Windows Analysis Report
WinMerge-2.16.42.1-x64-Setup.exe

Overview

General Information

Sample name: WinMerge-2.16.42.1-x64-Setup.exe
Analysis ID: 1541102
MD5: 694814dfeb6bc886adc91431fa3710f8
SHA1: d4eed6294c367837aa5ad810a79dd807ed2178b5
SHA256: 5771f2a0553f53684b0e74161ed8749c4dda270f166edac253982366aee39bd3
Infos:

Detection

Score: 15
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample file is different than original file name gathered from version info
Sigma detected: Classes Autorun Keys Modification
Sigma detected: Use Short Name Path in Command Line
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-EMDIS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-8KFIH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-BOKA5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages\is-AJPUG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages\is-123RC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-N9202.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-94VSN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-GS16B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-9AAPN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-N4IAN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-9TLH0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-F216O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-2OE2K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-T2IQ8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CC8DO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2KI1C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MFTUR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RLCQE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UFVDL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-V2DS1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1OLB5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8OUR1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-NSAVI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5JV0F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-QTVOA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SEQFO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I4R65.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L5DSD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EIVB1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8J2GB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-T5LO6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5IF1K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MBIS3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQ8OJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KPC0E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A2H5R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IQRO7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I8C88.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5BGTK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-U6B2R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q6405.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IGN31.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KOF2H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8M9MB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KT48M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LESGM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-D9ULS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-81U24.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A79QI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-18MT0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-G0RIE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-40BBT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5LSIG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-095NN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RRR6V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7HKTF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7B519.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O4BKH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VB2M5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-F1C4H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O6IBK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LKCB9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I0SMR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TPUIS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-460A9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KVANL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RFFJN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MP3U7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3BTA1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LM6PD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L3JBH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RLC0B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3QGBK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HSRKA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SC7H2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-U4CMV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-DJV3P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-OATG4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IV9B1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MIG3S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2FJR9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GLNOI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IB9K7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RR2CP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2K3ER.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PJATC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-062RB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VHVRF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-86JF7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O6AIB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P8F36.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-QE2TL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IV017.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O2RF7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-G6U2G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-S4I54.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5H1TG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3SHFN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5NB3V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q5E7J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TQKGS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5DDJJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7JJ6E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-18VUR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q6RS3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-55RUK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-C9ASJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-KU68J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-4MAJS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-8LHOI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-86KD6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-GA46K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-5S810.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-MTBD4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-2JLJ0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-48EUL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-90M06.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-IQAC2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-N9DSO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-LSRQE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-2NN26.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-2PJ95.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-QLCD7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-95E7P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-JTKBP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-55BS4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-TQ5R4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-AU5OB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-A83LN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-OQP0O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-NTAH8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-M5C1V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-7SDCN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-9OSMP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-2HSEA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-NH2UA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-3QIHI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-OOK1U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-UG553.