Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WinMerge-2.16.42.1-x64-Setup.exe

Overview

General Information

Sample name:WinMerge-2.16.42.1-x64-Setup.exe
Analysis ID:1541102
MD5:694814dfeb6bc886adc91431fa3710f8
SHA1:d4eed6294c367837aa5ad810a79dd807ed2178b5
SHA256:5771f2a0553f53684b0e74161ed8749c4dda270f166edac253982366aee39bd3
Infos:

Detection

Score:15
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample file is different than original file name gathered from version info
Sigma detected: Classes Autorun Keys Modification
Sigma detected: Use Short Name Path in Command Line
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • WinMerge-2.16.42.1-x64-Setup.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" MD5: 694814DFEB6BC886ADC91431FA3710F8)
    • WinMerge-2.16.42.1-x64-Setup.tmp (PID: 7364 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$1045C,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" MD5: 364B8FA0269A0789DCB7A9673C7757E4)
      • regsvr32.exe (PID: 8064 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
      • WinMerge32BitPluginProxy.exe (PID: 8080 cmdline: "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer MD5: 0BF44140B929D5B80CF5F3A8FBA33767)
      • WinMergeU.exe (PID: 8160 cmdline: "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097 MD5: 4D8808EB623326E39416F884B2DF745B)
      • WinMergeU.exe (PID: 6936 cmdline: "C:\Program Files\WinMerge\WinMergeU.exe" MD5: 4D8808EB623326E39416F884B2DF745B)
  • cleanup
No configs have been found
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: {4E716236-AA30-4C65-B225-D68BBA81E9C2}, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\regsvr32.exe, ProcessId: 8064, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinMerge\(Default)
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$1045C,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$1045C,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp, ParentCommandLine: "C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe", ParentImage: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe, ParentProcessId: 7308, ParentProcessName: WinMerge-2.16.42.1-x64-Setup.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$1045C,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" , ProcessId: 7364, ProcessName: WinMerge-2.16.42.1-x64-Setup.tmp
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePluginsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-EMDIS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-8KFIH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-BOKA5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImagesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImages\is-AJPUG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImages\is-123RC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-N9202.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-94VSN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-GS16B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-9AAPN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-N4IAN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7zJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-9TLH0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-F216O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-2OE2K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-T2IQ8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\LangJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CC8DO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2KI1C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MFTUR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RLCQE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UFVDL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-V2DS1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1OLB5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8OUR1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-NSAVI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5JV0F.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-QTVOA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SEQFO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I4R65.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L5DSD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EIVB1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8J2GB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-T5LO6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5IF1K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MBIS3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQ8OJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KPC0E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A2H5R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IQRO7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I8C88.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5BGTK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-U6B2R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q6405.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IGN31.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KOF2H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8M9MB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KT48M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LESGM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-D9ULS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-81U24.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A79QI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-18MT0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-G0RIE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-40BBT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5LSIG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-095NN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RRR6V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7HKTF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7B519.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O4BKH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VB2M5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-F1C4H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O6IBK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LKCB9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I0SMR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TPUIS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-460A9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KVANL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RFFJN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MP3U7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3BTA1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LM6PD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L3JBH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RLC0B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3QGBK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HSRKA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SC7H2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-U4CMV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-DJV3P.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-OATG4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IV9B1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MIG3S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2FJR9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GLNOI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IB9K7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RR2CP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2K3ER.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PJATC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-062RB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VHVRF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-86JF7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O6AIB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P8F36.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-QE2TL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IV017.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O2RF7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-G6U2G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-S4I54.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5H1TG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3SHFN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5NB3V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q5E7J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TQKGS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5DDJJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7JJ6E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-18VUR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q6RS3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-55RUK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\FiltersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-C9ASJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-KU68J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-4MAJS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-8LHOI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-86KD6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-GA46K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-5S810.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-MTBD4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-2JLJ0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-48EUL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-90M06.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-IQAC2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-N9DSO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-LSRQE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-2NN26.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-2PJ95.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-QLCD7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-95E7P.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\DocsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-JTKBP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-55BS4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-TQ5R4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-AU5OB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-A83LN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-OQP0O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-NTAH8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-M5C1V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-7SDCN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-9OSMP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-2HSEA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-NH2UA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-3QIHI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-OOK1U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-UG553.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-R5IB7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-SDIOV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-TTL9V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-UABSB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-NSMAB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-TGIBM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\FrhedJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\is-DGDQL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\is-SEBEO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\DocsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-JED1G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-3P06G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-EH03O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-A48B5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-3A4QE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\LanguagesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-ELRQ5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-QJ1OV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-CQ6K8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-LHA2S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-QJRBC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-6IPI2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-7D00P.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-L2LCJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-4MHIU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-RITAQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiffJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-KTPRH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-56PDA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-1MJTI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-FJG2V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-24R37.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-NDGUQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\CommandsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usrJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\binJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-PL0C0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-LHVU8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-RH2AK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\shareJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin\is-7CCUQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\docJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\MsysJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-1J3J1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-4244D.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-D4ROF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\infoJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-GE2F3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-KVURD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licensesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs\is-QFR17.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\manJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1\is-PVN7H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3\is-O2OLC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7\is-OAE1R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-JQ84E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-O4U6I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-H1MRE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jqJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jq\is-M8DN4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jq\is-UNI1O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4cJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-7F9O8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-2BIF0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-H30VV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-QI0H0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-01OJE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUMLJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-5TT1R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-9NNL4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-0DQDS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-TikaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-U552Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-Q7I9M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-5UK3C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\qJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-883O4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-P2R54.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-AE60A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yqJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-75HBF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-0URJH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-QCED5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\dumpbinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\dumpbin\is-OKI3E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\ildasmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\ildasm\is-BG924.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\JavaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-RHQ7R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-J0G1K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-TI4KR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\is-QDPG4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMerge_is1Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: certificate valid
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreCommentsC.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-UABSB.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\winwebdiff\Build\x64\Release\WinWebDiff\WinWebDiffLib.pdb source: is-NDGUQ.tmp.2.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: is-RITAQ.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb! source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.dr
Source: Binary string: f: \.pdb$ ## VC program database file (debugging symbolic information) source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdbGCTL source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Build\x64\Release\WinMergeContextMenu.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-9AAPN.tmp.2.dr
Source: Binary string: E:\dev\winmerge\Build\x64\Release\Merge7z\Merge7z.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\WinMerge\winmerge-3pane\stable\Plugins\WinMerge32BitPluginProxy\Release\WinMerge32BitPluginProxy.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000000.1474620921.0000000000373000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreColumns.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-TTL9V.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsTab.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: is-RITAQ.tmp.2.dr
Source: Binary string: E:\dev\winmerge\Externals\winimerge\Build\x64\Release\WinIMerge\WinIMergeLib.pdb source: is-4MHIU.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsComma.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-NSMAB.tmp.2.dr
Source: is-8KFIH.tmp.2.drString found in binary or memory: http://192.168.1.101:3703/soap/WinMerge/Program%20Icons/Splash%20and%20About/concept.psd
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bonedaddy.net/pabs3/files/frhed/
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://counter-strike.com.ua/
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0X
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-6IPI2.tmp.2.dr, is-CQ6K8.tmp.2.dr, is-LHA2S.tmp.2.dr, is-QJRBC.tmp.2.drString found in binary or memory: http://frhed.sourceforge.net/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.drString found in binary or memory: http://frhed.sourceforge.net/Docs
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.drString found in binary or memory: http://frhed.sourceforge.netN
Source: is-RH2AK.tmp.2.drString found in binary or memory: http://gnu.org/licenses/gpl.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: http://google.github.io/googletest/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.c2i.net/freewaretips/
Source: is-NDGUQ.tmp.2.drString found in binary or memory: http://https://www.google.com/search?q=cssContentSizewidthheightPage.getLayoutMetrics
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g20
Source: is-9NNL4.tmp.2.drString found in binary or memory: http://plantuml.com
Source: is-9NNL4.tmp.2.drString found in binary or memory: http://plantuml.com/patreon
Source: is-9NNL4.tmp.2.drString found in binary or memory: http://plantuml.com/paypal
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-TTL9V.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NSMAB.tmp.2.drString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-NDGUQ.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-CQ6K8.tmp.2.drString found in binary or memory: http://sourceforge.net/tracker/?
