10166->10167 10169 5b66f3 _free 59 API calls 10166->10169 10170 5be6d5 10167->10170 10171 5b66f3 _free 59 API calls 10167->10171 10168->10166 10169->10167 10172 5be6e7 10170->10172 10173 5b66f3 _free 59 API calls 10170->10173 10171->10170 10174 5be6f9 10172->10174 10176 5b66f3 _free 59 API calls 10172->10176 10173->10172 10175 5be70b 10174->10175 10177 5b66f3 _free 59 API calls 10174->10177 10178 5be71d 10175->10178 10179 5b66f3 _free 59 API calls 10175->10179 10176->10174 10177->10175 10180 5be72f 10178->10180 10181 5b66f3 _free 59 API calls 10178->10181 10179->10178 10182 5be741 10180->10182 10184 5b66f3 _free 59 API calls 10180->10184 10181->10180 10183 5be753 10182->10183 10185 5b66f3 _free 59 API calls 10182->10185 10186 5be765 10183->10186 10187 5b66f3 _free 59 API calls 10183->10187 10184->10182 10185->10183 10188 5b66f3 _free 59 API calls 10186->10188 10189 5be777 10186->10189 10187->10186 10188->10189 10190 5b66f3 _free 59 API calls 10189->10190 10189->10191 10190->10191 10191->10142 10193 5be798 10192->10193 10194 5be7f0 10192->10194 10195 5be7a8 10193->10195 10196 5b66f3 _free 59 API calls 10193->10196 10194->10143 10197 5be7ba 10195->10197 10198 5b66f3 _free 59 API calls 10195->10198 10196->10195 10199 5be7cc 10197->10199 10200 5b66f3 _free 59 API calls 10197->10200 10198->10197 10201 5be7de 10199->10201 10202 5b66f3 _free 59 API calls 10199->10202 10200->10199 10201->10194 10203 5b66f3 _free 59 API calls 10201->10203 10202->10201 10203->10194 10205 5be803 10204->10205 10379 5bc983 10204->10379 10206 5b66f3 _free 59 API calls 10205->10206 10207 5be80b 10206->10207 10208 5b66f3 _free 59 API calls 10207->10208 10209 5be813 10208->10209 10210 5b66f3 _free 59 API calls 10209->10210 10211 5be81b 10210->10211 10212 5b66f3 _free 59 API calls 10211->10212 10213 5be823 10212->10213 10214 5b66f3 _free 59 API calls 10213->10214 10215 5be82b 10214->10215 10216 5b66f3 _free 59 API calls 10215->10216 10217 5be833 10216->10217 10218 5b66f3 _free 59 API calls 10217->10218 10219 5be83a 10218->10219 10220 5b66f3 _free 59 API calls 10219->10220 10221 5be842 10220->10221 10222 5b66f3 _free 59 API calls 10221->10222 10223 5be84a 10222->10223 10224 5b66f3 _free 59 API calls 10223->10224 10225 5be852 10224->10225 10226 5b66f3 _free 59 API calls 10225->10226 10227 5be85a 10226->10227 10228 5b66f3 _free 59 API calls 10227->10228 10229 5be862 10228->10229 10230 5b66f3 _free 59 API calls 10229->10230 10231 5be86a 10230->10231 10232 5b66f3 _free 59 API calls 10231->10232 10233 5be872 10232->10233 10234 5b66f3 _free 59 API calls 10233->10234 10235 5be87a 10234->10235 10236 5b66f3 _free 59 API calls 10235->10236 10237 5be882 10236->10237 10238 5b66f3 _free 59 API calls 10237->10238 10239 5be88d 10238->10239 10240 5b66f3 _free 59 API calls 10239->10240 10241 5be895 10240->10241 10242 5b66f3 _free 59 API calls 10241->10242 10243 5be89d 10242->10243 10244 5b66f3 _free 59 API calls 10243->10244 10245 5be8a5 10244->10245 10246 5b66f3 _free 59 API calls 10245->10246 10247 5be8ad 10246->10247 10248 5b66f3 _free 59 API calls 10247->10248 10249 5be8b5 10248->10249 10250 5b66f3 _free 59 API calls 10249->10250 10251 5be8bd 10250->10251 10252 5b66f3 _free 59 API calls 10251->10252 10253 5be8c5 10252->10253 10254 5b66f3 _free 59 API calls 10253->10254 10255 5be8cd 10254->10255 10256 5b66f3 _free 59 API calls 10255->10256 10257 5be8d5 10256->10257 10258 5b66f3 _free 59 API calls 10257->10258 10259 5be8dd 10258->10259 10260 5b66f3 _free 59 API calls 10259->10260 10261 5be8e5 10260->10261 10262 5b66f3 _free 59 API calls 10261->10262 10263 5be8ed 10262->10263 10264 5b66f3 _free 59 API calls 10263->10264 10265 5be8f5 10264->10265 10266 5b66f3 _free 59 API calls 10265->10266 10267 5be8fd 10266->10267 10268 5b66f3 _free 59 API calls 10267->10268 10269 5be905 10268->10269 10270 5b66f3 _free 59 API calls 10269->10270 10271 5be913 10270->10271 10272 5b66f3 _free 59 API calls 10271->10272 10273 5be91e 10272->10273 10274 5b66f3 _free 59 API calls 10273->10274 10275 5be929 10274->10275 10276 5b66f3 _free 59 API calls 10275->10276 10277 5be934 10276->10277 10278 5b66f3 _free 59 API calls 10277->10278 10279 5be93f 10278->10279 10280 5b66f3 _free 59 API calls 10279->10280 10281 5be94a 10280->10281 10282 5b66f3 _free 59 API calls 10281->10282 10283 5be955 10282->10283 10284 5b66f3 _free 59 API calls 10283->10284 10285 5be960 10284->10285 10286 5b66f3 _free 59 API calls 10285->10286 10287 5be96b 10286->10287 10288 5b66f3 _free 59 API calls 10287->10288 10289 5be976 10288->10289 10290 5b66f3 _free 59 API calls 10289->10290 10291 5be981 10290->10291 10292 5b66f3 _free 59 API calls 10291->10292 10293 5be98c 10292->10293 10294 5b66f3 _free 59 API calls 10293->10294 10295 5be997 10294->10295 10296 5b66f3 _free 59 API calls 10295->10296 10297 5be9a2 10296->10297 10298 5b66f3 _free 59 API calls 10297->10298 10299 5be9ad 10298->10299 10300 5b66f3 _free 59 API calls 10299->10300 10301 5be9b8 10300->10301 10302 5b66f3 _free 59 API calls 10301->10302 10303 5be9c6 10302->10303 10304 5b66f3 _free 59 API calls 10303->10304 10305 5be9d1 10304->10305 10306 5b66f3 _free 59 API calls 10305->10306 10307 5be9dc 10306->10307 10308 5b66f3 _free 59 API calls 10307->10308 10309 5be9e7 10308->10309 10310 5b66f3 _free 59 API calls 10309->10310 10311 5be9f2 10310->10311 10312 5b66f3 _free 59 API calls 10311->10312 10313 5be9fd 10312->10313 10314 5b66f3 _free 59 API calls 10313->10314 10315 5bea08 10314->10315 10316 5b66f3 _free 59 API calls 10315->10316 10317 5bea13 10316->10317 10318 5b66f3 _free 59 API calls 10317->10318 10319 5bea1e 10318->10319 10320 5b66f3 _free 59 API calls 10319->10320 10321 5bea29 10320->10321 10322 5b66f3 _free 59 API calls 10321->10322 10323 5bea34 10322->10323 10324 5b66f3 _free 59 API calls 10323->10324 10325 5bea3f 10324->10325 10326 5b66f3 _free 59 API calls 10325->10326 10327 5bea4a 10326->10327 10328 5b66f3 _free 59 API calls 10327->10328 10329 5bea55 10328->10329 10330 5b66f3 _free 59 API calls 10329->10330 10331 5bea60 10330->10331 10332 5b66f3 _free 59 API calls 10331->10332 10333 5bea6b 10332->10333 10334 5b66f3 _free 59 API calls 10333->10334 10335 5bea79 10334->10335 10336 5b66f3 _free 59 API calls 10335->10336 10337 5bea84 10336->10337 10338 5b66f3 _free 59 API calls 10337->10338 10339 5bea8f 10338->10339 10340 5b66f3 _free 59 API calls 10339->10340 10341 5bea9a 10340->10341 10342 5b66f3 _free 59 API calls 10341->10342 10343 5beaa5 10342->10343 10344 5b66f3 _free 59 API calls 10343->10344 10345 5beab0 10344->10345 10346 5b66f3 _free 59 API calls 10345->10346 10347 5beabb 10346->10347 10348 5b66f3 _free 59 API calls 10347->10348 10349 5beac6 10348->10349 10350 5b66f3 _free 59 API calls 10349->10350 10351 5bead1 10350->10351 10352 5b66f3 _free 59 API calls 10351->10352 10353 5beadc 10352->10353 10354 5b66f3 _free 59 API calls 10353->10354 10355 5beae7 10354->10355 10356 5b66f3 _free 59 API calls 10355->10356 10357 5beaf2 10356->10357 10358 5b66f3 _free 59 API calls 10357->10358 10359 5beafd 10358->10359 10360 5b66f3 _free 59 API calls 10359->10360 10361 5beb08 10360->10361 10362 5b66f3 _free 59 API calls 10361->10362 10363 5beb13 10362->10363 10364 5b66f3 _free 59 API calls 10363->10364 10365 5beb1e 10364->10365 10366 5b66f3 _free 59 API calls 10365->10366 10367 5beb2c 10366->10367 10368 5b66f3 _free 59 API calls 10367->10368 10369 5beb37 10368->10369 10370 5b66f3 _free 59 API calls 10369->10370 10371 5beb42 10370->10371 10372 5b66f3 _free 59 API calls 10371->10372 10373 5beb4d 10372->10373 10374 5b66f3 _free 59 API calls 10373->10374 10375 5beb58 10374->10375 10376 5b66f3 _free 59 API calls 10375->10376 10377 5beb63 10376->10377 10378 5b66f3 _free 59 API calls 10377->10378 10378->10379 10379->10147 10380->10133