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-R5IB7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-SDIOV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-TTL9V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-UABSB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-NSMAB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-TGIBM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\is-DGDQL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\is-SEBEO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-JED1G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-3P06G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-EH03O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-A48B5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-3A4QE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-ELRQ5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-QJ1OV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-CQ6K8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-LHA2S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-QJRBC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-6IPI2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-7D00P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-L2LCJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-4MHIU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-RITAQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-KTPRH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-56PDA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-1MJTI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-FJG2V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-24R37.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-NDGUQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-PL0C0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-LHVU8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-RH2AK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin\is-7CCUQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-1J3J1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-4244D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-D4ROF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-GE2F3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-KVURD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs\is-QFR17.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1\is-PVN7H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3\is-O2OLC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7\is-OAE1R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-JQ84E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-O4U6I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-H1MRE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq\is-M8DN4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq\is-UNI1O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-7F9O8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-2BIF0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-H30VV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-QI0H0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-01OJE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-5TT1R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-9NNL4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-0DQDS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-U552Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-Q7I9M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-5UK3C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-883O4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-P2R54.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-AE60A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-75HBF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-0URJH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-QCED5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\dumpbin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\dumpbin\is-OKI3E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\ildasm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\ildasm\is-BG924.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-RHQ7R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-J0G1K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-TI4KR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\is-QDPG4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\unins000.msg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMerge_is1 Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: certificate valid
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreCommentsC.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-UABSB.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\winwebdiff\Build\x64\Release\WinWebDiff\WinWebDiffLib.pdb source: is-NDGUQ.tmp.2.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: is-RITAQ.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb! source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.dr
Source: Binary string: f: \.pdb$ ## VC program database file (debugging symbolic information) source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdbGCTL source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Build\x64\Release\WinMergeContextMenu.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-9AAPN.tmp.2.dr
Source: Binary string: E:\dev\winmerge\Build\x64\Release\Merge7z\Merge7z.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\WinMerge\winmerge-3pane\stable\Plugins\WinMerge32BitPluginProxy\Release\WinMerge32BitPluginProxy.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000000.1474620921.0000000000373000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreColumns.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-TTL9V.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsTab.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: is-RITAQ.tmp.2.dr
Source: Binary string: E:\dev\winmerge\Externals\winimerge\Build\x64\Release\WinIMerge\WinIMergeLib.pdb source: is-4MHIU.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsComma.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-NSMAB.tmp.2.dr
Source: is-8KFIH.tmp.2.dr String found in binary or memory: http://192.168.1.101:3703/soap/WinMerge/Program%20Icons/Splash%20and%20About/concept.psd
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://bonedaddy.net/pabs3/files/frhed/
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://counter-strike.com.ua/
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0X
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-6IPI2.tmp.2.dr, is-CQ6K8.tmp.2.dr, is-LHA2S.tmp.2.dr, is-QJRBC.tmp.2.dr String found in binary or memory: http://frhed.sourceforge.net/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.dr String found in binary or memory: http://frhed.sourceforge.net/Docs
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr String found in binary or memory: http://frhed.sourceforge.netN
Source: is-RH2AK.tmp.2.dr String found in binary or memory: http://gnu.org/licenses/gpl.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: http://google.github.io/googletest/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.c2i.net/freewaretips/
Source: is-NDGUQ.tmp.2.dr String found in binary or memory: http://https://www.google.com/search?q=cssContentSizewidthheightPage.getLayoutMetrics
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g20
Source: is-9NNL4.tmp.2.dr String found in binary or memory: http://plantuml.com
Source: is-9NNL4.tmp.2.dr String found in binary or memory: http://plantuml.com/patreon
Source: is-9NNL4.tmp.2.dr String found in binary or memory: http://plantuml.com/paypal
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-TTL9V.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NSMAB.tmp.2.dr String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-NDGUQ.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-CQ6K8.tmp.2.dr String found in binary or memory: http://sourceforge.net/tracker/?
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-6IPI2.tmp.2.dr, is-LHA2S.tmp.2.dr, is-QJRBC.tmp.2.dr String found in binary or memory: http://sourceforge.net/tracker/?group_id=13216&atid=113216
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://subca.ocsp-certum.com01
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://subca.ocsp-certum.com02
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://subca.ocsp-certum.com05
Source: is-AU5OB.tmp.2.dr String found in binary or memory: http://winmerge.org/docs/manual/
Source: WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://www.appinf.com/features/enable-partial-reads
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-ampl
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://www.appinf.com/properties/bla-activation-threshold
Source: WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplification
Source: WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplificationJ
Source: is-9NNL4.tmp.2.dr String found in binary or memory: http://www.archimatetool.com