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-6IPI2.tmp.2.dr, is-LHA2S.tmp.2.dr, is-QJRBC.tmp.2.drString found in binary or memory: http://sourceforge.net/tracker/?group_id=13216&atid=113216
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://subca.ocsp-certum.com01
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://subca.ocsp-certum.com02
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://subca.ocsp-certum.com05
Source: is-AU5OB.tmp.2.drString found in binary or memory: http://winmerge.org/docs/manual/
Source: WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://www.appinf.com/features/enable-partial-reads
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-ampl
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://www.appinf.com/properties/bla-activation-threshold
Source: WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplification
Source: WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/properties/bla-maximum-amplificationJ
Source: is-9NNL4.tmp.2.drString found in binary or memory: http://www.archimatetool.com
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: http://www.certum.pl/CPS0
Source: is-9NNL4.tmp.2.drString found in binary or memory: http://www.chapman.edu/~jipsen
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.geocities.co.jp/SiliconValley-SanJose/8165/winmerge.htmld
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1543115041.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-56PDA.tmp.2.drString found in binary or memory: http://www.gnu.org/licenses/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1543115041.000000000018D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: http://www.html-tidy.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1258604645.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1259623363.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000000.1260284439.0000000000401000.00000020.00000001.01000000.00000004.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp.0.drString found in binary or memory: http://www.innosetup.com/
Source: WinMerge-2.16.42.1-x64-Setup.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-EH03O.tmp.2.drString found in binary or memory: http://www.kibria.de
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.palkornel.hu/innosetup%1
Source: is-9NNL4.tmp.2.drString found in binary or memory: http://www.pierce.ctc.edu/dlippman
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1258604645.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1259623363.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000000.1260284439.0000000000401000.00000020.00000001.01000000.00000004.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp.0.drString found in binary or memory: http://www.remobjects.com/ps
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unrealtexture.com/Unreal/Website/Downloads/3DEditing/UnrealEditor/Tools/Info/frhed_v11/fr
Source: is-AU5OB.tmp.2.drString found in binary or memory: http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2011-4997.php
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitiesold
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://xml.org/sax/features/namespaces
Source: WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespacesLEAUT
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://xml.org/sax/features/string-interning
Source: WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-internings
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://xml.org/sax/features/validation
Source: WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validationE
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handlerent
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-2OE2K.tmp.2.drString found in binary or memory: https://7-zip.org/history.txt
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://TamilNeram.github.io
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002343000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://WinMerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002241000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://WinMerge.org/1
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002241000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002343000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://WinMerge.org/q
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.openai.com/v1/chat/completions
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://app.transifex.com/rockytdr/teams/91037/nl/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.winmerge.org/
Source: is-RHQ7R.tmp.2.drString found in binary or memory: https://download.java.net/java/GA/jdk%OpenJDKVer%/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-%Op
Source: is-TI4KR.tmp.2.drString found in binary or memory: https://download.java.net/java/GA/jdk19.0.2/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-19.0.2_wi
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://downzen.com
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-95E7P.tmp.2.drString found in binary or memory: https://ethanschoonover.com/solarized/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://forums.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://forums.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://forums.winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://freeimage.sourceforge.io/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://frhed.sourceforge.net/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Patriccollu/Lingua_Corsa-Infurmatica/#readme
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://github.com/VenusGirl
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/VenusGirl/winmerge
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-3P06G.tmp.2.drString found in binary or memory: https://github.com/WinMerge/frhed/graphs/contributors
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://github.com/WinMerge/winimerge/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://github.com/WinMerge/winmerge
Source: is-AU5OB.tmp.2.drString found in binary or memory: https://github.com/WinMerge/winmerge-v2/issues/41
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-2NN26.tmp.2.drString found in binary or memory: https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.ini
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002161000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WinMerge/winmerge/discussions
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539157785.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1544095804.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539390223.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drString found in binary or memory: https://github.com/WinMerge/winmerge/discussions.
Source: is-AU5OB.tmp.2.drString found in binary or memory: https://github.com/WinMerge/winmerge/discussions/1139
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1544095804.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539390223.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drString found in binary or memory: https://github.com/WinMerge/winmerge/issues
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://github.com/WinMerge/winwebdiff/)
Source: is-NDGUQ.tmp.2.drString found in binary or memory: https://github.com/WinMerge/winwebdiffD
Source: is-55BS4.tmp.2.drString found in binary or memory: https://github.com/git/git/tree/master/xdiff)
Source: is-AE60A.tmp.2.drString found in binary or memory: https://github.com/harelba/q/archive/refs/tags/2.0.19.zip
Source: is-AE60A.tmp.2.dr, is-883O4.tmp.2.drString found in binary or memory: https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-95E7P.tmp.2.drString found in binary or memory: https://github.com/keeleyt83/winmerge-solarized-dark
Source: is-55BS4.tmp.2.drString found in binary or memory: https://github.com/microsoft/wil)
Source: is-QCED5.tmp.2.drString found in binary or memory: https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zip
Source: is-QCED5.tmp.2.dr, is-75HBF.tmp.2.drString found in binary or memory: https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://github.com/mity/md4c)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://github.com/msys2/MSYS2-packages/tree/master/patch)
Source: is-TI4KR.tmp.2.drString found in binary or memory: https://github.com/openjdk/jdk19u/archive/refs/tags/jdk-19.0.2-ga.zip
Source: is-0DQDS.tmp.2.drString found in binary or memory: https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jar
Source: is-0DQDS.tmp.2.drString found in binary or memory: https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0.jar
Source: is-4MHIU.tmp.2.drString found in binary or memory: https://github.com/winmerge/winimergeB
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wvxwxvw
Source: is-AU5OB.tmp.2.drString found in binary or memory: https://gyazo.com/17d8773354d23b5ae51262f28b0f1f80
Source: is-AU5OB.tmp.2.drString found in binary or memory: https://gyazo.com/7cbbbd2c1de195fcd214d588b21b21d4
Source: is-AU5OB.tmp.2.drString found in binary or memory: https://gyazo.com/b605edb820bc52d0f4f6232eb8ad78aa
Source: is-AU5OB.tmp.2.drString found in binary or memory: https://gyazo.com/f5f267546db27f2dc801c00df8cb4251
Source: is-AU5OB.tmp.2.drString found in binary or memory: https://i.gyazo.com/af18960bd1f121213a2cd9287cae9cf4.gif
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://jrsoftware.org/files/is/license.txt)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://jrsoftware.org/isinfo.php)
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://manual.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://manual.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002264000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drString found in binary or memory: https://manual.winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://manual.winmerge.org/Quick_start.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drString found in binary or memory: https://manual.winmerge.org/Quick_start.html.
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002220000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://manual.winmerge.org/en/Quick_start.html.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: https://manual.winmerge.org/index.htmlDocs/WinMerge%s.chmhttps://winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://platform.openai.com/api-keys
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://pocoproject.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://project.winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://project.winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002161000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://project.winmerge.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://rapidjson.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://savannah.gnu.org/projects/patch/
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021C1000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002192000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002264000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/forum/?group_id=13216
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/tracker/?group_id=13216&atid=113216
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021C1000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002192000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002264000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/tracker/?group_id=13216&atid=363216
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://stedolan.github.io/jq/)
Source: is-9NNL4.tmp.2.drString found in binary or memory: https://useiconic.com/open
Source: WinMergeU.exe, WinMerge-2.16.42.1-x64-Setup.exeString found in binary or memory: https://winmerge.org
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002220000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://winmerge.org.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://winmerge.org/
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drString found in binary or memory: https://winmerge.org/.