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 355 5b42b0-5b433c LoadLibraryExW 356 5b433e-5b434e LoadLibraryExW 355->356 357 5b435c-5b4373 FindResourceW 355->357 356->357 360 5b4350-5b4357 call 5b2a10 356->360 358 5b437f-5b4391 LoadResource 357->358 359 5b4375-5b437a call 5b2a10 357->359 362 5b439d-5b43b2 SizeofResource 358->362 363 5b4393-5b4398 call 5b2a10 358->363 370 5b443f 359->370 374 5b444c-5b4458 360->374 367 5b43be-5b43f6 call 5b2840 362->367 368 5b43b4-5b43b9 362->368 363->370 384 5b43f8-5b43fd 367->384 385 5b43ff-5b4416 MultiByteToWideChar 367->385 372 5b4441-5b4443 368->372 370->372 372->374 375 5b4445-5b4446 FreeLibrary 372->375 376 5b445a-5b4465 call 5b3220 374->376 377 5b4470-5b448d call 5b66e4 374->377 375->374 376->377 384->372 386 5b4418-5b441d call 5b2a10 385->386 387 5b441f-5b443a call 5b4150 385->387 386->370 387->370
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000060,65B03BA8), ref: 005B4330
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 005B4342
                                                                                                                                                                                                  • FindResourceW.KERNEL32(00000000,?,?), ref: 005B4369
                                                                                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000), ref: 005B4381
                                                                                                                                                                                                    • Part of subcall function 005B2A10: GetLastError.KERNEL32(005B441D), ref: 005B2A10
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 005B4446
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LibraryLoad$Resource$ErrorFindFreeLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 328770362-0
                                                                                                                                                                                                  • Opcode ID: c48d05494d6d5456b6c117943bf3f46c111193a50865771df7c829da6952aa31
                                                                                                                                                                                                  • Instruction ID: 85cbc15f2b77c570c55289b42c623b0ad2c83b0d5ab9a8aee9f3bab6ba826264
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c48d05494d6d5456b6c117943bf3f46c111193a50865771df7c829da6952aa31
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB417EB1900229DBCB31DF548C45BEEBFB4FB48710F5484A9E909A3242DB746E849FA5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: :\
                                                                                                                                                                                                  • API String ID: 0-2739230522
                                                                                                                                                                                                  • Opcode ID: 4d9cf8368230c4750c9f5e390da41bb0e6524d2c06d2cefa613f2d879f3e8a4b
                                                                                                                                                                                                  • Instruction ID: 0505e3f992ae9fe53c4265685f1b33b07454fa6a9ca6fd432f5ed2c524c00eb7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d9cf8368230c4750c9f5e390da41bb0e6524d2c06d2cefa613f2d879f3e8a4b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7B012B100010D174A006DC1E442D663EDDA680310F900015F941012925B42BCB06477

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 5b4490-5b4510 call 5b7b70 call 5b3a10 5 5b4b87-5b4ba2 call 5b66e4 0->5 6 5b4516-5b451a 0->6 7 5b4520-5b4549 lstrcmpiW * 2 6->7 8 5b4b74-5b4b7c 6->8 11 5b454b-5b454d 7->11 12 5b4553-5b4563 call 5b3a10 7->12 13 5b4b7e-5b4b7f RegCloseKey 8->13 14 5b4b85 8->14 11->12 15 5b466f-5b4683 lstrcmpiW 11->15 12->8 22 5b4569-5b456d 12->22 13->14 14->5 18 5b469d-5b46ab lstrcmpiW 15->18 19 5b4685-5b4697 call 5b3a10 15->19 20 5b4808-5b4810 18->20 21 5b46b1-5b46c3 call 5b3a10 18->21 19->8 19->18 26 5b4833-5b4837 20->26 27 5b4812-5b4816 20->27 21->8 37 5b46c9-5b46d5 call 5b3a10 21->37 22->15 25 5b4573-5b4599 22->25 32 5b459b 25->32 33 5b45c1 25->33 29 5b491f-5b4923 26->29 30 5b483d-5b4857 call 5b3ba0 26->30 34 5b482b-5b482d 27->34 35 5b4818-5b4827 CharNextW 27->35 39 5b4925-5b4940 call 5b3ba0 29->39 40 5b4944 29->40 53 5b4859-5b486d call 5b3ba0 30->53 54 5b4891-5b489d call 5b3a10 30->54 38 5b45a0-5b45a4 32->38 41 5b45c6-5b45d1 lstrcmpiW 33->41 34->26 43 5b4b18-5b4b1d 34->43 35->27 42 5b4829 35->42 37->8 67 5b46db-5b46df 37->67 47 5b45b9-5b45bb 38->47 48 5b45a6-5b45b5 CharNextW 38->48 44 5b4949 39->44 69 5b4942 39->69 40->44 50 5b4628-5b462a 41->50 51 5b45d3-5b45dc 41->51 42->26 43->8 52 5b4950-5b497d call 5b73c1 call 5b2970 call 5b3a10 44->52 47->33 59 5b4b0d-5b4b13 call 5b1e70 47->59 48->38 58 5b45b7 48->58 55 5b462c-5b463e call 5b3a10 50->55 56 5b4665 50->56 51->41 61 5b45de-5b4605 call 5b4000 51->61 52->8 115 5b4983-5b4993 call 5b4e20 52->115 53->54 77 5b486f-5b4884 call 5b2dd0 53->77 54->8 82 5b48a3-5b48a7 54->82 78 5b4b1f-5b4b2a call 5b1e70 55->78 79 5b4644-5b4650 call 5b4e20 55->79 56->15 58->33 59->43 70 5b460a-5b461e 61->70 67->43 74 5b46e5-5b46e9 67->74 69->52 70->50 80 5b46eb-5b4720 call 5b23e0 74->80 81 5b4760-5b4764 74->81 96 5b4889-5b488b 77->96 78->8 79->78 107 5b4656-5b4660 79->107 99 5b4725-5b4747 80->99 88 5b476a-5b4771 81->88 89 5b47f1-5b47fd call 5b4e20 81->89 90 5b48a9-5b48b5 call 5b23e0 82->90 91 5b48c4-5b48c8 82->91 88->89 100 5b4773-5b47ab call 5b3ba0 88->100 89->8 116 5b4803 89->116 111 5b48ba-5b48be 90->111 92 5b48ce-5b48d0 91->92 93 5b4b01-5b4b05 91->93 102 5b48d3-5b48dc 92->102 93->7 103 5b4b0b 93->103 96->54 106 5b4b69 96->106 108 5b474d-5b475b 99->108 109 5b4b2c-5b4b37 call 5b1e70 99->109 118 5b4b39-5b4b4f call 5b2a30 call 5b1e70 100->118 119 5b47b1-5b47c7 RegDeleteValueW 100->119 102->102 113 5b48de-5b48e5 102->113 103->8 114 5b4b6a-5b4b72 call 5b2a30 106->114 107->91 108->91 109->8 111->8 111->91 113->93 120 5b48eb-5b48f9 call 5b4490 113->120 114->8 115->8 133 5b4999-5b499d 115->133 116->93 118->8 124 5b47c9-5b47cc 119->124 125 5b47d2-5b47d4 119->125 132 5b48fe-5b4902 120->132 124->118 124->125 130 5b47e7 125->130 131 5b47d6-5b47dd RegCloseKey 125->131 130->89 131->130 132->8 136 5b4908-5b4914 call 5b3a10 132->136 137 5b499f-5b49a1 133->137 138 5b49f5-5b4a01 133->138 136->8 148 5b491a 136->148 142 5b49a4-5b49ad 137->142 138->93 141 5b4a07-5b4a09 138->141 144 5b4a0b-5b4a0d 141->144 145 5b4a19-5b4a21 141->145 142->142 146 5b49af-5b49b6 142->146 144->93 149 5b4a13-5b4a14 144->149 150 5b4a6e-5b4a87 call 5b3660 145->150 151 5b4a23-5b4a32 call 5b3660 145->151 146->138 147 5b49b8-5b49d3 call 5b4490 146->147 158 5b49df-5b49ef call 5b3a10 147->158 159 5b49d5-5b49d9 147->159 148->93 149->114 160 5b4a89-5b4a92 RegCloseKey 150->160 161 5b4a98-5b4aa4 150->161 151->150 162 5b4a34-5b4a44 call 5b2be0 151->162 158->8 158->138 159->8 159->158 160->161 161->106 165 5b4aaa-5b4ab0 161->165 162->93 169 5b4a4a-5b4a51 162->169 165->93 168 5b4ab2-5b4ab4 165->168 168->93 170 5b4ab6-5b4af4 call 5b30f0 168->170 169->93 171 5b4a57-5b4a69 call 5b4000 169->171 175 5b4b51-5b4b67 call 5b2a30 call 5b1e70 170->175 176 5b4af6-5b4afc call 5b1e70 170->176 171->93 175->8 176->93
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,Delete,00000000), ref: 005B4530
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,ForceRemove), ref: 005B4541
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000), ref: 005B45A7
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,L5\,?,?,00000000), ref: 005B45C9
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,NoRemove,00000000), ref: 005B4675
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,Val), ref: 005B46A3
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000), ref: 005B4B7F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrcmpi$CharCloseNext
                                                                                                                                                                                                  • String ID: Delete$ForceRemove$L5\$NoRemove$Val
                                                                                                                                                                                                  • API String ID: 2333018020-2227317853
                                                                                                                                                                                                  • Opcode ID: c63b57bc9c980efe81a791639d71c1985f42c5f7d42ef4690e76354ef10da4de
                                                                                                                                                                                                  • Instruction ID: cfd3b206233318f918a69b2d6cf5e663f5f06ec88f71c640aa64f34270e617cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c63b57bc9c980efe81a791639d71c1985f42c5f7d42ef4690e76354ef10da4de
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2002A57190162AABDF359F64CC59BEEBBB4BF44704F0001A9E905B7282D774EE84CE91