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: http://www.certum.pl/CPS0
Source: is-9NNL4.tmp.2.dr String found in binary or memory: http://www.chapman.edu/~jipsen
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.dk-soft.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.geocities.co.jp/SiliconValley-SanJose/8165/winmerge.htmld
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1543115041.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-56PDA.tmp.2.dr String found in binary or memory: http://www.gnu.org/licenses/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1543115041.000000000018D000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: http://www.html-tidy.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1258604645.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1259623363.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000000.1260284439.0000000000401000.00000020.00000001.01000000.00000004.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr String found in binary or memory: http://www.innosetup.com/
Source: WinMerge-2.16.42.1-x64-Setup.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-EH03O.tmp.2.dr String found in binary or memory: http://www.kibria.de
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.palkornel.hu/innosetup%1
Source: is-9NNL4.tmp.2.dr String found in binary or memory: http://www.pierce.ctc.edu/dlippman
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1258604645.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1259623363.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000000.1260284439.0000000000401000.00000020.00000001.01000000.00000004.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr String found in binary or memory: http://www.remobjects.com/ps
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unrealtexture.com/Unreal/Website/Downloads/3DEditing/UnrealEditor/Tools/Info/frhed_v11/fr
Source: is-AU5OB.tmp.2.dr String found in binary or memory: http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2011-4997.php
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-general-entitiesold
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://xml.org/sax/features/namespaces
Source: WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespacesLEAUT
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://xml.org/sax/features/string-interning
Source: WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/string-internings
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://xml.org/sax/features/validation
Source: WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/validationE
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/lexical-handlerent
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-2OE2K.tmp.2.dr String found in binary or memory: https://7-zip.org/history.txt
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://TamilNeram.github.io
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002343000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://WinMerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002241000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://WinMerge.org/1
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002241000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002343000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://WinMerge.org/q
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://api.openai.com/v1/chat/completions
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.transifex.com/rockytdr/teams/91037/nl/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://bugs.winmerge.org/
Source: is-RHQ7R.tmp.2.dr String found in binary or memory: https://download.java.net/java/GA/jdk%OpenJDKVer%/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-%Op
Source: is-TI4KR.tmp.2.dr String found in binary or memory: https://download.java.net/java/GA/jdk19.0.2/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-19.0.2_wi
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://downzen.com
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-95E7P.tmp.2.dr String found in binary or memory: https://ethanschoonover.com/solarized/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://forums.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://forums.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://forums.winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://freeimage.sourceforge.io/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://frhed.sourceforge.net/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Patriccollu/Lingua_Corsa-Infurmatica/#readme
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://github.com/VenusGirl
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/VenusGirl/winmerge
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-3P06G.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/frhed/graphs/contributors
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/winimerge/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/winmerge
Source: is-AU5OB.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/winmerge-v2/issues/41
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-2NN26.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.ini
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002161000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WinMerge/winmerge/discussions
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539157785.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1544095804.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539390223.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/winmerge/discussions.
Source: is-AU5OB.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/winmerge/discussions/1139
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1544095804.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539390223.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/winmerge/issues
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/winwebdiff/)
Source: is-NDGUQ.tmp.2.dr String found in binary or memory: https://github.com/WinMerge/winwebdiffD
Source: is-55BS4.tmp.2.dr String found in binary or memory: https://github.com/git/git/tree/master/xdiff)
Source: is-AE60A.tmp.2.dr String found in binary or memory: https://github.com/harelba/q/archive/refs/tags/2.0.19.zip
Source: is-AE60A.tmp.2.dr, is-883O4.tmp.2.dr String found in binary or memory: https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-95E7P.tmp.2.dr String found in binary or memory: https://github.com/keeleyt83/winmerge-solarized-dark
Source: is-55BS4.tmp.2.dr String found in binary or memory: https://github.com/microsoft/wil)
Source: is-QCED5.tmp.2.dr String found in binary or memory: https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zip
Source: is-QCED5.tmp.2.dr, is-75HBF.tmp.2.dr String found in binary or memory: https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://github.com/mity/md4c)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://github.com/msys2/MSYS2-packages/tree/master/patch)
Source: is-TI4KR.tmp.2.dr String found in binary or memory: https://github.com/openjdk/jdk19u/archive/refs/tags/jdk-19.0.2-ga.zip
Source: is-0DQDS.tmp.2.dr String found in binary or memory: https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jar
Source: is-0DQDS.tmp.2.dr String found in binary or memory: https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0.jar
Source: is-4MHIU.tmp.2.dr String found in binary or memory: https://github.com/winmerge/winimergeB
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/wvxwxvw
Source: is-AU5OB.tmp.2.dr String found in binary or memory: https://gyazo.com/17d8773354d23b5ae51262f28b0f1f80
Source: is-AU5OB.tmp.2.dr String found in binary or memory: https://gyazo.com/7cbbbd2c1de195fcd214d588b21b21d4
Source: is-AU5OB.tmp.2.dr String found in binary or memory: https://gyazo.com/b605edb820bc52d0f4f6232eb8ad78aa
Source: is-AU5OB.tmp.2.dr String found in binary or memory: https://gyazo.com/f5f267546db27f2dc801c00df8cb4251
Source: is-AU5OB.tmp.2.dr String found in binary or memory: https://i.gyazo.com/af18960bd1f121213a2cd9287cae9cf4.gif
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://jrsoftware.org/files/is/license.txt)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://jrsoftware.org/isinfo.php)
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://manual.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://manual.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002264000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.dr String found in binary or memory: https://manual.winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://manual.winmerge.org/Quick_start.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.dr String found in binary or memory: https://manual.winmerge.org/Quick_start.html.