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://winmerge.org/?lang=ko
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: https://winmerge.org/translations/http://www.gnu.org/licenses/gpl-2.0.html&amp
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1499379423.00007FF673F79000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000000.1485756906.00007FF673F9E000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000000.1527353484.00007FF673F9E000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522738342.00007FF673F79000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520635460.000001A47BA10000.00000002.00000001.00040000.0000000A.sdmp, is-8KFIH.tmp.2.drString found in binary or memory: https://winmerge.org:
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.drString found in binary or memory: https://winmerge.orgn#
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://www.7-zip.org/)
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drString found in binary or memory: https://www.boost.org/)
Source: WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drString found in binary or memory: https://www.certum.pl/CPS0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/06
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021D5000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539062337.000000000337A000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1538520613.0000000003381000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539157785.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1544095804.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.00000000022A7000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539390223.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.00000000053A0000.00000004.00001000.00020000.00000000.sdmp, is-OQP0O.tmp.2.drString found in binary or memory: https://www.gnu.org/licenses/lgpl.html
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.transifex.com/rockytdr/teams/91037/nl/)
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_003710AA12_2_003710AA
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0036ECC212_2_0036ECC2
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0037190F12_2_0037190F
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0036815B12_2_0036815B
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0036F23412_2_0036F234
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0036FF4E12_2_0036FF4E
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0036F7A612_2_0036F7A6
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: String function: 00369310 appears 31 times
Source: WinMerge-2.16.42.1-x64-Setup.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: WinMerge-2.16.42.1-x64-Setup.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-EMDIS.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-EMDIS.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-PL0C0.tmp.2.drStatic PE information: Number of sections : 13 > 10
Source: is-6IPI2.tmp.2.drStatic PE information: No import functions for PE file found
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1258604645.00000000024A6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs WinMerge-2.16.42.1-x64-Setup.exe
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1259623363.000000007FE32000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs WinMerge-2.16.42.1-x64-Setup.exe
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-KU68J.tmp.2.drBinary or memory string: f: \.vbproj$
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-NH2UA.tmp.2.drBinary or memory string: for (var it = new Enumerator(prs.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-9OSMP.tmp.2.drBinary or memory string: return (wbk.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-KU68J.tmp.2.drBinary or memory string: f: \.csproj$
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-3QIHI.tmp.2.drBinary or memory string: return (doc.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-NH2UA.tmp.2.drBinary or memory string: return (prs.VBProject.VBComponents.Count >= 0);
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-AU5OB.tmp.2.drBinary or memory string: <li>BugFix:ALL.vs2019.sln cl : command line warning D9035: option &#39;Gm&#39;
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-9OSMP.tmp.2.drBinary or memory string: for (var it = new Enumerator(wbk.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-AU5OB.tmp.2.drBinary or memory string: <li>BugFix: Plugins\src_VCPP\VCPPPlugins.vs2017.sln can&#39;t open projects
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-3QIHI.tmp.2.drBinary or memory string: for (var it = new Enumerator(doc.VBProject.VBComponents); !it.atEnd(); it.moveNext()) {
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-KU68J.tmp.2.drBinary or memory string: f: \.sln$
Source: classification engineClassification label: clean15.winEXE@11/426@0/0
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_003614B0 CLSIDFromProgID,CoCreateInstance,PathMatchSpecW,PathMatchSpecW,PathMatchSpecW,PathIsContentTypeW,PathMatchSpecW,CoGetObject,CoGetObject,ShellExecuteExW,CoGetObject,LoadTypeLib,StrCmpIW,SysFreeString,PathMatchSpecW,FormatMessageW,FormatMessageW,FormatMessageW,LocalFree,LocalFree,LocalFree,MessageBoxW,LocalFree,12_2_003614B0
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_003642B0 LoadLibraryExW,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,12_2_003642B0
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeMutant created: \Sessions\1\BaseNamedObjects\WinMergeWindowClassW-Default
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeFile created: C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmpJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCommand line argument: :712_2_003666D0
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile read: C:\Program Files\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeFile read: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe "C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp "C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$1045C,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe"
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp "C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$1045C,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe "C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Program Files\WinMerge\WinMergeU.exe "C:\Program Files\WinMerge\WinMergeU.exe"Jump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: icu.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: mlang.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: cdp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: icu.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: mlang.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: sxs.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: WinMerge.lnk.2.drLNK file: ..\..\..\..\..\..\Program Files\WinMerge\WinMergeU.exe
Source: User's Guide.lnk.2.drLNK file: ..\..\..\..\..\..\Program Files\WinMerge\Docs\WinMerge.chm
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow detected: License AgreementGNU General Public LicenseWhen you are ready to continue with Setup click Next.GNU GENERAL PUBLIC LICENSEVersion 2 June 1991 Copyright (C) 1989 1991 Free Software Foundation Inc. 59 Temple Place - Suite 330 Boston MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. PreambleThe licenses for most software are designed to take away your freedom to share and change it. By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs too. When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it. For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software and (2) offer you this license which gives you legal permission to copy distribute and/or modify the software. Also for each author's protection and ours we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors' reputations. Finally any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary. To prevent this we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying distribution and modification follow. TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION0. This License applies to any program or other work which contains a notice placed by the copyri
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePluginsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-EMDIS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-8KFIH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-BOKA5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImagesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImages\is-AJPUG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\LogoImages\is-123RC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-N9202.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-94VSN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-GS16B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-9AAPN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-N4IAN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7zJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-9TLH0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-F216O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-2OE2K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\is-T2IQ8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\LangJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-CC8DO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2KI1C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MFTUR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RLCQE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-UFVDL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-V2DS1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-1OLB5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8OUR1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-NSAVI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5JV0F.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-QTVOA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SEQFO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I4R65.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L5DSD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-EIVB1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8J2GB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-T5LO6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5IF1K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MBIS3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GQ8OJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KPC0E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A2H5R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IQRO7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I8C88.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5BGTK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-U6B2R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q6405.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IGN31.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KOF2H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-8M9MB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KT48M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LESGM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-D9ULS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-81U24.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-A79QI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-18MT0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-G0RIE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-40BBT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5LSIG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-095NN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RRR6V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7HKTF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7B519.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O4BKH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VB2M5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-F1C4H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O6IBK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LKCB9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-I0SMR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TPUIS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-460A9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-KVANL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RFFJN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MP3U7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3BTA1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-LM6PD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-L3JBH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RLC0B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3QGBK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-HSRKA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-SC7H2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-U4CMV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-DJV3P.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-OATG4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IV9B1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-MIG3S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2FJR9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-GLNOI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IB9K7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-RR2CP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-2K3ER.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-PJATC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-062RB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-VHVRF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-86JF7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O6AIB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-P8F36.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-QE2TL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-IV017.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-O2RF7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-G6U2G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-S4I54.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5H1TG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-3SHFN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5NB3V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q5E7J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-TQKGS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-5DDJJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-7JJ6E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-18VUR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-Q6RS3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Merge7z\Lang\is-55RUK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\FiltersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-C9ASJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-KU68J.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-4MAJS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-8LHOI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-86KD6.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-GA46K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-5S810.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-MTBD4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-2JLJ0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-48EUL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-90M06.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-IQAC2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Filters\is-N9DSO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-LSRQE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-2NN26.