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 183 5b6060-5b60a5 call 5b5f60 186 5b60ab 183->186 187 5b612d-5b613f call 5b66e4 183->187 188 5b60b1-5b60c1 call 5b6600 186->188 193 5b619d-5b61a4 188->193 194 5b60c7-5b60d7 call 5b6600 188->194 195 5b61ac-5b61b5 call 5b56e0 193->195 196 5b61a6-5b61aa 193->196 202 5b61df-5b6212 call 5b4f30 194->202 203 5b60dd-5b60ed call 5b6600 194->203 201 5b61ba-5b61be 195->201 196->195 196->201 205 5b61ca-5b61dc call 5b66e4 201->205 206 5b61c0-5b61c8 call 5b6530 201->206 212 5b623d-5b624f call 5b66e4 202->212 213 5b6214-5b621d call 5b55e0 202->213 215 5b60f3-5b6103 call 5b6600 203->215 216 5b6190-5b6197 203->216 206->205 221 5b6222-5b6224 213->221 226 5b6151-5b616c call 5b6300 215->226 227 5b6105-5b6109 215->227 216->193 224 5b623b 221->224 225 5b6226-5b622e 221->225 224->212 225->224 229 5b6230-5b6238 225->229 226->205 236 5b616e-5b618d call 5b63b0 call 5b66e4 226->236 227->187 228 5b610b-5b610e 227->228 231 5b6110-5b6116 228->231 229->224 233 5b6118-5b611b 231->233 234 5b6124-5b612b CharNextW 231->234 237 5b611d-5b6122 CharNextW 233->237 238 5b6142-5b6149 CharNextW 233->238 234->187 234->227 237->231 237->234 238->188 240 5b614f 238->240 240->187
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 005B5F60: CharNextW.USER32(?), ref: 005B5F90
                                                                                                                                                                                                    • Part of subcall function 005B5F60: CharNextW.USER32(?), ref: 005B5F97
                                                                                                                                                                                                    • Part of subcall function 005B6600: CharUpperW.USER32(00000000,75BFA7D0,00000000,?,?,005B60BC,00000000,UnregServer), ref: 005B6613
                                                                                                                                                                                                    • Part of subcall function 005B6600: CharUpperW.USER32(8508C483,?,005B60BC,00000000,UnregServer), ref: 005B661F
                                                                                                                                                                                                    • Part of subcall function 005B6600: CharNextW.USER32(00000000,?,005B60BC,00000000,UnregServer), ref: 005B6642
                                                                                                                                                                                                    • Part of subcall function 005B6600: CharNextW.USER32(005B60BC,?,005B60BC,00000000,UnregServer), ref: 005B664D
                                                                                                                                                                                                    • Part of subcall function 005B6600: CharUpperW.USER32(?,?,005B60BC,00000000,UnregServer), ref: 005B665A
                                                                                                                                                                                                    • Part of subcall function 005B6600: CharUpperW.USER32(?,?,?,005B60BC,00000000,UnregServer), ref: 005B6666
                                                                                                                                                                                                  • CharNextW.USER32(?), ref: 005B611E
                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 005B6125
                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 005B6143
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Char$Next$Upper
                                                                                                                                                                                                  • String ID: APPID$RegServer$RegServerPerUser$UnregServer$UnregServerPerUser${88BC89DA-E4D9-43C1-9474-88FD6A96D9B1}
                                                                                                                                                                                                  • API String ID: 2585046617-2651597401
                                                                                                                                                                                                  • Opcode ID: 66da0028ee83428c0ec9536b9352581dcc0e117a3ec9e2fcfd988d8292958c3d
                                                                                                                                                                                                  • Instruction ID: c678b60a07d53f9e9c9f6badd37f9ce22519fdeb46079bb7fed718aacb95422d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66da0028ee83428c0ec9536b9352581dcc0e117a3ec9e2fcfd988d8292958c3d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A51E871A016195EDF11AFA8DC56BEEBFE4BF51314F004069E804AB281EB79F904C7A1

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 244 5b5d40-5b5d87 call 5b5830 247 5b5d8d-5b5daf 244->247 248 5b5e5c-5b5e64 244->248 253 5b5e12-5b5e19 247->253 254 5b5db1-5b5db9 247->254 249 5b5e6c-5b5e88 SysFreeString call 5b66e4 248->249 250 5b5e66-5b5e68 248->250 250->249 256 5b5e1b-5b5e28 GetModuleHandleW 253->256 257 5b5e3a 253->257 254->253 258 5b5dbb-5b5dfc SysStringLen call 5b73c1 call 5b2970 call 5b57e0 254->258 256->257 259 5b5e2a-5b5e38 GetProcAddress 256->259 260 5b5e3f-5b5e56 RegisterTypeLib SysFreeString 257->260 267 5b5e8b-5b5e90 call 5b71a5 258->267 268 5b5e02-5b5e0a 258->268 259->257 259->260 260->248 268->253
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 005B5830: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?), ref: 005B5881
                                                                                                                                                                                                  • SysStringLen.OLEAUT32(?), ref: 005B5DBC
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(OLEAUT32.DLL), ref: 005B5E20
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 005B5E30
                                                                                                                                                                                                  • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 005B5E4C
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 005B5E56
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 005B5E72
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: String$FreeModule$AddressFileHandleNameProcRegisterType
                                                                                                                                                                                                  • String ID: OLEAUT32.DLL$RegisterTypeLibForUser
                                                                                                                                                                                                  • API String ID: 940515025-2666564778
                                                                                                                                                                                                  • Opcode ID: 1bbee83e52d4d20d94d80eef01b2bd5c49f4058a710023e832ed3c7ef31f8ce5
                                                                                                                                                                                                  • Instruction ID: 35ee5289f0470163308062284b83480d57ec430a5351201dfa6623b6bb89cf7e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bbee83e52d4d20d94d80eef01b2bd5c49f4058a710023e832ed3c7ef31f8ce5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58314F71A0061DAFDB10ABA5CC4CFDABBBDBBA4700F108599A419D7150EA70EA85DB60

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 271 5b2dd0-5b2de8 272 5b2dea-5b2ded 271->272 273 5b2e44-5b2e5e RegCreateKeyExW 271->273 275 5b2def-5b2dfc GetModuleHandleW 272->275 276 5b2e37-5b2e3b 272->276 274 5b2e64-5b2e66 273->274 277 5b2e9b-5b2ea1 274->277 278 5b2e68-5b2e6d 274->278 279 5b2dfe-5b2e03 275->279 280 5b2e05-5b2e13 GetProcAddress 275->280 276->273 281 5b2e3d-5b2e42 276->281 282 5b2e6f-5b2e72 278->282 283 5b2e74-5b2e7a 278->283 279->274 280->281 284 5b2e15-5b2e35 280->284 281->274 282->283 285 5b2e8b-5b2e98 283->285 286 5b2e7c-5b2e85 RegCloseKey 283->286 284->274 285->277 286->285
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,?,?,00000000,?,005B4889,?,00000000,00000000,00000000,0002001F,00000000,00000000,?,00000000), ref: 005B2DF4
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 005B2E0B
                                                                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?D[,?,00000000,?D[,00000000,?,?,00000000,?,005B4889,?), ref: 005B2E5E
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,005B4889,?,00000000,00000000,00000000,0002001F,00000000,00000000,?,00000000,00020019,?,00000000,0002001F), ref: 005B2E7D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressCloseCreateHandleModuleProc
                                                                                                                                                                                                  • String ID: ?D[$Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                                                  • API String ID: 1765684683-117333445
                                                                                                                                                                                                  • Opcode ID: d7524c4aff2b080831c01f7d0449c24d6ed9f4d918e1ff531f77fa8cdfb74e07
                                                                                                                                                                                                  • Instruction ID: 8e8ff92afbad11afdf8505e184c48ee9abf3c300119039230c49898a39cf43d1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7524c4aff2b080831c01f7d0449c24d6ed9f4d918e1ff531f77fa8cdfb74e07
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC21077220020AAFDF258F96DC45FEABBADFF18340F108429F91596160D771EA64EB60

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 288 5b4f30-5b4f75 289 5b4fa2-5b4fb4 288->289 290 5b4f77-5b4f7b 288->290 296 5b4fb6-5b4fdb GetModuleFileNameW 289->296 297 5b4fe4-5b5000 call 5b1e90 call 5b66e4 289->297 290->289 291 5b4f7d 290->291 292 5b4f80-5b4f85 291->292 294 5b4f98-5b4fa0 292->294 295 5b4f87-5b4f89 292->295 294->289 294->292 295->294 299 5b4f8b-5b4f93 call 5b20d0 295->299 300 5b4fdd-5b4fe2 call 5b2a10 296->300 301 5b5003-5b5008 296->301 299->294 300->297 303 5b500a-5b5034 call 5b1d10 call 5b1e90 call 5b66e4 301->303 304 5b5037-5b5054 call 5b31d0 301->304 314 5b506d-5b5096 call 5b5260 304->314 315 5b5056-5b5060 GetModuleHandleW 304->315 324 5b5098-5b50c2 call 5b1d10 call 5b1e90 call 5b66e4 314->324 325 5b50c5-5b50e8 call 5b52b0 314->325 315->314 317 5b5062-5b5068 315->317 320 5b50fe-5b5114 call 5b22b0 317->320 330 5b516e-5b5179 call 5b1d10 320->330 331 5b5116-5b5132 call 5b22b0 320->331 337 5b517e-5b5183 call 5b71a5 325->337 338 5b50ee-5b50f8 325->338 330->297 331->330 344 5b5134-5b514e 331->344 338->320 346 5b5150 call 5b4c90 344->346 347 5b5167-5b516c call 5b4cf0 344->347 351 5b5155-5b5162 call 5b1d10 346->351 347->330 351->297
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(005B0000,?,00000104), ref: 005B4FD3
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 005B5058
                                                                                                                                                                                                    • Part of subcall function 005B20D0: _memcpy_s.LIBCMT ref: 005B21B3
                                                                                                                                                                                                    • Part of subcall function 005B20D0: _memcpy_s.LIBCMT ref: 005B21C7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Module_memcpy_s$FileHandleName
                                                                                                                                                                                                  • String ID: Module$Module_Raw$REGISTRY$t6\
                                                                                                                                                                                                  • API String ID: 2255713474-3123186656
                                                                                                                                                                                                  • Opcode ID: 5986eb0d780b09587fc2de3028d7905e32e4b63e0d9c90bf410a601ca4f3ebf9
                                                                                                                                                                                                  • Instruction ID: 50200f718e2697c6cd91819bd2f7e3a07d5ea6818eaccab7db38dcc97ffa768b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5986eb0d780b09587fc2de3028d7905e32e4b63e0d9c90bf410a601ca4f3ebf9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C519676A016195BCB24EB54DC49BEEBBB8BF54310F000199E809A7241EB74BF44CF91

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 391 5b3ba0-5b3bb8 392 5b3bba-5b3bbd 391->392 393 5b3c07-5b3c14 RegOpenKeyExW 391->393 394 5b3bfa-5b3bfe 392->394 395 5b3bbf-5b3bcc GetModuleHandleW 392->395 396 5b3c1a-5b3c1c 393->396 394->393 399 5b3c00-5b3c05 394->399 397 5b3bce-5b3bd3 395->397 398 5b3bd5-5b3be3 GetProcAddress 395->398 400 5b3c1e-5b3c24 396->400 401 5b3c45-5b3c4b 396->401 397->396 398->399 402 5b3be5-5b3bf8 398->402 399->396 403 5b3c26-5b3c2f RegCloseKey 400->403 404 5b3c35-5b3c42 400->404 402->396 403->404 404->401
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,?,?,005B4058,?,00000000,?), ref: 005B3BC4
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 005B3BDB
                                                                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,?,?,?,005B4058,?,00000000,?), ref: 005B3C14
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,005B4058,?,00000000,?), ref: 005B3C27
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressCloseHandleModuleOpenProc
                                                                                                                                                                                                  • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                                                  • API String ID: 823179699-3913318428
                                                                                                                                                                                                  • Opcode ID: 6c17966d61626cf2f154a8354941bf80c928db01d4b8160f6020a6561a24ff98
                                                                                                                                                                                                  • Instruction ID: b8a9adda8421cc838bd875da4648f98c8499b014022bbe01c9ba0b263b97aa83
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c17966d61626cf2f154a8354941bf80c928db01d4b8160f6020a6561a24ff98
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B116A75600209AFEB248F95CC48F9A7FA8FF54700F208069B905B6250D770AE40AB60