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002220000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://manual.winmerge.org/en/Quick_start.html.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: https://manual.winmerge.org/index.htmlDocs/WinMerge%s.chmhttps://winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://platform.openai.com/api-keys
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://pocoproject.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://project.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://project.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002161000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://project.winmerge.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://rapidjson.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://savannah.gnu.org/projects/patch/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021C1000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002192000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002264000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/forum/?group_id=13216
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/tracker/?group_id=13216&atid=113216
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021C1000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002192000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002264000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/tracker/?group_id=13216&atid=363216
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://stedolan.github.io/jq/)
Source: is-9NNL4.tmp.2.dr String found in binary or memory: https://useiconic.com/open
Source: WinMergeU.exe, WinMerge-2.16.42.1-x64-Setup.exe String found in binary or memory: https://winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002220000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://winmerge.org.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.dr String found in binary or memory: https://winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://winmerge.org/?lang=ko
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: https://winmerge.org/translations/http://www.gnu.org/licenses/gpl-2.0.html&amp
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1499379423.00007FF673F79000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000000.1485756906.00007FF673F9E000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000000.1527353484.00007FF673F9E000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522738342.00007FF673F79000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520635460.000001A47BA10000.00000002.00000001.00040000.0000000A.sdmp, is-8KFIH.tmp.2.dr String found in binary or memory: https://winmerge.org:
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr String found in binary or memory: https://winmerge.orgn#
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://www.7-zip.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.dr String found in binary or memory: https://www.boost.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.dr String found in binary or memory: https://www.certum.pl/CPS0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.globalsign.com/repository/0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.globalsign.com/repository/06
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021D5000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539062337.000000000337A000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1538520613.0000000003381000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539157785.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1544095804.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.00000000022A7000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539390223.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.00000000053A0000.00000004.00001000.00020000.00000000.sdmp, is-OQP0O.tmp.2.dr String found in binary or memory: https://www.gnu.org/licenses/lgpl.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.transifex.com/rockytdr/teams/91037/nl/)
Detected potential crypto function
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_003710AA 12_2_003710AA
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0036ECC2 12_2_0036ECC2
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0037190F 12_2_0037190F
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0036815B 12_2_0036815B
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0036F234 12_2_0036F234
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0036FF4E 12_2_0036FF4E
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0036F7A6 12_2_0036F7A6
Found potential string decryption / allocating functions
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: String function: 00369310 appears 31 times
PE file contains executable resources (Code or Archives)
Source: WinMerge-2.16.42.1-x64-Setup.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: WinMerge-2.16.42.1-x64-Setup.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-EMDIS.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-EMDIS.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
PE file contains more sections than normal
Source: is-PL0C0.tmp.2.dr Static PE information: Number of sections : 13 > 10
PE file does not import any functions
Source: is-6IPI2.tmp.2.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1258604645.00000000024A6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs WinMerge-2.16.42.1-x64-Setup.exe
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1259623363.000000007FE32000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs WinMerge-2.16.42.1-x64-Setup.exe
Uses 32bit PE files
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-KU68J.tmp.2.dr Binary or memory string: f: \.vbproj$
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-NH2UA.tmp.2.dr Binary or memory string: for (var it = new Enumerator(prs.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-9OSMP.tmp.2.dr Binary or memory string: return (wbk.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-KU68J.tmp.2.dr Binary or memory string: f: \.csproj$
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-3QIHI.tmp.2.dr Binary or memory string: return (doc.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-NH2UA.tmp.2.dr Binary or memory string: return (prs.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-AU5OB.tmp.2.dr Binary or memory string: <li>BugFix:ALL.vs2019.sln cl : command line warning D9035: option &#39;Gm&#39;
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-9OSMP.tmp.2.dr Binary or memory string: for (var it = new Enumerator(wbk.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-AU5OB.tmp.2.dr Binary or memory string: <li>BugFix: Plugins\src_VCPP\VCPPPlugins.vs2017.sln can&#39;t open projects
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-3QIHI.tmp.2.dr Binary or memory string: for (var it = new Enumerator(doc.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-KU68J.tmp.2.dr Binary or memory string: f: \.sln$
Source: classification engine Classification label: clean15.winEXE@11/426@0/0
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_003614B0 CLSIDFromProgID,CoCreateInstance,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathIsContentTypeW,PathMatchSpecW,CoGetObject,CoGetObject,ShellExecuteExW,CoGetObject,LoadTypeLib,StrCmpIW,SysFreeString,PathMatchSpecW,FormatMessageW,FormatMessageW,FormatMessageW,LocalFree,LocalFree,LocalFree,MessageBoxW,LocalFree, 12_2_003614B0
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_003642B0 LoadLibraryExW,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary, 12_2_003642B0
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Mutant created: \Sessions\1\BaseNamedObjects\WinMergeWindowClassW-Default
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe File created: C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Command line argument: :7 12_2_003666D0