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-2PJ95.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-QLCD7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\ColorSchemes\is-95E7P.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\DocsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-JTKBP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-55BS4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-TQ5R4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-AU5OB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-A83LN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Docs\is-OQP0O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-NTAH8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-M5C1V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-7SDCN.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-9OSMP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-2HSEA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-NH2UA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-3QIHI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-OOK1U.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-UG553.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-R5IB7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-SDIOV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-TTL9V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-UABSB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-NSMAB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\MergePlugins\is-TGIBM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\FrhedJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\is-DGDQL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\is-SEBEO.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\DocsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-JED1G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-3P06G.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-EH03O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-A48B5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Docs\is-3A4QE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\LanguagesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-ELRQ5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-QJ1OV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-CQ6K8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-LHA2S.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-QJRBC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Frhed\Languages\is-6IPI2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-7D00P.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-L2LCJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinIMerge\is-4MHIU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\is-RITAQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiffJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-KTPRH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-56PDA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-1MJTI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-FJG2V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-24R37.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\WinWebDiff\is-NDGUQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\CommandsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usrJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\binJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-PL0C0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-LHVU8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-RH2AK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\shareJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\cygwin\is-7CCUQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\docJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\MsysJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-1J3J1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-4244D.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\doc\Msys\is-D4ROF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\infoJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-GE2F3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\info\is-KVURD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licensesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\licenses\gcc-libs\is-QFR17.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\manJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man1\is-PVN7H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man3\is-O2OLC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\msys2\usr\share\man\man7\is-OAE1R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-JQ84E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-O4U6I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\tidy-html5\is-H1MRE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jqJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jq\is-M8DN4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\jq\is-UNI1O.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4cJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-7F9O8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-2BIF0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-H30VV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-QI0H0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\md4c\is-01OJE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUMLJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-5TT1R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-9NNL4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\PlantUML\is-0DQDS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-TikaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-U552Q.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-Q7I9M.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Apache-Tika\is-5UK3C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\qJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-883O4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-P2R54.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\q\is-AE60A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yqJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-75HBF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-0URJH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\yq\is-QCED5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\dumpbinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\dumpbin\is-OKI3E.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\ildasmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\ildasm\is-BG924.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\JavaJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-RHQ7R.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-J0G1K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\Java\is-TI4KR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\Commands\is-QDPG4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDirectory created: C:\Program Files\WinMerge\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMerge_is1Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: certificate valid
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic file information: File size 9992352 > 1048576
Source: WinMerge-2.16.42.1-x64-Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreCommentsC.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-UABSB.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\winwebdiff\Build\x64\Release\WinWebDiff\WinWebDiffLib.pdb source: is-NDGUQ.tmp.2.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: is-RITAQ.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb! source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.dr
Source: Binary string: f: \.pdb$ ## VC program database file (debugging symbolic information) source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\dev\winmerge-stable\BuildTmp\Src\Build\x64\Release\WinMergeU.pdbGCTL source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Build\x64\Release\WinMergeContextMenu.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-9AAPN.tmp.2.dr
Source: Binary string: E:\dev\winmerge\Build\x64\Release\Merge7z\Merge7z.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\WinMerge\winmerge-3pane\stable\Plugins\WinMerge32BitPluginProxy\Release\WinMerge32BitPluginProxy.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000000.1474620921.0000000000373000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreColumns.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-TTL9V.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsTab.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: is-RITAQ.tmp.2.dr
Source: Binary string: E:\dev\winmerge\Externals\winimerge\Build\x64\Release\WinIMerge\WinIMergeLib.pdb source: is-4MHIU.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Externals\frhed\Build\x64\Release\Frhed\hekseditU.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.dr
Source: Binary string: C:\dev\winmerge\Plugins\src_VCPP\Build\x64\Release\MergePlugins\IgnoreFieldsComma.pdb source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-NSMAB.tmp.2.dr
Source: is-8KFIH.tmp.2.drStatic PE information: section name: .didat
Source: is-4MHIU.tmp.2.drStatic PE information: section name: _RDATA
Source: is-NDGUQ.tmp.2.drStatic PE information: section name: _RDATA
Source: is-PL0C0.tmp.2.drStatic PE information: section name: /4
Source: is-PL0C0.tmp.2.drStatic PE information: section name: .buildid
Source: is-PL0C0.tmp.2.drStatic PE information: section name: /19
Source: is-PL0C0.tmp.2.drStatic PE information: section name: /38
Source: is-PL0C0.tmp.2.drStatic PE information: section name: .cygheap
Source: is-LHVU8.tmp.2.drStatic PE information: section name: .buildid
Source: is-LHVU8.tmp.2.drStatic PE information: section name: /4
Source: is-RH2AK.tmp.2.drStatic PE information: section name: .buildid
Source: is-RH2AK.tmp.2.drStatic PE information: section name: /4
Source: is-M8DN4.tmp.2.drStatic PE information: section name: .eh_fram
Source: is-7F9O8.tmp.2.drStatic PE information: section name: /4
Source: is-2BIF0.tmp.2.drStatic PE information: section name: /4
Source: is-H30VV.tmp.2.drStatic PE information: section name: /4
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess created: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_00369B64 push ecx; ret 12_2_00369B77
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_00369355 push ecx; ret 12_2_00369368
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\is-TTL9V.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-RH2AK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\tidy-html5\is-O4U6I.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-PL0C0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Merge7z\7z.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Merge7z\is-F216O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeFile created: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-RITAQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\is-7F9O8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-9AAPN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\vcomp140.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\is-H30VV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Frhed\Languages\is-6IPI2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\jq\is-M8DN4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\is-TGIBM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-94VSN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9I7HC.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\is-NSMAB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinIMerge\is-4MHIU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinMergeU.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\ShellExtensionU.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-8KFIH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinWebDiff\is-NDGUQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\is-UABSB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-GS16B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\tidy-html5\is-JQ84E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\ShellExtensionX64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Merge7z\is-9TLH0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\is-2BIF0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-LHVU8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-EMDIS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Frhed\is-SEBEO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\jq\jq.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\is-N9202.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy)Jump to dropped file

Boot Survival

barindex
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpWindow found: window name: progmanJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMergeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\WinMerge.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\User's Guide.lnkJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0036815B EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_0036815B
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-TTL9V.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-RH2AK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-TGIBM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\is-94VSN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\is-O4U6I.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-9I7HC.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-NSMAB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinIMerge\is-4MHIU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-PL0C0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\ShellExtensionU.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\7z.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\is-F216O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinWebDiff\is-NDGUQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\is-UABSB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\is-JQ84E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\is-GS16B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\ShellExtensionX64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\is-9TLH0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-2BIF0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-LHVU8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\is-RITAQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\is-SEBEO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-7F9O8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\is-9AAPN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\vcomp140.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\jq\jq.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\is-H30VV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Frhed\Languages\is-6IPI2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\jq\is-M8DN4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpDropped PE file which has not been started: C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy)Jump to dropped file
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_12-8613
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1542908869.00000000008CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}H
Source: WinMergeU.exe, 0000000E.00000003.1487799230.0000021A42473000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}E
Source: WinMergeU.exe, 0000000E.00000003.1487799230.0000021A42473000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeAPI call chain: ExitProcess graph end nodegraph_12-8614
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0036706D IsDebuggerPresent,12_2_0036706D
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0036C624 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,12_2_0036C624