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 406 5b5830-5b5859 407 5b585f-5b5861 406->407 408 5b5a05-5b5a19 call 5b66e4 406->408 407->408 409 5b5867-5b588b GetModuleFileNameW 407->409 411 5b588d-5b58a4 call 5b2a10 call 5b66e4 409->411 412 5b58a7-5b58ad 409->412 415 5b58c9-5b58e6 call 5b5790 412->415 416 5b58af-5b58c6 call 5b66e4 412->416 424 5b58e8-5b58ed 415->424 425 5b5933-5b5945 LoadTypeLib 415->425 428 5b58f3-5b58fc 424->428 426 5b594b-5b597f 425->426 427 5b59ca-5b59db SysAllocString 425->427 432 5b599b-5b59c8 call 5b7d92 call 5b2970 LoadTypeLib 426->432 433 5b5981-5b5998 call 5b66e4 426->433 430 5b59dd-5b59ea 427->430 431 5b59f0-5b5a02 call 5b66e4 427->431 428->428 429 5b58fe-5b590b 428->429 429->433 434 5b590d-5b590f 429->434 430->431 432->427 432->431 434->433 438 5b5911-5b5916 434->438 438->433 443 5b5918-5b5930 call 5b66b0 438->443 443->425
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?), ref: 005B5881
                                                                                                                                                                                                    • Part of subcall function 005B2A10: GetLastError.KERNEL32(005B441D), ref: 005B2A10
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                  • String ID: .tlb
                                                                                                                                                                                                  • API String ID: 2776309574-1487266626
                                                                                                                                                                                                  • Opcode ID: 2142cb4fca7a5286836c452c3d16b06e1378c9e270e11abdefbcb3febd36f46f
                                                                                                                                                                                                  • Instruction ID: 4d08af59257ca079c4038acfa64cbbbed9d57511d49fee1aa39fdd3a27703f98
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2142cb4fca7a5286836c452c3d16b06e1378c9e270e11abdefbcb3febd36f46f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC51A776A005199FCB14DFA8D885BEEBBB8FB48310F5045AAEC05D7241E735EE44CB90

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 448 5b6570-5b657e 449 5b658a-5b659a CoInitialize 448->449 450 5b6580-5b6587 448->450 451 5b65bd 449->451 452 5b659c-5b65a2 449->452 455 5b65c1-5b65d5 GetCommandLineW call 5b6060 451->455 453 5b65f4-5b65fb 452->453 454 5b65a4-5b65b1 GetModuleHandleW 452->454 454->455 456 5b65b3-5b65ba 454->456 459 5b65d7-5b65e3 call 5b63e0 455->459 460 5b65e5 455->460 462 5b65e8-5b65ec 459->462 460->462 462->453 464 5b65ee CoUninitialize 462->464 464->453
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 005B658D
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Mscoree.dll), ref: 005B65A9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleInitializeModule
                                                                                                                                                                                                  • String ID: Mscoree.dll
                                                                                                                                                                                                  • API String ID: 2866158306-4150509846
                                                                                                                                                                                                  • Opcode ID: a1941bd3c7c0c5031b7a568496eeaae8c3ac46199d1774a8f54043711bba4f1e
                                                                                                                                                                                                  • Instruction ID: de3e4a1ea4f782f7dfba51133d8aa212a8939452e2d26ab6bd551839b4b4543a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1941bd3c7c0c5031b7a568496eeaae8c3ac46199d1774a8f54043711bba4f1e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7014972B001196FCB3097A99808BEDFF58BB61361F54026AFC00D3380DA65AE6093E1

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 465 5b23e0-5b2457 call 5b7b70 call 5b3a10 470 5b2789-5b27a4 call 5b66e4 465->470 471 5b245d-5b2475 call 5b5190 465->471 476 5b2481-5b2498 call 5b4e90 call 5b3a10 471->476 477 5b2477-5b247c 471->477 476->470 482 5b249e-5b24a8 476->482 477->470 483 5b266e-5b2673 482->483 484 5b24ae 482->484 485 5b2679-5b267f 483->485 486 5b2773-5b2787 call 5b3a10 483->486 487 5b2614-5b263a VarUI4FromStr 484->487 488 5b24b4-5b24b7 484->488 489 5b2682-5b268b 485->489 486->470 491 5b264e-5b2669 call 5b4d50 call 5b1d10 487->491 492 5b263c-5b2649 call 5b1d10 487->492 493 5b24bd-5b24c0 488->493 494 5b25fc-5b2608 call 5b4dd0 488->494 489->489 495 5b268d-5b26d1 call 5b27f0 489->495 519 5b275e 491->519 492->470 493->486 500 5b24c6-5b24cf 493->500 502 5b260d-5b260f 494->502 516 5b26d3-5b26e1 495->516 517 5b2744 495->517 505 5b24d0-5b24d9 500->505 508 5b2764-5b2766 502->508 505->505 506 5b24db-5b24e8 505->506 510 5b24ea-5b2542 call 5b27b0 506->510 511 5b2559-5b255e 506->511 508->486 513 5b2768-5b2771 call 5b2a30 508->513 529 5b2563-5b2573 call 5b6e10 510->529 530 5b2544-5b254c 510->530 511->470 513->470 522 5b271f-5b2742 call 5b4d70 516->522 523 5b26e3-5b26e9 516->523 520 5b2749-5b2751 517->520 519->508 520->519 528 5b2753 520->528 522->520 526 5b26f0-5b26f9 CharNextW 523->526 531 5b26fb-5b26ff 526->531 532 5b2710-5b2716 526->532 528->519 534 5b2759 call 5b3220 528->534 541 5b25b9-5b25e6 RegSetValueExW 529->541 542 5b2575 529->542 530->511 535 5b254e-5b2554 call 5b3220 530->535 531->532 536 5b2701-5b270e CharNextW 531->536 538 5b2719-5b271d 532->538 534->519 535->511 536->538 538->522 538->526 541->519 543 5b25ec-5b25f7 call 5b3220 541->543 544 5b2580-5b25b1 call 5b2c20 542->544 543->519 549 5b25b3 544->549 549->541
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1586166983-0
                                                                                                                                                                                                  • Opcode ID: 55775807da2e0cf2b3955c7aa30590f24a9f89e83a1b9c3608f13961019726f8
                                                                                                                                                                                                  • Instruction ID: f27adeedd20fe25ce08722770615a89089f66e02ced8d22685a4a1ab5f092b47
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55775807da2e0cf2b3955c7aa30590f24a9f89e83a1b9c3608f13961019726f8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B59193719002198BDB34DF14CC4ABE9BBB4FB64300F15449AEA09A7281DB34BE95DFB5

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 550 5b4000-5b4053 call 5b3ba0 552 5b4058-5b405c 550->552 553 5b4062-5b4096 RegEnumKeyExW 552->553 554 5b4120-5b4128 552->554 557 5b4098 553->557 558 5b40e7-5b40ef 553->558 555 5b412a-5b412b RegCloseKey 554->555 556 5b4131-5b4141 call 5b66e4 554->556 555->556 562 5b40a0-5b40b6 call 5b4000 557->562 559 5b4102-5b411d call 5b30f0 558->559 560 5b40f1-5b40f8 RegCloseKey 558->560 568 5b411f 559->568 560->559 562->568 569 5b40b8-5b40e5 RegEnumKeyExW 562->569 568->554 569->558 569->562
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 005B3BA0: GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,?,?,005B4058,?,00000000,?), ref: 005B3BC4
                                                                                                                                                                                                    • Part of subcall function 005B3BA0: RegCloseKey.ADVAPI32(00000000,?,005B4058,?,00000000,?), ref: 005B3C27
                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,?,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000), ref: 005B4092
                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,?), ref: 005B40E1
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 005B40F2
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000000), ref: 005B412B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Close$Enum$HandleModule
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2852649468-0
                                                                                                                                                                                                  • Opcode ID: 9dc008a4e92fbbb11b500a0e7e05d7ad98c3602eb20a2d6bc3db6e7de7b64027
                                                                                                                                                                                                  • Instruction ID: e5b46acec1ef56d07fbdc1f5d465a53d7e47da3bd1ba99a7893fe686437dec6f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dc008a4e92fbbb11b500a0e7e05d7ad98c3602eb20a2d6bc3db6e7de7b64027
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3731FBB594122DABDB31EB55DC4CBDABBB8EF64350F0041D5A908A6251DB30AF84CEA1

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 570 5b4150-5b418b call 5b7b70 call 5b3c50 575 5b418d-5b419a 570->575 576 5b41f4-5b4203 call 5b66e4 570->576 578 5b419c-5b419d 575->578 579 5b41e6-5b41f2 CoTaskMemFree 575->579 581 5b41a0-5b41b2 call 5b3a10 578->581 579->576 584 5b41e5 581->584 585 5b41b4-5b41b8 581->585 584->579 586 5b41c0-5b41d5 lstrcmpiW 585->586 587 5b41d7-5b41de 586->587 588 5b4206-5b420f 586->588 587->586 590 5b41e0 587->590 589 5b4211-5b4223 call 5b3a10 588->589 588->590 589->584 593 5b4225-5b4231 589->593 590->584 593->590 594 5b4233-5b423a 593->594 595 5b427a-5b428f call 5b4490 594->595 596 5b423c-5b424f call 5b4490 594->596 595->584 601 5b4295-5b42a3 call 5b4e90 595->601 600 5b4254-5b4258 596->600 600->601 602 5b425a-5b4275 call 5b4490 600->602 601->581 607 5b42a9 601->607 602->584 607->584
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 005B3C50: CoTaskMemAlloc.OLE32(-00000002,65B03BA8,00000000,00000000), ref: 005B3CD9
                                                                                                                                                                                                    • Part of subcall function 005B3C50: _wcsstr.LIBCMT ref: 005B3D3A
                                                                                                                                                                                                    • Part of subcall function 005B3C50: CharNextW.USER32(?,00000000), ref: 005B3D4D
                                                                                                                                                                                                    • Part of subcall function 005B3C50: CharNextW.USER32(00000000,?,00000000), ref: 005B3D52
                                                                                                                                                                                                    • Part of subcall function 005B3C50: CharNextW.USER32(00000000,?,00000000), ref: 005B3D57
                                                                                                                                                                                                    • Part of subcall function 005B3C50: CharNextW.USER32(00000000,?,00000000), ref: 005B3D5C
                                                                                                                                                                                                  • lstrcmpiW.KERNELBASE(?,005C3700,?,00000000,00000000,00000000,00000000), ref: 005B41CD
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,00000000,00000000,00000000), ref: 005B41EC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext$Task$AllocFree_wcsstrlstrcmpi
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1643784097-0
                                                                                                                                                                                                  • Opcode ID: e2ce3e3519ad0c5a46c94ee16bb5f50e4e535dc57c1f28cf5430c3f8236d0b05
                                                                                                                                                                                                  • Instruction ID: 0e5766c58dfb14444b6a5148b9987c4e209312eae07ef290a9384824a758e01c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2ce3e3519ad0c5a46c94ee16bb5f50e4e535dc57c1f28cf5430c3f8236d0b05
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0931AB75E002295BDF349F58DC98BDE7BA8BB54710F0041A9A905EB242DA30FE84DF90