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File read: C:\Program Files\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe File read: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe "C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp "C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$1045C,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp "C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$1045C,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" Jump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: icu.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: taskflowdataengine.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: cdp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: icu.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: WinMerge.lnk.2.dr LNK file: ..\..\..\..\..\..\Program Files\WinMerge\WinMergeU.exe
Source: User's Guide.lnk.2.dr LNK file: ..\..\..\..\..\..\Program Files\WinMerge\Docs\WinMerge.chm
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-EMDIS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-8KFIH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-BOKA5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages\is-AJPUG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\LogoImages\is-123RC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-N9202.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-94VSN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-GS16B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-9AAPN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-N4IAN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-9TLH0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-F216O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-2OE2K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\is-T2IQ8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CC8DO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2KI1C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MFTUR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RLCQE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UFVDL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-V2DS1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1OLB5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8OUR1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-NSAVI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5JV0F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-QTVOA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SEQFO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I4R65.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L5DSD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EIVB1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8J2GB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-T5LO6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5IF1K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MBIS3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQ8OJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KPC0E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A2H5R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IQRO7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I8C88.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5BGTK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-U6B2R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q6405.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IGN31.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KOF2H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8M9MB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KT48M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LESGM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-D9ULS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-81U24.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A79QI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-18MT0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-G0RIE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-40BBT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5LSIG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-095NN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RRR6V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7HKTF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7B519.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O4BKH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VB2M5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-F1C4H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O6IBK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LKCB9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I0SMR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TPUIS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-460A9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KVANL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RFFJN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MP3U7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3BTA1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LM6PD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L3JBH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RLC0B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3QGBK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HSRKA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SC7H2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-U4CMV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-DJV3P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-OATG4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IV9B1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MIG3S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2FJR9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GLNOI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IB9K7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RR2CP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2K3ER.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PJATC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-062RB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VHVRF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-86JF7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O6AIB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P8F36.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-QE2TL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IV017.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O2RF7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-G6U2G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-S4I54.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5H1TG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3SHFN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5NB3V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q5E7J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TQKGS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5DDJJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7JJ6E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-18VUR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q6RS3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Merge7z\Lang\is-55RUK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-C9ASJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-KU68J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-4MAJS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-8LHOI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-86KD6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-GA46K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-5S810.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-MTBD4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-2JLJ0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-48EUL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-90M06.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-IQAC2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Filters\is-N9DSO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-LSRQE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-2NN26.