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_00367FF7 GetProcessHeap,12_2_00367FF7
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_003699A5 SetUnhandledExceptionFilter,12_2_003699A5
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_003699D6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_003699D6
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002309000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: progmanq
Source: WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021C1000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002309000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: progman
Source: WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.00000000022B3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: progman!
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\WinMerge\WinMergeU.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_0036B810 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,12_2_0036B810
Source: C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeCode function: 12_2_003622B0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,12_2_003622B0
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter
1
Windows Service
1
Windows Service
3
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API
1
Registry Run Keys / Startup Folder
2
Process Injection
2
Process Injection
LSASS Memory131
Security Software Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading
1
Registry Run Keys / Startup Folder
1
Deobfuscate/Decode Files or Information
Security Account Manager2
Process Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading
2
Obfuscated Files or Information
NTDS2
System Owner/User Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Regsvr32
LSA Secrets1
File and Directory Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials22
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1541102 Sample: WinMerge-2.16.42.1-x64-Setup.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 15 6 WinMerge-2.16.42.1-x64-Setup.exe 2 2->6         started        file3 21 C:\Users\...\WinMerge-2.16.42.1-x64-Setup.tmp, PE32 6->21 dropped 9 WinMerge-2.16.42.1-x64-Setup.tmp 48 263 6->9         started        process4 file5 23 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 9->23 dropped 25 C:\Program Files\...\vcomp140.dll (copy), PE32+ 9->25 dropped 27 C:\Program Files\...\unins000.exe (copy), PE32 9->27 dropped 29 50 other files (none is malicious) 9->29 dropped 31 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 9->31 13 regsvr32.exe 41 9->13         started        15 WinMergeU.exe 1 9->15         started        17 WinMergeU.exe 9 6 9->17         started        19 WinMerge32BitPluginProxy.exe 23 9->19         started        signatures6 process7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
WinMerge-2.16.42.1-x64-Setup.exe3%ReversingLabs
SourceDetectionScannerLabelLink
C:\Program Files\WinMerge\Commands\jq\is-M8DN4.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\jq\jq.exe (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\is-2BIF0.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\is-7F9O8.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\is-H30VV.tmp3%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\libmd4c-html.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\libmd4c.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\md4c\md2html.exe (copy)3%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-LHVU8.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-PL0C0.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\is-RH2AK.tmp0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-2.0.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\msys-gcc_s-1.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\msys2\usr\bin\patch.exe (copy)0%ReversingLabs
C:\Program Files\WinMerge\Commands\tidy-html5\is-JQ84E.tmp3%ReversingLabs
C:\Program Files\WinMerge\Commands\tidy-html5\is-O4U6I.tmp7%ReversingLabs
C:\Program Files\WinMerge\Commands\tidy-html5\tidy.dll (copy)3%ReversingLabs
C:\Program Files\WinMerge\Commands\tidy-html5\tidy.exe (copy)7%ReversingLabs
C:\Program Files\WinMerge\Frhed\Languages\heksedit.lng (copy)0%ReversingLabs
C:\Program Files\WinMerge\Frhed\Languages\is-6IPI2.tmp0%ReversingLabs
C:\Program Files\WinMerge\Frhed\hekseditU.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Frhed\is-SEBEO.tmp0%ReversingLabs
C:\Program Files\WinMerge\Merge7z\7z.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Merge7z\Merge7z.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\Merge7z\is-9TLH0.tmp0%ReversingLabs
C:\Program Files\WinMerge\Merge7z\is-F216O.tmp0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\IgnoreColumns.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\IgnoreCommentsC.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsComma.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\IgnoreFieldsTab.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\is-NSMAB.tmp0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\is-TGIBM.tmp0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\is-TTL9V.tmp0%ReversingLabs
C:\Program Files\WinMerge\MergePlugins\is-UABSB.tmp0%ReversingLabs
C:\Program Files\WinMerge\ShellExtensionU.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\ShellExtensionX64.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinIMerge\WinIMergeLib.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinIMerge\is-4MHIU.tmp0%ReversingLabs
C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe (copy)2%ReversingLabs
C:\Program Files\WinMerge\WinMergeContextMenu.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinMergeU.exe (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinWebDiff\WinWebDiffLib.dll (copy)0%ReversingLabs
C:\Program Files\WinMerge\WinWebDiff\is-NDGUQ.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-8KFIH.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-94VSN.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-9AAPN.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-EMDIS.tmp4%ReversingLabs
C:\Program Files\WinMerge\is-GS16B.tmp0%ReversingLabs
C:\Program Files\WinMerge\is-N9202.tmp2%ReversingLabs
C:\Program Files\WinMerge\is-RITAQ.tmp0%ReversingLabs
C:\Program Files\WinMerge\unins000.exe (copy)4%ReversingLabs
C:\Program Files\WinMerge\vcomp140.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-9I7HC.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp4%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://www.certum.pl/CPS00%URL Reputationsafe
http://www.innosetup.com/0%URL Reputationsafe
http://crl.certum.pl/ctnca.crl0k0%URL Reputationsafe
http://subca.ocsp-certum.com020%URL Reputationsafe
http://subca.ocsp-certum.com010%URL Reputationsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.gnu.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpfalse
    unknown
    https://github.com/wvxwxvwWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpfalse
      unknown
      https://sourceforge.net/tracker/?group_id=13216&atid=363216WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021C1000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002192000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002264000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpfalse
        unknown
        http://www.appinf.com/properties/bla-activation-thresholdWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drfalse
          unknown
          https://github.com/WinMerge/winmerge-v2/issues/41is-AU5OB.tmp.2.drfalse
            unknown
            https://stedolan.github.io/jq/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
              unknown
              https://freeimage.sourceforge.io/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                unknown
                https://github.com/WinMerge/winmerge/discussions.WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539157785.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1544095804.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539390223.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drfalse
                  unknown
                  https://winmerge.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpfalse
                    unknown
                    https://www.transifex.com/rockytdr/teams/91037/nl/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpfalse
                      unknown
                      https://github.com/WinMerge/winmergeWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                        unknown
                        https://winmerge.org.WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002220000.00000004.00001000.00020000.00000000.sdmpfalse
                          unknown
                          http://www.html-tidy.org/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                            unknown
                            https://github.com/WinMerge/winwebdiffDis-NDGUQ.tmp.2.drfalse
                              unknown
                              https://useiconic.com/openis-9NNL4.tmp.2.drfalse
                                unknown
                                http://xml.org/sax/features/namespace-prefixesWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drfalse
                                  unknown
                                  https://winmerge.org/.WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drfalse
                                    unknown
                                    http://bonedaddy.net/pabs3/files/frhed/WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpfalse
                                      unknown
                                      http://xml.org/sax/features/string-interningWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drfalse
                                        unknown
                                        https://winmerge.orgWinMergeU.exe, WinMerge-2.16.42.1-x64-Setup.exefalse
                                          unknown
                                          http://repository.certum.pl/ccsca2021.cer0WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                            unknown
                                            https://sourceforge.net/tracker/?group_id=13216&atid=113216WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpfalse
                                              unknown
                                              https://winmerge.org:WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1499379423.00007FF673F79000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000000.1485756906.00007FF673F9E000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000000.1527353484.00007FF673F9E000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522738342.00007FF673F79000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520635460.000001A47BA10000.00000002.00000001.00040000.0000000A.sdmp, is-8KFIH.tmp.2.drfalse
                                                unknown
                                                http://192.168.1.101:3703/soap/WinMerge/Program%20Icons/Splash%20and%20About/concept.psdis-8KFIH.tmp.2.drfalse
                                                  unknown
                                                  http://sourceforge.net/tracker/?group_id=13216&atid=113216WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-6IPI2.tmp.2.dr, is-LHA2S.tmp.2.dr, is-QJRBC.tmp.2.drfalse
                                                    unknown
                                                    https://jrsoftware.org/isinfo.php)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                      unknown
                                                      https://github.com/msys2/MSYS2-packages/tree/master/patch)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                        unknown
                                                        http://repository.certum.pl/ctsca2021.cer0WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-TTL9V.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NSMAB.tmp.2.drfalse
                                                          unknown
                                                          https://ethanschoonover.com/solarized/WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-95E7P.tmp.2.drfalse
                                                            unknown
                                                            https://manual.winmerge.orgWinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              unknown
                                                              https://github.com/Patriccollu/Lingua_Corsa-Infurmatica/#readmeWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://downzen.comWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                                  unknown
                                                                  http://https://www.google.com/search?q=cssContentSizewidthheightPage.getLayoutMetricsis-NDGUQ.tmp.2.drfalse
                                                                    unknown
                                                                    http://www.appinf.com/properties/bla-maximum-amplificationWinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drfalse
                                                                      unknown
                                                                      https://7-zip.org/history.txtWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-2OE2K.tmp.2.drfalse
                                                                        unknown
                                                                        http://ccsca2021.ocsp-certum.com05WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                                                          unknown
                                                                          https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jaris-0DQDS.tmp.2.drfalse
                                                                            unknown
                                                                            http://www.palkornel.hu/innosetup%1WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zipis-QCED5.tmp.2.drfalse
                                                                                unknown
                                                                                http://plantuml.com/paypalis-9NNL4.tmp.2.drfalse
                                                                                  unknown
                                                                                  http://www.certum.pl/CPS0WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  http://google.github.io/googletest/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                                                    unknown
                                                                                    http://www.innosetup.com/WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1258604645.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1259623363.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000000.1260284439.0000000000401000.00000020.00000001.01000000.00000004.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp.0.drfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://WinMerge.org/1WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002241000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://manual.winmerge.org/index.htmlDocs/WinMerge%s.chmhttps://winmerge.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.drfalse
                                                                                        unknown