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 608 5b8073-5b8082 call 5b803f ExitProcess
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ___crtCorExitProcess.LIBCMT ref: 005B8079
                                                                                                                                                                                                    • Part of subcall function 005B803F: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,005B807E,00000000,?,005B6758,000000FF,0000001E,00000000,00000000,00000000,?,005BAFCB), ref: 005B804E
                                                                                                                                                                                                    • Part of subcall function 005B803F: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 005B8060
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 005B8082
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2427264223-0
                                                                                                                                                                                                  • Opcode ID: be7c38b213dcb165a05091da2a4a011ee2fcd599f54a2661e6c9aae893015f36
                                                                                                                                                                                                  • Instruction ID: 3209278368bae61db6973539df6d1c70b1827d7552dbb5ba55ae35665b969fb9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: be7c38b213dcb165a05091da2a4a011ee2fcd599f54a2661e6c9aae893015f36
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93B0923100010DBFCB057F15EC0E8983F69EB002D0B009020F8040A032DF72AA96AA91

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 611 5b4dd0-5b4ddb 612 5b4ddd-5b4de2 611->612 613 5b4de5-5b4deb 611->613 614 5b4df0-5b4df9 613->614 614->614 615 5b4dfb-5b4e1b RegSetValueExW 614->615
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegSetValueExW.KERNELBASE(00000000,00000001,00000000,00000000,?,?,00000000,?,?,005B260D,00000000,?,00000001,?), ref: 005B4E12
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: 11ce5d33400690743e42a1f57fe19a2657b0137303f5720a4fcb3b0ae4b6a40e
                                                                                                                                                                                                  • Instruction ID: 9580455f98320682e9a28d94cf08ea0d41b5df749552c45a85010bd9f7211d31
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11ce5d33400690743e42a1f57fe19a2657b0137303f5720a4fcb3b0ae4b6a40e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86F01C37200109EFDB209F88EC05EEBB7A9EBD4760B08C526FA059B125D671F920DB90