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-2PJ95.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-QLCD7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\ColorSchemes\is-95E7P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-JTKBP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-55BS4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-TQ5R4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-AU5OB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-A83LN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Docs\is-OQP0O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-NTAH8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-M5C1V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-7SDCN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-9OSMP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-2HSEA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-NH2UA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-3QIHI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-OOK1U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-UG553.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-R5IB7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-SDIOV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-TTL9V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-UABSB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-NSMAB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\MergePlugins\is-TGIBM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\is-DGDQL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\is-SEBEO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-JED1G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-3P06G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-EH03O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-A48B5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Docs\is-3A4QE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-ELRQ5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-QJ1OV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-CQ6K8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-LHA2S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-QJRBC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Frhed\Languages\is-6IPI2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-7D00P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-L2LCJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinIMerge\is-4MHIU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\is-RITAQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-KTPRH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-56PDA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-1MJTI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-FJG2V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-24R37.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\WinWebDiff\is-NDGUQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-PL0C0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-LHVU8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-RH2AK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin\is-7CCUQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-1J3J1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-4244D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-D4ROF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-GE2F3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-KVURD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs\is-QFR17.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1\is-PVN7H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3\is-O2OLC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7\is-OAE1R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-JQ84E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-O4U6I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-H1MRE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq\is-M8DN4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\jq\is-UNI1O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-7F9O8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-2BIF0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-H30VV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-QI0H0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\md4c\is-01OJE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-5TT1R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-9NNL4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\PlantUML\is-0DQDS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-U552Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-Q7I9M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-5UK3C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-883O4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-P2R54.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\q\is-AE60A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-75HBF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-0URJH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\yq\is-QCED5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\dumpbin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\dumpbin\is-OKI3E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\ildasm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\ildasm\is-BG924.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-RHQ7R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-J0G1K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\Java\is-TI4KR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\Commands\is-QDPG4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Directory created: C:\Program Files\WinMerge\unins000.msg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMerge_is1 Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: certificate valid
Source: WinMerge-2.16.42.1-x64-Setup.exe Static file information: File size 9992352 > 1048576
Source: WinMerge-2.16.42.1-x64-Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreCommentsC.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-UABSB.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\winwebdiff\Build\x64\Release\WinWebDiff\WinWebDiffLib.pdb source: is-NDGUQ.tmp.2.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: is-RITAQ.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb! source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.dr
Source: Binary string: f: \.pdb$ ## VC program database file (debugging symbolic information) source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdbGCTL source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Build\x64\Release\WinMergeContextMenu.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-9AAPN.tmp.2.dr
Source: Binary string: E:\dev\winmerge\Build\x64\Release\Merge7z\Merge7z.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\WinMerge\winmerge-3pane\stable\Plugins\WinMerge32BitPluginProxy\Release\WinMerge32BitPluginProxy.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000000.1474620921.0000000000373000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreColumns.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-TTL9V.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsTab.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: is-RITAQ.tmp.2.dr
Source: Binary string: E:\dev\winmerge\Externals\winimerge\Build\x64\Release\WinIMerge\WinIMergeLib.pdb source: is-4MHIU.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsComma.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-NSMAB.tmp.2.dr
PE file contains sections with non-standard names
Source: is-8KFIH.tmp.2.dr Static PE information: section name: .didat
Source: is-4MHIU.tmp.2.dr Static PE information: section name: _RDATA
Source: is-NDGUQ.tmp.2.dr Static PE information: section name: _RDATA
Source: is-PL0C0.tmp.2.dr Static PE information: section name: /4
Source: is-PL0C0.tmp.2.dr Static PE information: section name: .buildid
Source: is-PL0C0.tmp.2.dr Static PE information: section name: /19