                                                                                        http://winmerge.org/docs/manual/is-AU5OB.tmp.2.drfalse
                                                                                          unknown
                                                                                          http://www.gnu.org/philosophy/why-not-lgpl.htmlWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1543115041.000000000018D000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            http://crl.certum.pl/ctnca.crl0kWinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            http://xml.org/sax/features/string-interningsWinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://github.com/git/git/tree/master/xdiff)is-55BS4.tmp.2.drfalse
                                                                                                unknown
                                                                                                https://bugs.winmerge.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  http://frhed.sourceforge.netNWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.drfalse
                                                                                                    unknown
                                                                                                    https://github.com/WinMerge/winwebdiff/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                                                                      unknown
                                                                                                      https://sourceforge.net/forum/?group_id=13216WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.00000000021C1000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1545274887.0000000004480000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002192000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002264000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://github.com/winmerge/winimergeBis-4MHIU.tmp.2.drfalse
                                                                                                          unknown
                                                                                                          https://manual.winmerge.org/WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.iniWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-2NN26.tmp.2.drfalse
                                                                                                              unknown
                                                                                                              https://forums.winmerge.org/.WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://pocoproject.org/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                                                                                  unknown
                                                                                                                  http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2011-4997.phpis-AU5OB.tmp.2.drfalse
                                                                                                                    unknown
                                                                                                                    http://xml.org/sax/features/validationEWinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      http://frhed.sourceforge.net/DocsWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-SEBEO.tmp.2.drfalse
                                                                                                                        unknown
                                                                                                                        http://xml.org/sax/features/validationWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drfalse
                                                                                                                          unknown
                                                                                                                          http://frhed.sourceforge.net/WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-6IPI2.tmp.2.dr, is-CQ6K8.tmp.2.dr, is-LHA2S.tmp.2.dr, is-QJRBC.tmp.2.drfalse
                                                                                                                            unknown
                                                                                                                            https://github.com/harelba/q/archive/refs/tags/2.0.19.zipis-AE60A.tmp.2.drfalse
                                                                                                                              unknown
                                                                                                                              https://manual.winmerge.org/Quick_start.html.WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drfalse
                                                                                                                                unknown
                                                                                                                                http://gnu.org/licenses/gpl.htmlis-RH2AK.tmp.2.drfalse
                                                                                                                                  unknown
                                                                                                                                  https://download.java.net/java/GA/jdk19.0.2/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-19.0.2_wiis-TI4KR.tmp.2.drfalse
                                                                                                                                    unknown
                                                                                                                                    https://savannah.gnu.org/projects/patch/WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                                                                                                      unknown
                                                                                                                                      http://www.appinf.com/features/enable-partial-readshttp://www.appinf.com/properties/bla-maximum-amplWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.drfalse
                                                                                                                                        unknown
                                                                                                                                        http://plantuml.com/patreonis-9NNL4.tmp.2.drfalse
                                                                                                                                          unknown
                                                                                                                                          https://manual.winmerge.org/.WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002264000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drfalse
                                                                                                                                            unknown
                                                                                                                                            http://xml.org/sax/properties/lexical-handlerWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA35000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drfalse
                                                                                                                                              unknown
                                                                                                                                              http://xml.org/sax/features/namespacesLEAUTWinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                http://xml.org/sax/properties/lexical-handlerentWinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  unknown
                                                                                                                                                  http://repository.certum.pl/ctsca2021.cer0AWinMerge-2.16.42.1-x64-Setup.exe, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-NDGUQ.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                                                                                                                                    unknown
                                                                                                                                                    http://www.appinf.com/features/enable-partial-readsWinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drfalse
                                                                                                                                                      unknown
                                                                                                                                                      https://winmerge.orgn#WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.drfalse
                                                                                                                                                        unknown
                                                                                                                                                        http://crl.certum.pl/ctsca2021.crl0oWinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                                                                                                                                          unknown
                                                                                                                                                          http://xml.org/sax/features/external-general-entitiesoldWinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            unknown
                                                                                                                                                            https://WinMerge.org/qWinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002241000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002343000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUWinMerge-2.16.42.1-x64-Setup.exefalse
                                                                                                                                                                unknown
                                                                                                                                                                https://winmerge.org/translations/http://www.gnu.org/licenses/gpl-2.0.html&ampWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, is-8KFIH.tmp.2.drfalse
                                                                                                                                                                  unknown
                                                                                                                                                                  https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exeis-AE60A.tmp.2.dr, is-883O4.tmp.2.drfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    http://ccsca2021.crl.certum.pl/ccsca2021.crl0sWinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                                                                                                                                                      unknown
                                                                                                                                                                      https://github.com/microsoft/wil)is-55BS4.tmp.2.drfalse
                                                                                                                                                                        unknown
                                                                                                                                                                        http://www.geocities.co.jp/SiliconValley-SanJose/8165/winmerge.htmldWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge32BitPluginProxy.exe, 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          https://github.com/keeleyt83/winmerge-solarized-darkWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-95E7P.tmp.2.drfalse
                                                                                                                                                                            unknown
                                                                                                                                                                            http://xml.org/sax/features/external-parameter-entitiesWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMergeU.exe, 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000E.00000002.1489282019.0000021A42410000.00000004.00000020.00020000.00000000.sdmp, WinMergeU.exe, 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmp, WinMergeU.exe, 0000000F.00000002.2520712908.000001A47BA28000.00000004.00000020.00020000.00000000.sdmp, is-8KFIH.tmp.2.drfalse
                                                                                                                                                                              unknown
                                                                                                                                                                              https://www.boost.org/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                                                                                                                                                unknown
                                                                                                                                                                                https://frhed.sourceforge.net/)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                                                                                                                                                  unknown
                                                                                                                                                                                  https://forums.winmerge.orgWinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    unknown
                                                                                                                                                                                    https://jrsoftware.org/files/is/license.txt)WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                                                                                                                                                      unknown
                                                                                                                                                                                      https://TamilNeram.github.ioWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, is-55BS4.tmp.2.drfalse
                                                                                                                                                                                        unknown