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 616 5b832c-5b8336 call 5b81fd 618 5b833b-5b833f 616->618
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _doexit.LIBCMT ref: 005B8336
                                                                                                                                                                                                    • Part of subcall function 005B81FD: __lock.LIBCMT ref: 005B820B
                                                                                                                                                                                                    • Part of subcall function 005B81FD: DecodePointer.KERNEL32(005C8E78,0000001C,005B8156,00000000,00000001,00000000,?,005B80A4,000000FF,?,005BB9B9,00000011,00000000,?,005B9F4B,0000000D), ref: 005B824A
                                                                                                                                                                                                    • Part of subcall function 005B81FD: DecodePointer.KERNEL32(?,005B80A4,000000FF,?,005BB9B9,00000011,00000000,?,005B9F4B,0000000D), ref: 005B825B
                                                                                                                                                                                                    • Part of subcall function 005B81FD: EncodePointer.KERNEL32(00000000,?,005B80A4,000000FF,?,005BB9B9,00000011,00000000,?,005B9F4B,0000000D), ref: 005B8274
                                                                                                                                                                                                    • Part of subcall function 005B81FD: DecodePointer.KERNEL32(-00000004,?,005B80A4,000000FF,?,005BB9B9,00000011,00000000,?,005B9F4B,0000000D), ref: 005B8284
                                                                                                                                                                                                    • Part of subcall function 005B81FD: EncodePointer.KERNEL32(00000000,?,005B80A4,000000FF,?,005BB9B9,00000011,00000000,?,005B9F4B,0000000D), ref: 005B828A
                                                                                                                                                                                                    • Part of subcall function 005B81FD: DecodePointer.KERNEL32(?,005B80A4,000000FF,?,005BB9B9,00000011,00000000,?,005B9F4B,0000000D), ref: 005B82A0
                                                                                                                                                                                                    • Part of subcall function 005B81FD: DecodePointer.KERNEL32(?,005B80A4,000000FF,?,005BB9B9,00000011,00000000,?,005B9F4B,0000000D), ref: 005B82AB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2158581194-0
                                                                                                                                                                                                  • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                  • Instruction ID: d76401e02cafdc7ca21f5c072008c9c2362d1adcefb6547e85aabc61fdb5aa3e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7DB0123158030C33D9112545EC07F653F4C5780B90F100060FA0C1C1F1A9937561C0CD
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?), ref: 005B14EE
                                                                                                                                                                                                  • CoCreateInstance.OLE32(?,?,00000017,005C3C58,00000000), ref: 005B1514
                                                                                                                                                                                                  • PathMatchSpecW.SHLWAPI(?,*.ocx), ref: 005B152D
                                                                                                                                                                                                  • PathMatchSpecW.SHLWAPI(?,*.dll), ref: 005B153D
                                                                                                                                                                                                  • PathIsContentTypeW.SHLWAPI(?,text/scriptlet), ref: 005B156D
                                                                                                                                                                                                  • PathMatchSpecW.SHLWAPI(?,*.sct), ref: 005B157D
                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000010,005C3C58,00000000), ref: 005B164C
                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 005B16AB
                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000010,005C3C58,00000000), ref: 005B16D3
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000800,?,00000000,00000000), ref: 005B191A
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00002500,Error 0x%1!lX!,00000000,00000800,00000000,00000000,?), ref: 005B1945
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 005B1969
                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,00000000,00000000,00002010), ref: 005B197F
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 005B1986
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Path$MatchMessageSpec$FormatFreeLocalObject$ContentCreateExecuteFromInstanceProgShellType
                                                                                                                                                                                                  • String ID: %1%2$*.dll$*.ocx$*.sct$04\$<$<4\$Error 0x%1!lX!$PDu$p3\$script:$text/scriptlet
                                                                                                                                                                                                  • API String ID: 1259344951-4294883947
                                                                                                                                                                                                  • Opcode ID: 72735492f9cee3d8374901139f5fe669372dbc8ccbc2bd8baa9bdf0bda8c8095
                                                                                                                                                                                                  • Instruction ID: a8d3872804ca95a96f109d88a046c8cc6fe43869467ad97f75c7802429b26aea
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72735492f9cee3d8374901139f5fe669372dbc8ccbc2bd8baa9bdf0bda8c8095
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3D19071A006299FDB60DB64CC98FEABBB8FF49700F5441A9E909E7250DB30AE45CF54
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,005B708A,005C3C7C,00000001,?,005B71A1,005C3C7C,00000017), ref: 005B99DB
                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(005C3C7C,?,005B708A,005C3C7C,00000001,?,005B71A1,005C3C7C,00000017), ref: 005B99E4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                  • Opcode ID: b429c41ea532bb693cc5ed2deb869a390276202f068392a7e4e16963d1823309
                                                                                                                                                                                                  • Instruction ID: fbd5732a864ab1cada352dd46af4b07eda330eb2ba493e05dbbbc30a47bfd78d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b429c41ea532bb693cc5ed2deb869a390276202f068392a7e4e16963d1823309
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BB0923104460CBFCB002BA1EC09F887F28EB19762F048010F64D840618B73D654EA91
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(?), ref: 005B99AB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                  • Opcode ID: 9abc32b364b49135d570778605096202ca4d990cb7cf02655077f54b5e2c52bd
                                                                                                                                                                                                  • Instruction ID: cc26bf2f7c8b7fc583f4bf1a0b646b65f62db73783db1509ca0b455409849060
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9abc32b364b49135d570778605096202ca4d990cb7cf02655077f54b5e2c52bd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72A0113000020CBF8B002B82EC088883F2CEA082B2B008020F80C000208B23AAA0AA80
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _memcpy_s
                                                                                                                                                                                                  • String ID: t6\
                                                                                                                                                                                                  • API String ID: 2001391462-1199084852
                                                                                                                                                                                                  • Opcode ID: c703c5e930d9d37b01c4d5691c4efce1fd4c08c6ea64838ba1a3b20cb3fff9de
                                                                                                                                                                                                  • Instruction ID: 74fcc94eb536263ca9e3d90b43bfd5222284532a16c6bb2d5e4890be0df14621
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c703c5e930d9d37b01c4d5691c4efce1fd4c08c6ea64838ba1a3b20cb3fff9de
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F018F72644548EBC714CF55D801F99B7E8FB14710F10C61EE829C7780DB3AA900CB54
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(005B7E57,005C8E58,00000014), ref: 005B7FF7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                  • Opcode ID: cd518833567511c09100573fa8b2c44af67f43ce7eb479e4dced41c74b373c1b
                                                                                                                                                                                                  • Instruction ID: 497706c4d176440a5c653a9b0b39b479b0db9214a1fd97f1a0f851873da53371
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd518833567511c09100573fa8b2c44af67f43ce7eb479e4dced41c74b373c1b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62B012B07029028F97484B3C7C1540936D46718301B44803D7003C2560DF30C514FE00
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoTaskMemAlloc.OLE32(-00000002,65B03BA8,00000000,00000000), ref: 005B3CD9
                                                                                                                                                                                                  • _wcsstr.LIBCMT ref: 005B3D3A
                                                                                                                                                                                                  • CharNextW.USER32(?,00000000), ref: 005B3D4D
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,00000000), ref: 005B3D52
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,00000000), ref: 005B3D57
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,00000000), ref: 005B3D5C
                                                                                                                                                                                                  • CharNextW.USER32(?,?,00000000,00000001,65B03BA8,00000000,00000000), ref: 005B3D93
                                                                                                                                                                                                  • CharNextW.USER32(?,?,00000000,00000001,65B03BA8,00000000,00000000), ref: 005B3DA8
                                                                                                                                                                                                  • CharNextW.USER32(00000000,}},?,00000000,00000001,65B03BA8,00000000,00000000), ref: 005B3DFF
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,65B03BA8,00000000,00000000), ref: 005B3E24
                                                                                                                                                                                                  • CharNextW.USER32(?,00000000,?,?,?,?,?,?,00000000), ref: 005B3E92
                                                                                                                                                                                                  • CharNextW.USER32(?,00000000,00000001,65B03BA8,00000000,00000000), ref: 005B3E9F
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,00000000), ref: 005B3EBC
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,00000000), ref: 005B3ECE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext$Task$Free$Alloc_wcsstr
                                                                                                                                                                                                  • String ID: }}$HKCR$HKCU{Software{Classes
                                                                                                                                                                                                  • API String ID: 1632296858-1142484189
                                                                                                                                                                                                  • Opcode ID: 5e081b5e3290c614ddd498029c6c769bfddeefa4c2f1832f2c7ee288bdaced93
                                                                                                                                                                                                  • Instruction ID: 74f547c1cec7c3abcc5f9519450629c2117048edb167f6425cba2875ff4e3b08
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e081b5e3290c614ddd498029c6c769bfddeefa4c2f1832f2c7ee288bdaced93
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4917D719043899FDB209FA4C895AEEBFF8BF55340F14042EE985AB250E775EA48CB10
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • TlsAlloc.KERNEL32 ref: 005B10E6
                                                                                                                                                                                                  • TlsSetValue.KERNEL32(FFFFFFFF,?), ref: 005B10FA
                                                                                                                                                                                                  • StrRChrA.SHLWAPI(?,00000000,0000003B), ref: 005B1119
                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(00000001), ref: 005B1125
                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 005B1140
                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,00000000,00042014), ref: 005B1157
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 005B1164
                                                                                                                                                                                                  • PathFindFileNameA.SHLWAPI(?), ref: 005B1171
                                                                                                                                                                                                  • StrChrA.SHLWAPI(?,0000002A), ref: 005B1186
                                                                                                                                                                                                  • StrChrA.SHLWAPI(00000000,00000029), ref: 005B1195
                                                                                                                                                                                                  • lstrcpynA.KERNEL32(?,00000001,00000000), ref: 005B11A9
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 005B11B6
                                                                                                                                                                                                  • StrChrA.SHLWAPI(00000000,0000003B), ref: 005B11C7
                                                                                                                                                                                                  • wsprintfA.USER32 ref: 005B1202
                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,?,?,00042014), ref: 005B121F
                                                                                                                                                                                                  • StrChrA.SHLWAPI(00000001,0000002A), ref: 005B123C
                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?), ref: 005B124F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileMessageModuleName$AddressAllocExitFindHandleLibraryLoadPathProcProcessValuelstrcpynwsprintf
                                                                                                                                                                                                  • String ID: %s:%s%s
                                                                                                                                                                                                  • API String ID: 1428029404-113327331
                                                                                                                                                                                                  • Opcode ID: 04cfba4dbd213130cc28062d2483cba1525c1963fc2464df3740f975b8c07555
                                                                                                                                                                                                  • Instruction ID: d773113959cb6cbc811d25af47892cbe25f3a7c4895a96d6f8f378b61afdf898
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04cfba4dbd213130cc28062d2483cba1525c1963fc2464df3740f975b8c07555
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F41907290061CAFDB259B64DC5CFDA7BB9FB28314F004295E60AE3150DA71AB48DF50
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,005B4AE0,?), ref: 005B310A
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 005B311A
                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 005B3142
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,005B4AE0,?), ref: 005B3167
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 005B3177
                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 005B31B9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                                                  • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                                                                                                                                                                                                  • API String ID: 588496660-1053001802
                                                                                                                                                                                                  • Opcode ID: 9a374c001ab1551e1d50621a7b9cecc4c3a28bb4345e85af7f057e87b8acc16b
                                                                                                                                                                                                  • Instruction ID: d50b0914893cb9cef7f7778c673d90fba5b82eb753b51ecc86e1420aaa09b3cf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a374c001ab1551e1d50621a7b9cecc4c3a28bb4345e85af7f057e87b8acc16b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4219F76340608BEEB209F9DEC09FD5BFACFB60751F04843AF644A2160C771A694EB64
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CharNextW.USER32(?,?,00000000,x>[,005B3E78,?,?,?,?,?,?,00000000), ref: 005B3A56
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>[,005B3E78,?,?,?,?,?,?,00000000), ref: 005B3A6E
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>[,005B3E78,?,?,?,?,?,?,00000000), ref: 005B3A82
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>[,005B3E78,?,?,?,?,?,?,00000000), ref: 005B3A8C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext
                                                                                                                                                                                                  • String ID: x>[$x>[
                                                                                                                                                                                                  • API String ID: 3213498283-4220930997
                                                                                                                                                                                                  • Opcode ID: d3110f035fa73c51ca224b1c4173debcc16db2189390a3c6cfef46672e28c8a2
                                                                                                                                                                                                  • Instruction ID: b7ca46bbe2e461099a938514c2cd249404cd14e5148794b83c07236fbe520521
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3110f035fa73c51ca224b1c4173debcc16db2189390a3c6cfef46672e28c8a2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5841D332600219DFCB20DF68D8D06A9BBE6FF99310BA445AAD445DB254E770BE41CB90
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoCreateInstance.OLE32(005C3C68,00000000,00000001,005C3A08,?,?,?,?), ref: 005B5A90
                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000040,?,?,?), ref: 005B5B26
                                                                                                                                                                                                  • RegQueryInfoKeyW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,80000000,?,00020019), ref: 005B5BF6
                                                                                                                                                                                                  • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000000,?,00020019), ref: 005B5CB6
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoQuery$CreateFromInstanceString
                                                                                                                                                                                                  • String ID: CLSID\$\Implemented Categories$\Required Categories
                                                                                                                                                                                                  • API String ID: 468587507-4092563799