Source: is-PL0C0.tmp.2.dr Static PE information: section name: /38
Source: is-PL0C0.tmp.2.dr Static PE information: section name: .cygheap
Source: is-LHVU8.tmp.2.dr Static PE information: section name: .buildid
Source: is-LHVU8.tmp.2.dr Static PE information: section name: /4
Source: is-RH2AK.tmp.2.dr Static PE information: section name: .buildid
Source: is-RH2AK.tmp.2.dr Static PE information: section name: /4
Source: is-M8DN4.tmp.2.dr Static PE information: section name: .eh_fram
Source: is-7F9O8.tmp.2.dr Static PE information: section name: /4
Source: is-2BIF0.tmp.2.dr Static PE information: section name: /4
Source: is-H30VV.tmp.2.dr Static PE information: section name: /4
Registers a DLL
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_00369B64 push ecx; ret 12_2_00369B77
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_00369355 push ecx; ret 12_2_00369368
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\is-TTL9V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-RH2AK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\tidy-html5\is-O4U6I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-PL0C0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Merge7z\7z.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Merge7z\is-F216O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe File created: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-RITAQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\is-7F9O8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-9AAPN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\vcomp140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\is-H30VV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Frhed\Languages\is-6IPI2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\jq\is-M8DN4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\is-TGIBM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-94VSN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Users\user\AppData\Local\Temp\is-9I7HC.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\is-NSMAB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinIMerge\is-4MHIU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinMergeU.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\ShellExtensionU.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-8KFIH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinWebDiff\is-NDGUQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\is-UABSB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-GS16B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\tidy-html5\is-JQ84E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\ShellExtensionX64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Merge7z\is-9TLH0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\is-2BIF0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-LHVU8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-EMDIS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Frhed\is-SEBEO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\jq\jq.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\is-N9202.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy) Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Window found: window name: progman Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\WinMerge.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\User's Guide.lnk Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0036815B EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 12_2_0036815B
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-TTL9V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-RH2AK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-TGIBM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\is-94VSN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\is-O4U6I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-9I7HC.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-NSMAB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinIMerge\is-4MHIU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-PL0C0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\ShellExtensionU.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\7z.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\is-F216O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinWebDiff\is-NDGUQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-UABSB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\is-JQ84E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\is-GS16B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\ShellExtensionX64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\is-9TLH0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-2BIF0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-LHVU8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\is-RITAQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\is-SEBEO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-7F9O8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\is-9AAPN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\vcomp140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\jq\jq.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-H30VV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\Languages\is-6IPI2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\jq\is-M8DN4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Dropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy) Jump to dropped file
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1542908869.00000000008CD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}H
Source: WinMergeU.exe, 0000000E.00000003.1487799230.0000021A42473000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}E
Source: WinMergeU.exe, 0000000E.00000003.1487799230.0000021A42473000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0036706D IsDebuggerPresent, 12_2_0036706D
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0036C624 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 12_2_0036C624
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_00367FF7 GetProcessHeap, 12_2_00367FF7
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_003699A5 SetUnhandledExceptionFilter, 12_2_003699A5
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_003699D6 SetUnhandledExceptionFilter,UnhandledExceptionFilter, 12_2_003699D6
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002309000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: progmanq
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021C1000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002309000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: progman
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.00000000022B3000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: progman!
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_0036B810 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 12_2_0036B810
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe Code function: 12_2_003622B0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ, 12_2_003622B0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1541102 Sample: WinMerge-2.16.42.1-x64-Setup.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 15 6 WinMerge-2.16.42.1-x64-Setup.exe 2 2->6         started        file3 21 C:\Users\...\WinMerge-2.16.42.1-x64-Setup.tmp, PE32 6->21 dropped 9 WinMerge-2.16.42.1-x64-Setup.tmp 48 263 6->9         started        process4 file5 23 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 9->23 dropped 25 C:\Program Files\...\vcomp140.dll (copy), PE32+ 9->25 dropped 27 C:\Program Files\...\unins000.exe (copy), PE32 9->27 dropped 29 50 other files (none is malicious) 9->29 dropped 31 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 9->31 13 regsvr32.exe 41 9->13         started        15 WinMergeU.exe 1 9->15         started        17 WinMergeU.exe 9 6 9->17         started        19 WinMerge32BitPluginProxy.exe 23 9->19         started        signatures6 process7
No contacted IP infos