                                                                                                                                                                                        https://github.com/WinMerge/winmerge/issuesWinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000002.1544095804.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539390223.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002288000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1539900443.0000000005411000.00000004.00001000.00020000.00000000.sdmp, is-JTKBP.tmp.2.drfalse
                                                                                                                                                                                          unknown
                                                                                                                                                                                          http://subca.ocsp-certum.com05WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                                                                                                                                                                            unknown
                                                                                                                                                                                            https://gyazo.com/f5f267546db27f2dc801c00df8cb4251is-AU5OB.tmp.2.drfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              http://subca.ocsp-certum.com02WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                                              unknown
                                                                                                                                                                                              https://github.com/WinMerge/winmerge/discussionsWinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1256868554.0000000002390000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002110000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.exe, 00000000.00000003.1546383044.0000000002161000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1261619643.00000000031E0000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1528388043.0000000006550000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1540525587.000000000527E000.00000004.00001000.00020000.00000000.sdmp, WinMerge-2.16.42.1-x64-Setup.tmp, 00000002.00000003.1541770355.0000000002233000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                unknown
                                                                                                                                                                                                http://subca.ocsp-certum.com01WinMerge-2.16.42.1-x64-Setup.exe, is-TTL9V.tmp.2.dr, is-6IPI2.tmp.2.dr, is-SEBEO.tmp.2.dr, is-UABSB.tmp.2.dr, is-9AAPN.tmp.2.dr, is-GS16B.tmp.2.dr, is-NDGUQ.tmp.2.dr, is-NSMAB.tmp.2.dr, WinMerge-2.16.42.1-x64-Setup.tmp.0.dr, is-8KFIH.tmp.2.dr, is-4MHIU.tmp.2.drfalse
                                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                                unknown
                                                                                                                                                                                                No contacted IP infos
                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                Analysis ID:1541102
                                                                                                                                                                                                Start date and time:2024-10-24 12:26:48 +02:00
                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                Overall analysis duration:0h 6m 59s
                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                Number of analysed new started processes analysed:21
                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                Sample name:WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                Detection:CLEAN
                                                                                                                                                                                                Classification:clean15.winEXE@11/426@0/0
                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                • Successful, ratio: 33.3%
                                                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): www.bing.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                • Execution Graph export aborted for target WinMergeU.exe, PID 6936 because there are no executed function
                                                                                                                                                                                                • Execution Graph export aborted for target WinMergeU.exe, PID 8160 because there are no executed function
                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                • VT rate limit hit for: WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                No simulations
                                                                                                                                                                                                No context
                                                                                                                                                                                                No context
                                                                                                                                                                                                No context
                                                                                                                                                                                                No context
                                                                                                                                                                                                No context
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3296
                                                                                                                                                                                                Entropy (8bit):4.953606607027543
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:14rrsrKsmS1D8WHtoDs0h52ruartw0C2kVbP8:oyKs5D8WHtks0+w0NUP8
                                                                                                                                                                                                MD5:F3F3BE2EF194CD2B9F88B966C175ECB1
                                                                                                                                                                                                SHA1:A03AFB14C404E7DA1789A351A82E16BFF9A55B9D
                                                                                                                                                                                                SHA-256:42B6C2B3B6A7732A70B203A183FCAA67D49C6ACF9200E2990153CFDB6087729A
                                                                                                                                                                                                SHA-512:12627A31A495801B3924D722B85A6AA7A5C3F3B961D29EEA69E03DD48DE35CD0E83FCAAAE5D09EF2A81E111750AC4E1C602CF88CD755402E9C90F8C5312FBED4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:; Default color scheme..[WinMerge]..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=1..DefaultSyntaxColors/Bold08=0..DefaultSyntaxColors/Bold09=0..DefaultSyntaxColors/Bold10=0..DefaultSyntaxColors/Bold11=0..DefaultSyntaxColors/Bold12=0..DefaultSyntaxColors/Bold13=0..DefaultSyntaxColors/Bold14=0..DefaultSyntaxColors/Bold15=0..DefaultSyntaxColors/Bold16=0..DefaultSyntaxColors/Bold17=0..DefaultSyntaxColors/Bold18=0..DefaultSyntaxColors/Bold19=0..DefaultSyntaxColors/Bold20=0..DefaultSyntaxColors/Bold21=0..DefaultSyntaxColors/Bold22=0..DefaultSyntaxColors/Bold23=0..DefaultSyntaxColors/Bold24=0..DefaultSyntaxColors/Bold25=0..DefaultSyntaxColors/Color00=128..DefaultSyntaxColors/Color01=16777215..DefaultSyntaxColors/Color02=16777215..DefaultSyntaxColors/Color03=0..DefaultSyntaxColors/Color04=15790320..Defaul
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4443
                                                                                                                                                                                                Entropy (8bit):5.027589992711696
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:sJfqYanBS4wrsr7rDZ4YCJ5PAyworJQpv0y4YWvEesY1u:sJSY5y7rFNWqywoJQpv0pu
                                                                                                                                                                                                MD5:D115601A8E7DD986773093AAB2A4EA5D
                                                                                                                                                                                                SHA1:E95902DDFCFCC682342B69B062098B41291F503F
                                                                                                                                                                                                SHA-256:A92AB161604C755B5F0843B1D236D9F61415805009EFCF3714D2F150885F2B7C
                                                                                                                                                                                                SHA-512:72B0432A695692EF027AF363B79ECA7063FDDD6BB698D195F53B2BE5FBEE3ADF498EFE9329D128C66CDD270AC64A42069165E25CA74B804C723A5EDD793FF327
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:; Midnight color scheme for WinMerge..; based on https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.ini..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=0..Default
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3292
                                                                                                                                                                                                Entropy (8bit):4.970618597996134
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:T4rrsrKsmS15d5toDsyChiX2ouarnw0i2kVT6ARw:CyKs55d5tksyCMZw0ti60w
                                                                                                                                                                                                MD5:8C7DE2E14FE99A29AD82641A284B98D3
                                                                                                                                                                                                SHA1:13227E1CF6DF8B3B9D4E781878C5D95AC4547A9E
                                                                                                                                                                                                SHA-256:414B866B3842C81CDB69BF6122290EAAD1B9B92C808C74C9D2594CA434414B2A
                                                                                                                                                                                                SHA-512:B46DCAEB5B6AC0BFE50982B536BD9366B817571ED9B68F28D99A15A9D3D2FDC3DB108E691A1A2588C91F3BF1219C33640CE172C46FF6FCC712B1D299AAE68F73
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Modern color scheme..[WinMerge]..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=1..DefaultSyntaxColors/Bold08=0..DefaultSyntaxColors/Bold09=0..DefaultSyntaxColors/Bold10=0..DefaultSyntaxColors/Bold11=0..DefaultSyntaxColors/Bold12=0..DefaultSyntaxColors/Bold13=0..DefaultSyntaxColors/Bold14=0..DefaultSyntaxColors/Bold15=0..DefaultSyntaxColors/Bold16=0..DefaultSyntaxColors/Bold17=0..DefaultSyntaxColors/Bold18=0..DefaultSyntaxColors/Bold19=0..DefaultSyntaxColors/Bold20=0..DefaultSyntaxColors/Bold21=0..DefaultSyntaxColors/Bold22=0..DefaultSyntaxColors/Bold23=0..DefaultSyntaxColors/Bold24=0..DefaultSyntaxColors/Bold25=0..DefaultSyntaxColors/Color00=128..DefaultSyntaxColors/Color01=16777215..DefaultSyntaxColors/Color02=16777215..DefaultSyntaxColors/Color03=0..DefaultSyntaxColors/Color04=15790320..Default
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4462
                                                                                                                                                                                                Entropy (8bit):5.047327965780355
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:tZ/87qYanBS4wrsr7loaJ6Z4YCJ5PANOorJg/24YWvEesY1Z:f/nY5y7NJqNWq0oJS1Z
                                                                                                                                                                                                MD5:86DA96C31DE45378C6B54AA540CB3AE8
                                                                                                                                                                                                SHA1:F2385877CECDD6EB0C67717B2907E173BC9BB9F1
                                                                                                                                                                                                SHA-256:33E15871C1FF8A916E19A98F98A462CBCA30AF742FE9F25AF27E4B06C589BD89
                                                                                                                                                                                                SHA-512:C333637BFF4CAA0225C166EBC1D2A8111F4196D7290B8FF2C72E79C5461B282DC293DB992DB98C17D288C904A17CBD4E8377456DAA1C19DBB1B90867754E2499
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Solarized Dark color scheme for WinMerge..; based on https://ethanschoonover.com/solarized/ and https://github.com/keeleyt83/winmerge-solarized-dark..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColor
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4455
                                                                                                                                                                                                Entropy (8bit):5.016370079593731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:rZ/87qYanBS4wrsrZ59T4YCJFPATPonDldbSsHYD+cSJ1Xd:N/nY5yZ59TNWGTP0DlFHXd
                                                                                                                                                                                                MD5:25F27428EAA350C782C498D38B4826DC
                                                                                                                                                                                                SHA1:A249BE6F8BB34031D25A5941985D682DDAC7037F
                                                                                                                                                                                                SHA-256:572536317AC754013F3B0F291082E68397B1569A2EE75878697E2D7D26FD3ABA