                                                                                                                                                                                                  • Opcode ID: 09a64d13a41b1091755a8a7bfd46ce6d78a662298bf7f9ef88f3a811c96c4a04
                                                                                                                                                                                                  • Instruction ID: c94f0eb8113b5a181b15876dc4d9171a4a194c29ba6d08daa94dff28be862301
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09a64d13a41b1091755a8a7bfd46ce6d78a662298bf7f9ef88f3a811c96c4a04
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80815770A00619AFEB24DF60CC95FE9BBB8BF54700F5040A9E649A7141EB70BE85CF60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(005CB690,65B03BA8,?,;\), ref: 005B33CA
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00000104), ref: 005B3441
                                                                                                                                                                                                  • LoadTypeLib.OLEAUT32(?,00000000), ref: 005B3472
                                                                                                                                                                                                  • LoadRegTypeLib.OLEAUT32(?,?,?,?,00000000), ref: 005B349C
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(005CB690), ref: 005B35B2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalLoadSectionType$EnterFileLeaveModuleName
                                                                                                                                                                                                  • String ID: m2[$;\
                                                                                                                                                                                                  • API String ID: 2487232618-1298025814
                                                                                                                                                                                                  • Opcode ID: d11a58eac82da2fc418f8000d2921a0f51c971c5c639b053f09537c47f19491a
                                                                                                                                                                                                  • Instruction ID: 973a22c5f80df4cfed70b02b1cb995fff7e5a95e651fb8741e663b178b8d6b97
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d11a58eac82da2fc418f8000d2921a0f51c971c5c639b053f09537c47f19491a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5715075500618EFDB20DF94D888BAABBF8FB58314F148499E409E7290DB35EE85CF60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000010,005C3C58,00000000), ref: 005B164C
                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 005B16AB
                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000010,005C3C58,00000000), ref: 005B16D3
                                                                                                                                                                                                  • LoadTypeLib.OLEAUT32(?,?), ref: 005B176B
                                                                                                                                                                                                  • StrCmpIW.SHLWAPI(?,?), ref: 005B1820
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 005B185E
                                                                                                                                                                                                  • PathMatchSpecW.SHLWAPI(?,*.dll), ref: 005B18C2
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000800,?,00000000,00000000), ref: 005B191A
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00002500,Error 0x%1!lX!,00000000,00000800,00000000,00000000,?), ref: 005B1945
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 005B1969
                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,00000000,00000000,00002010), ref: 005B197F
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 005B1986
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FreeMessage$FormatLocalObject$ExecuteLoadMatchPathShellSpecStringType
                                                                                                                                                                                                  • String ID: 04\$<$<4\$PDu
                                                                                                                                                                                                  • API String ID: 1733510067-2863232274
                                                                                                                                                                                                  • Opcode ID: bc5dbfa028fd70c6595eb4d4e1d9a600cebb7bbfc8d785b478b56b4496b97eb3
                                                                                                                                                                                                  • Instruction ID: ea48baee1ede3728ae3896f28dc7989934efe4b777f335939fb89408c5fd6d1b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc5dbfa028fd70c6595eb4d4e1d9a600cebb7bbfc8d785b478b56b4496b97eb3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5631BF7590056E8ECF60EF64C898BEAB7B8FF04344F9441EAD809A7140E730AE85CF94
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _malloc.LIBCMT ref: 005B99F8
                                                                                                                                                                                                    • Part of subcall function 005B672B: __FF_MSGBANNER.LIBCMT ref: 005B6742
                                                                                                                                                                                                    • Part of subcall function 005B672B: __NMSG_WRITE.LIBCMT ref: 005B6749
                                                                                                                                                                                                    • Part of subcall function 005B672B: HeapAlloc.KERNEL32(014F0000,00000000,00000001,00000000,00000000,00000000,?,005BAFCB,00000000,00000000,00000000,00000000,?,005BBA60,00000018,005C90F8), ref: 005B676E
                                                                                                                                                                                                  • _free.LIBCMT ref: 005B9A0B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap_free_malloc
                                                                                                                                                                                                  • String ID: ![
                                                                                                                                                                                                  • API String ID: 2734353464-2484537603
                                                                                                                                                                                                  • Opcode ID: 647d548628f6e0d70fc23642110950258a70efdd641a87c75ac559dfbbfa586e
                                                                                                                                                                                                  • Instruction ID: 84351feab47aba39470260c8299e9d35af970dac9dd89a7e18ff389780e5eb25
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 647d548628f6e0d70fc23642110950258a70efdd641a87c75ac559dfbbfa586e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B11EC3290861B9FCB207F74AC0DBED3F98BF99360F204425FA05A6251DF34B940D6A4
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __init_pointers.LIBCMT ref: 005B9FB5
                                                                                                                                                                                                    • Part of subcall function 005B815B: EncodePointer.KERNEL32(00000000,?,005B9FBA,005B7E68,005C8E58,00000014), ref: 005B815E
                                                                                                                                                                                                    • Part of subcall function 005B815B: __initp_misc_winsig.LIBCMT ref: 005B8179
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 005B9721
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 005B9735
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 005B9748
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 005B975B
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 005B976E
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 005B9781
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 005B9794
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 005B97A7
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 005B97BA
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 005B97CD
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 005B97E0
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 005B97F3
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 005B9806
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 005B9819
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 005B982C
                                                                                                                                                                                                    • Part of subcall function 005B815B: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 005B983F
                                                                                                                                                                                                  • __mtinitlocks.LIBCMT ref: 005B9FBA
                                                                                                                                                                                                  • __mtterm.LIBCMT ref: 005B9FC3
                                                                                                                                                                                                    • Part of subcall function 005BA02B: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,005B9FC8,005B7E68,005C8E58,00000014), ref: 005BB9E1
                                                                                                                                                                                                    • Part of subcall function 005BA02B: _free.LIBCMT ref: 005BB9E8
                                                                                                                                                                                                    • Part of subcall function 005BA02B: DeleteCriticalSection.KERNEL32(005CA270,?,?,005B9FC8,005B7E68,005C8E58,00000014), ref: 005BBA0A
                                                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 005B9FE8
                                                                                                                                                                                                  • __initptd.LIBCMT ref: 005BA00A
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 005BA011
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3567560977-0
                                                                                                                                                                                                  • Opcode ID: 016ebfb64e1a538d207b42ae8bc94dea8ad5a79c4d827551131499f376389605
                                                                                                                                                                                                  • Instruction ID: 38fa6a2a73f19a3dbd3437ad79e91e782bbeefdf870ce189c4ecfdcef945e695
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 016ebfb64e1a538d207b42ae8bc94dea8ad5a79c4d827551131499f376389605
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6F09032119B121EE6257B787C0FAEA2E98FF82770F218719F160D40E1FF51B8829196
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CharUpperW.USER32(00000000,75BFA7D0,00000000,?,?,005B60BC,00000000,UnregServer), ref: 005B6613
                                                                                                                                                                                                  • CharUpperW.USER32(8508C483,?,005B60BC,00000000,UnregServer), ref: 005B661F
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,005B60BC,00000000,UnregServer), ref: 005B6642
                                                                                                                                                                                                  • CharNextW.USER32(005B60BC,?,005B60BC,00000000,UnregServer), ref: 005B664D
                                                                                                                                                                                                  • CharUpperW.USER32(?,?,005B60BC,00000000,UnregServer), ref: 005B665A
                                                                                                                                                                                                  • CharUpperW.USER32(?,?,?,005B60BC,00000000,UnregServer), ref: 005B6666
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Char$Upper$Next
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3006421506-0
                                                                                                                                                                                                  • Opcode ID: 21dcc5f8ffea2acb8bce5cfff1a80ac76c37a6236eb1ded0087397af5a2dc376
                                                                                                                                                                                                  • Instruction ID: f7e81c11b0437beccd8b051cf96cdb08dbc237b8d06ac76afbf9c2f331293bc6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21dcc5f8ffea2acb8bce5cfff1a80ac76c37a6236eb1ded0087397af5a2dc376
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D311863B4001145ECF345FBE9C886F5BBA8FE84761B984027FC48D3190D63CEC959A25
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AdjustPointer_memmove
                                                                                                                                                                                                  • String ID: :e3
                                                                                                                                                                                                  • API String ID: 1721217611-1834617153
                                                                                                                                                                                                  • Opcode ID: d41eeed37460f34ab47190e355859e7dc38da7f76d1f56b8835db45407e6e922
                                                                                                                                                                                                  • Instruction ID: 7c7753298d2da36c103366cd660bee79a0e398fffdfb1d3c07882d88b5513a6f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d41eeed37460f34ab47190e355859e7dc38da7f76d1f56b8835db45407e6e922
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0441A1352083836EEB295F24D846BF63FB5BF40310F24445DF9A1865D1EB25FC80E626
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 005B5830: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?), ref: 005B5881
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(OLEAUT32.DLL), ref: 005B5EEF
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 005B5EFF
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 005B5F45
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Module$AddressFileFreeHandleNameProcString
                                                                                                                                                                                                  • String ID: OLEAUT32.DLL$UnRegisterTypeLibForUser
                                                                                                                                                                                                  • API String ID: 815855407-2196524522
                                                                                                                                                                                                  • Opcode ID: 8401b15d431be1000c3eaac94bb8ec1a632f307a3b4cc2b6c7bc6ff8158ce904
                                                                                                                                                                                                  • Instruction ID: 5dc7bd1396933bb300ca2b3263b5c9964249784cee640b1ba7021b126a56b889
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8401b15d431be1000c3eaac94bb8ec1a632f307a3b4cc2b6c7bc6ff8158ce904
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2213E75A00518AFDB15DF94CC04EAABBB9FB44314F248098FD04DB250EB31EE56DB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>[,005B3E78,?,?,?,?,?,?,00000000), ref: 005B3A6E
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>[,005B3E78,?,?,?,?,?,?,00000000), ref: 005B3A82
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>[,005B3E78,?,?,?,?,?,?,00000000), ref: 005B3A8C
                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,x>[,005B3E78,?,?,?,?,?,?,00000000), ref: 005B3AEE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext
                                                                                                                                                                                                  • String ID: x>[$x>[
                                                                                                                                                                                                  • API String ID: 3213498283-4220930997
                                                                                                                                                                                                  • Opcode ID: 0261015a6760a40745dd5c7a33fe33fcc8010016a802899f716c43a6845dd4ec
                                                                                                                                                                                                  • Instruction ID: ca0c0a14b32a50cfcb4feb5d8968e20dba5277f73b38ae7f83f55acae3969b0a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0261015a6760a40745dd5c7a33fe33fcc8010016a802899f716c43a6845dd4ec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A01693460060ADFCB21DF28C8907E97BA6FF94300FA54458D486AB264E770BA81CB81
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _malloc.LIBCMT ref: 005B9B06
                                                                                                                                                                                                    • Part of subcall function 005B672B: __FF_MSGBANNER.LIBCMT ref: 005B6742
                                                                                                                                                                                                    • Part of subcall function 005B672B: __NMSG_WRITE.LIBCMT ref: 005B6749
                                                                                                                                                                                                    • Part of subcall function 005B672B: HeapAlloc.KERNEL32(014F0000,00000000,00000001,00000000,00000000,00000000,?,005BAFCB,00000000,00000000,00000000,00000000,?,005BBA60,00000018,005C90F8), ref: 005B676E
                                                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 005B9B24
                                                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 005B9B39
                                                                                                                                                                                                    • Part of subcall function 005B7712: RaiseException.KERNEL32(?,?,?,?), ref: 005B7767
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                                                  • String ID: (J\$0J\
                                                                                                                                                                                                  • API String ID: 1059622496-1366213868
                                                                                                                                                                                                  • Opcode ID: 7857404da7dcc425be907cb6102daa22ed7aa97e619969f3c823906074aadb56
                                                                                                                                                                                                  • Instruction ID: ab1ad931eac4dfdf6bd582ad7e7217e95b95700b06cb9324cd436124d0f212d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7857404da7dcc425be907cb6102daa22ed7aa97e619969f3c823906074aadb56
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF0813154421E6ACB14AA98EC19EEA7FADFB41354F10052ABA0492181EFB0AA4496A4
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,DLLPROXY,00042014,005B10A0), ref: 005B1282
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 005B128F
                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 005B129B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExitMessageProcessValue
                                                                                                                                                                                                  • String ID: DLLPROXY$2\
                                                                                                                                                                                                  • API String ID: 1376494668-1586085267
                                                                                                                                                                                                  • Opcode ID: b2e540e49c052f8b6ecf398fbd4506d65896b2a70b653340b77d7ebfcbb6e469
                                                                                                                                                                                                  • Instruction ID: eb07bb11df32b89793cbcf905b24c723542a01edeee8f5655fc5216aab54c60d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2e540e49c052f8b6ecf398fbd4506d65896b2a70b653340b77d7ebfcbb6e469
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26D0C971280A09AFDB552B98BC0EF943E61B725B46F548010F306A90B19A628619FB22
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoResumeClassObjects.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,005B63EE,?), ref: 005B62D0
                                                                                                                                                                                                    • Part of subcall function 005B6490: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,005B6288), ref: 005B649F
                                                                                                                                                                                                  • CoResumeClassObjects.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,005B63EE,?), ref: 005B62A5
                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,005B63EE,?), ref: 005B62B4
                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,005B63EE,?), ref: 005B62C1
                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,005B63EE,?), ref: 005B62C8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ClassEventObjectsResume$CloseCreateHandleObjectSingleWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1208342592-0
                                                                                                                                                                                                  • Opcode ID: 8dd337dd8be3f20decf0eac34bb4a331e4517571507ebf0bdc5f5db20bb6d223
                                                                                                                                                                                                  • Instruction ID: 9c73a84937dd9549ee38e7ee8611bdda94460171d4be1b2fe40f25db5e09209f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dd337dd8be3f20decf0eac34bb4a331e4517571507ebf0bdc5f5db20bb6d223
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C01493B3019125FE712A7689C4DF9A5F19BBE0362B04803AFA00EA241DA79D8049665
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SysFreeString.OLEAUT32 ref: 005B390D
                                                                                                                                                                                                  • SysStringLen.OLEAUT32(00000000), ref: 005B391A
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 005B3941
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: String$Free
                                                                                                                                                                                                  • String ID: ;\
                                                                                                                                                                                                  • API String ID: 1391021980-3126748795
                                                                                                                                                                                                  • Opcode ID: 8d2b3a958ef0b1e24cf7711a6c9ac24e7966d2e88a288386e4820179bba09838
                                                                                                                                                                                                  • Instruction ID: e352c9fa3d241900aa6bfa9113b0a1e64264ab7861ef1297bf4521eeb2af23c0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d2b3a958ef0b1e24cf7711a6c9ac24e7966d2e88a288386e4820179bba09838
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5513C75A0020AAFDB14CFA4C885BAEBBF4FF48750F10452EF915E7250E775A904DB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _free.LIBCMT ref: 005B2D36
                                                                                                                                                                                                  • _free.LIBCMT ref: 005B2D4C
                                                                                                                                                                                                  • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,005B1ECE,65B03BA8,00000000,t6\,00000000,005C22C3,000000FF,?,005B4FEF), ref: 005B2D72
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$ExceptionRaise
                                                                                                                                                                                                  • String ID: O[
                                                                                                                                                                                                  • API String ID: 1710698773-1869172522
                                                                                                                                                                                                  • Opcode ID: 3839fcefe2432719d3e6178e479ff2f26b461064cbcc532e63a32daabd4bde57
                                                                                                                                                                                                  • Instruction ID: 8eb0e64e21177045e6e65f9b698741160add30e01e609b671092a4eeec257d3e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3839fcefe2432719d3e6178e479ff2f26b461064cbcc532e63a32daabd4bde57
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2118EB1500517AFEA209F58D84ABC6FBA4BF40700F018526E9199B550DB31F866DAE2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 005B2CF0: _free.LIBCMT ref: 005B2D36
                                                                                                                                                                                                    • Part of subcall function 005B2CF0: _free.LIBCMT ref: 005B2D4C
                                                                                                                                                                                                  • _free.LIBCMT ref: 005B1EE6
                                                                                                                                                                                                    • Part of subcall function 005B66F3: HeapFree.KERNEL32(00000000,00000000,?,005B1355,?), ref: 005B6707
                                                                                                                                                                                                    • Part of subcall function 005B66F3: GetLastError.KERNEL32(00000000,?,005B1355,?), ref: 005B6719
                                                                                                                                                                                                  • _free.LIBCMT ref: 005B1EFC
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID: t6\$O[
                                                                                                                                                                                                  • API String ID: 776569668-3655835737
                                                                                                                                                                                                  • Opcode ID: ec3cb37adba53b280d17c2bd9ff1f08147d2c69e667d5e88fb3df7fb6ed37bec
                                                                                                                                                                                                  • Instruction ID: ae61077ffca68e633a59cd15868b6019ff818e4b496899f5106412c6ff617b05
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec3cb37adba53b280d17c2bd9ff1f08147d2c69e667d5e88fb3df7fb6ed37bec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 890152B1904A45AFDB10DF54C815B9BBFF8FB04B04F10452EE81597780D7B5A9048BD0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 005C1E92
                                                                                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 005C1EC0
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 005C1EEE
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 005C1F24
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                                                                                  • Opcode ID: 2fbcb18085894821e10d0023f995d3514a495afe49f4f27fee0d2056a1d50574
                                                                                                                                                                                                  • Instruction ID: cdd66da92cf6fad35f6f88186c38d4b6adfc203e5ec499fc407bfa823261f872
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fbcb18085894821e10d0023f995d3514a495afe49f4f27fee0d2056a1d50574
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F431C131600A06AFDB219EB5C848FAA7FB9FF42310F15851DF810C7192DB31E850DBA4
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                                                  • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                                                                  • Instruction ID: d73ad0f2dfe18ecaaee5990a1a2514e2f68257c65064e468cf89d68262f040cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7014E7200014EFBCF125E94CC098EE3F6ABB18350B989855FA2858175DB36E9B1EB81
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ___BuildCatchObject.LIBCMT ref: 005BA38F
                                                                                                                                                                                                    • Part of subcall function 005BA9A6: ___AdjustPointer.LIBCMT ref: 005BA9EF
                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 005BA3A6
                                                                                                                                                                                                  • ___FrameUnwindToState.LIBCMT ref: 005BA3B8
                                                                                                                                                                                                  • CallCatchBlock.LIBCMT ref: 005BA3DC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2633735394-0
                                                                                                                                                                                                  • Opcode ID: 3ccd33e8189221602fdd2563f65e9cfb148c863d3a4afad10963a067523ca293
                                                                                                                                                                                                  • Instruction ID: d6919c16745f11dfb6edcd008c3c787082d9d48e0067c227db09475eb656cc29
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ccd33e8189221602fdd2563f65e9cfb148c863d3a4afad10963a067523ca293
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB01133200010ABBCF12AF55CC05EDE3FAAFF88750F158414FA1862120C736F9A1EBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 005B6447
                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 005B6464
                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 005B646A
                                                                                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 005B6476
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$DispatchTranslate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1706434739-0
                                                                                                                                                                                                  • Opcode ID: 6e72191087720d732d26f78cd74a33edde91b0fabc801ff66c344576eaef8355
                                                                                                                                                                                                  • Instruction ID: e02619bf953e8268b83912873483e7961654bf9f48277577763e7f29c4209a86
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e72191087720d732d26f78cd74a33edde91b0fabc801ff66c344576eaef8355
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF08972E4060D6EDB10D7E89D81FDA77ACAB44B04F144052B600E7080D6A8F90587A4
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _memset.LIBCMT ref: 005B19F9
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000147,00000000,00000000,00000000,00000000,?), ref: 005B1A3A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • HRESULT(NTAPI*DllGetClassObject)(REFCLSID,REFIID,IClassFactory**);, xrefs: 005B19CE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiWide_memset
                                                                                                                                                                                                  • String ID: HRESULT(NTAPI*DllGetClassObject)(REFCLSID,REFIID,IClassFactory**);
                                                                                                                                                                                                  • API String ID: 2800726579-184858184
                                                                                                                                                                                                  • Opcode ID: f4756c7a0ca770f13038c435bd969e86710cf535de3383a5d5dd39dd3254d146
                                                                                                                                                                                                  • Instruction ID: 009b7eb895de9a8bea77400c3c63d2bfa9443a0777b219c5c2c160010f559a14
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4756c7a0ca770f13038c435bd969e86710cf535de3383a5d5dd39dd3254d146
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8316D71A0065DEFDB50CF54CC89FDABBB8BB85305F0045D9E909BB290D671AE498B90
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                  • String ID: p=<u
                                                                                                                                                                                                  • API String ID: 2610073882-894760207
                                                                                                                                                                                                  • Opcode ID: adec6735cac1b00580744c21a689d02e20c669a5db19e5b1924629c717161126
                                                                                                                                                                                                  • Instruction ID: 359dc03031fc9cd28f30cd1176adee83cbfb662607e304297480b091e6b101ec
                                                                                                                                                                                                  • Opcode Fuzzy Hash: adec6735cac1b00580744c21a689d02e20c669a5db19e5b1924629c717161126
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3215C36A00519DFCF04DF98D8909EEBBB5FF88310B50816AE905AB200C735FD15DB94
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,x>[,75BFA7D0,?,00000000,?,005B3E78,?,?,?,?,?,?,00000000), ref: 005B39C9
                                                                                                                                                                                                  • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00000000,?,005B3E78,?,?,?,?,?,?,00000000), ref: 005B3A08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionRaiselstrcmpi
                                                                                                                                                                                                  • String ID: x>[
                                                                                                                                                                                                  • API String ID: 1543425345-417297403
                                                                                                                                                                                                  • Opcode ID: 7487d169def8084279c4538f3744eef2458342c69012ff1a8a72016698722cf8
                                                                                                                                                                                                  • Instruction ID: a9276e9922514eb786331f6978ca8aafbb04ea22e8d9b466a41ae46aa05c4489
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7487d169def8084279c4538f3744eef2458342c69012ff1a8a72016698722cf8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AF0A932200529AFD7209F8DD885FD5FB64FB54B20F118223EA55B7450C771F955C691
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 005C2213: _memset.LIBCMT ref: 005C2220
                                                                                                                                                                                                    • Part of subcall function 005B36B0: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,005C21EF,?,?,?,005B107A), ref: 005B36B3
                                                                                                                                                                                                    • Part of subcall function 005B36B0: GetLastError.KERNEL32(?,?,?,005B107A), ref: 005B36BD
                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,005B107A), ref: 005C21F3
                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,005B107A), ref: 005C2202
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 005C21FD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000006.00000002.1928988542.00000000005B1000.00000020.00000001.01000000.00000009.sdmp, Offset: 005B0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000006.00000002.1928966851.00000000005B0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929030928.00000000005C3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929049625.00000000005CA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000006.00000002.1929069145.00000000005CE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_5b0000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString_memset
                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                  • API String ID: 436010757-631824599
                                                                                                                                                                                                  • Opcode ID: 88881d6ef75516786703a5249ce97bd910df95f339e7559dba5f4f0baddc8e14
                                                                                                                                                                                                  • Instruction ID: 2596fb901502acb08b52d682f16b55e8a058a49deeba929ebbbb5b2be8139120
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88881d6ef75516786703a5249ce97bd910df95f339e7559dba5f4f0baddc8e14
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61E06D74600B058FD330AFA4D849F427FE0BF24700F00891DE456C2640EBB4E548CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.1943782568.00007FF64B141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF64B140000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.1943751830.00007FF64B140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.1944015438.00007FF64B441000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.1944015438.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.1944158155.00007FF64B57E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.1944181157.00007FF64B58C000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.1944207090.00007FF64B59E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.1944227539.00007FF64B5A0000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.1944255850.00007FF64B5AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.1944255850.00007FF64B5B6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.1944302366.00007FF64B5B9000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_7ff64b140000_WinMergeU.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c44208432c50ff899021ccbcfd5bb54785d6ce1aebe9cd5bdba27c5997c1deab
                                                                                                                                                                                                  • Instruction ID: 0223e55f45626bbe9a3e76eecee8865969225d93a7ec60b63fda6f22680bcf39
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c44208432c50ff899021ccbcfd5bb54785d6ce1aebe9cd5bdba27c5997c1deab
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B112E22B18F058AEB00EF60E8552B873A4FB1D768F441E31DB6D867A8DF7CD1648340
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2941849941.00007FF64B141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF64B140000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2941835920.00007FF64B140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2942015482.00007FF64B441000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2942015482.00007FF64B471000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2942109011.00007FF64B57E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2942124860.00007FF64B58C000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2942142293.00007FF64B59F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2942155082.00007FF64B5A0000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2942169980.00007FF64B5AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2942169980.00007FF64B5B6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2942197391.00007FF64B5B9000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_7ff64b140000_WinMergeU.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c44208432c50ff899021ccbcfd5bb54785d6ce1aebe9cd5bdba27c5997c1deab
                                                                                                                                                                                                  • Instruction ID: 0223e55f45626bbe9a3e76eecee8865969225d93a7ec60b63fda6f22680bcf39
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c44208432c50ff899021ccbcfd5bb54785d6ce1aebe9cd5bdba27c5997c1deab
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B112E22B18F058AEB00EF60E8552B873A4FB1D768F441E31DB6D867A8DF7CD1648340