                                                                                                                                                                                                SHA-512:E2504D6F741E0A4D47A6AC53B4F95A40F4B25B39ABAB3EEC67FBDE6838A89C1CE844B9993239C5B666EA7CEFE693C94020EFB84D0999ACCB1B75FDE99D59E720
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Solarized Light color scheme for WinMerge..; based on https://ethanschoonover.com/solarized/ and https://github.com/keeleyt83/winmerge-solarized-dark..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColo
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4443
                                                                                                                                                                                                Entropy (8bit):5.027589992711696
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:sJfqYanBS4wrsr7rDZ4YCJ5PAyworJQpv0y4YWvEesY1u:sJSY5y7rFNWqywoJQpv0pu
                                                                                                                                                                                                MD5:D115601A8E7DD986773093AAB2A4EA5D
                                                                                                                                                                                                SHA1:E95902DDFCFCC682342B69B062098B41291F503F
                                                                                                                                                                                                SHA-256:A92AB161604C755B5F0843B1D236D9F61415805009EFCF3714D2F150885F2B7C
                                                                                                                                                                                                SHA-512:72B0432A695692EF027AF363B79ECA7063FDDD6BB698D195F53B2BE5FBEE3ADF498EFE9329D128C66CDD270AC64A42069165E25CA74B804C723A5EDD793FF327
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Midnight color scheme for WinMerge..; based on https://github.com/WinMerge/winmerge/blob/master/ColorSchemes/Solarized%20Dark.ini..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=0..Default
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3292
                                                                                                                                                                                                Entropy (8bit):4.970618597996134
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:T4rrsrKsmS15d5toDsyChiX2ouarnw0i2kVT6ARw:CyKs55d5tksyCMZw0ti60w
                                                                                                                                                                                                MD5:8C7DE2E14FE99A29AD82641A284B98D3
                                                                                                                                                                                                SHA1:13227E1CF6DF8B3B9D4E781878C5D95AC4547A9E
                                                                                                                                                                                                SHA-256:414B866B3842C81CDB69BF6122290EAAD1B9B92C808C74C9D2594CA434414B2A
                                                                                                                                                                                                SHA-512:B46DCAEB5B6AC0BFE50982B536BD9366B817571ED9B68F28D99A15A9D3D2FDC3DB108E691A1A2588C91F3BF1219C33640CE172C46FF6FCC712B1D299AAE68F73
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Modern color scheme..[WinMerge]..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=1..DefaultSyntaxColors/Bold08=0..DefaultSyntaxColors/Bold09=0..DefaultSyntaxColors/Bold10=0..DefaultSyntaxColors/Bold11=0..DefaultSyntaxColors/Bold12=0..DefaultSyntaxColors/Bold13=0..DefaultSyntaxColors/Bold14=0..DefaultSyntaxColors/Bold15=0..DefaultSyntaxColors/Bold16=0..DefaultSyntaxColors/Bold17=0..DefaultSyntaxColors/Bold18=0..DefaultSyntaxColors/Bold19=0..DefaultSyntaxColors/Bold20=0..DefaultSyntaxColors/Bold21=0..DefaultSyntaxColors/Bold22=0..DefaultSyntaxColors/Bold23=0..DefaultSyntaxColors/Bold24=0..DefaultSyntaxColors/Bold25=0..DefaultSyntaxColors/Color00=128..DefaultSyntaxColors/Color01=16777215..DefaultSyntaxColors/Color02=16777215..DefaultSyntaxColors/Color03=0..DefaultSyntaxColors/Color04=15790320..Default
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4455
                                                                                                                                                                                                Entropy (8bit):5.016370079593731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:rZ/87qYanBS4wrsrZ59T4YCJFPATPonDldbSsHYD+cSJ1Xd:N/nY5yZ59TNWGTP0DlFHXd
                                                                                                                                                                                                MD5:25F27428EAA350C782C498D38B4826DC
                                                                                                                                                                                                SHA1:A249BE6F8BB34031D25A5941985D682DDAC7037F
                                                                                                                                                                                                SHA-256:572536317AC754013F3B0F291082E68397B1569A2EE75878697E2D7D26FD3ABA
                                                                                                                                                                                                SHA-512:E2504D6F741E0A4D47A6AC53B4F95A40F4B25B39ABAB3EEC67FBDE6838A89C1CE844B9993239C5B666EA7CEFE693C94020EFB84D0999ACCB1B75FDE99D59E720
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Solarized Light color scheme for WinMerge..; based on https://ethanschoonover.com/solarized/ and https://github.com/keeleyt83/winmerge-solarized-dark..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColo
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3296
                                                                                                                                                                                                Entropy (8bit):4.953606607027543
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:14rrsrKsmS1D8WHtoDs0h52ruartw0C2kVbP8:oyKs5D8WHtks0+w0NUP8
                                                                                                                                                                                                MD5:F3F3BE2EF194CD2B9F88B966C175ECB1
                                                                                                                                                                                                SHA1:A03AFB14C404E7DA1789A351A82E16BFF9A55B9D
                                                                                                                                                                                                SHA-256:42B6C2B3B6A7732A70B203A183FCAA67D49C6ACF9200E2990153CFDB6087729A
                                                                                                                                                                                                SHA-512:12627A31A495801B3924D722B85A6AA7A5C3F3B961D29EEA69E03DD48DE35CD0E83FCAAAE5D09EF2A81E111750AC4E1C602CF88CD755402E9C90F8C5312FBED4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Default color scheme..[WinMerge]..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColors/Bold07=1..DefaultSyntaxColors/Bold08=0..DefaultSyntaxColors/Bold09=0..DefaultSyntaxColors/Bold10=0..DefaultSyntaxColors/Bold11=0..DefaultSyntaxColors/Bold12=0..DefaultSyntaxColors/Bold13=0..DefaultSyntaxColors/Bold14=0..DefaultSyntaxColors/Bold15=0..DefaultSyntaxColors/Bold16=0..DefaultSyntaxColors/Bold17=0..DefaultSyntaxColors/Bold18=0..DefaultSyntaxColors/Bold19=0..DefaultSyntaxColors/Bold20=0..DefaultSyntaxColors/Bold21=0..DefaultSyntaxColors/Bold22=0..DefaultSyntaxColors/Bold23=0..DefaultSyntaxColors/Bold24=0..DefaultSyntaxColors/Bold25=0..DefaultSyntaxColors/Color00=128..DefaultSyntaxColors/Color01=16777215..DefaultSyntaxColors/Color02=16777215..DefaultSyntaxColors/Color03=0..DefaultSyntaxColors/Color04=15790320..Defaul
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4462
                                                                                                                                                                                                Entropy (8bit):5.047327965780355
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:tZ/87qYanBS4wrsr7loaJ6Z4YCJ5PANOorJg/24YWvEesY1Z:f/nY5y7NJqNWq0oJS1Z
                                                                                                                                                                                                MD5:86DA96C31DE45378C6B54AA540CB3AE8
                                                                                                                                                                                                SHA1:F2385877CECDD6EB0C67717B2907E173BC9BB9F1
                                                                                                                                                                                                SHA-256:33E15871C1FF8A916E19A98F98A462CBCA30AF742FE9F25AF27E4B06C589BD89
                                                                                                                                                                                                SHA-512:C333637BFF4CAA0225C166EBC1D2A8111F4196D7290B8FF2C72E79C5461B282DC293DB992DB98C17D288C904A17CBD4E8377456DAA1C19DBB1B90867754E2499
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:; Solarized Dark color scheme for WinMerge..; based on https://ethanschoonover.com/solarized/ and https://github.com/keeleyt83/winmerge-solarized-dark..; license: MIT..[WinMerge]..; base03..Custom Colors/0=0x362b00..; base02..Custom Colors/1=0x423607..; base01..Custom Colors/2=0x756e58..; base00..Custom Colors/3=0x837b65..; base0..Custom Colors/4=0x969483..; base1..Custom Colors/5=0xa1a193..; base2..Custom Colors/6=0xd5e8ee..; base3..Custom Colors/7=0xe3f6fd..; yellow..Custom Colors/8=0x0089b5..; orange..Custom Colors/9=0x164bcb..; red..Custom Colors/10=0x2f32dc..; magenta..Custom Colors/11=0x8236d3..; violet..Custom Colors/12=0xc4716c..; blue..Custom Colors/13=0xc98b26..; cyan..Custom Colors/14=0x98a12a..; green..Custom Colors/15=0x009985....; Syntax Category..DefaultSyntaxColors/Bold00=0..DefaultSyntaxColors/Bold01=0..DefaultSyntaxColors/Bold02=0..DefaultSyntaxColors/Bold03=0..DefaultSyntaxColors/Bold04=0..DefaultSyntaxColors/Bold05=0..DefaultSyntaxColors/Bold06=0..DefaultSyntaxColor
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11560
                                                                                                                                                                                                Entropy (8bit):4.476377058372447
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:qf9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SHfH2:kOu9b01DY/rGBt+dc+aclkT8SH+
                                                                                                                                                                                                MD5:D273D63619C9AEAF15CDAF76422C4F87
                                                                                                                                                                                                SHA1:47B573E3824CD5E02A1A3AE99E2735B49E0256E4
                                                                                                                                                                                                SHA-256:3DDF9BE5C28FE27DAD143A5DC76EEA25222AD1DD68934A047064E56ED2FA40C5
                                                                                                                                                                                                SHA-512:4CC5A12BFE984C0A50BF7943E2D70A948D520EF423677C77629707AACE3A95AA378D205DE929105D644680679E70EF2449479B360AD44896B75BAFED66613272
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, or
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):172
                                                                                                                                                                                                Entropy (8bit):4.385751602724727
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8YIE/0CmuMrK7JrIN8eR6YIE/0CmuMrK7JrIN1jXW:2YIE/Cr2J3tYIE/Cr2Jz
                                                                                                                                                                                                MD5:4C2EB685B3982ABBE151AFFB25C9FBF7
                                                                                                                                                                                                SHA1:EAD6F3B90A94C22E364877AAD2C58A3F250BEA04
                                                                                                                                                                                                SHA-256:D8B42A26532D755EDFFE2CE3305287F17C1BA381714FCA047C7303D33DA22E3C
                                                                                                                                                                                                SHA-512:49667E65B2211A64A5F99DC5A23A5A240E13ADEB68B9529B1EE83B68DE7EE6FFEF6E40CD3A246ACB3ACEBE4957E404836A2293D54D864FCA243890919F47670E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0.jar..https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0-sources.jar..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):172
                                                                                                                                                                                                Entropy (8bit):4.385751602724727
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8YIE/0CmuMrK7JrIN8eR6YIE/0CmuMrK7JrIN1jXW:2YIE/Cr2J3tYIE/Cr2Jz
                                                                                                                                                                                                MD5:4C2EB685B3982ABBE151AFFB25C9FBF7
                                                                                                                                                                                                SHA1:EAD6F3B90A94C22E364877AAD2C58A3F250BEA04
                                                                                                                                                                                                SHA-256:D8B42A26532D755EDFFE2CE3305287F17C1BA381714FCA047C7303D33DA22E3C
                                                                                                                                                                                                SHA-512:49667E65B2211A64A5F99DC5A23A5A240E13ADEB68B9529B1EE83B68DE7EE6FFEF6E40CD3A246ACB3ACEBE4957E404836A2293D54D864FCA243890919F47670E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0.jar..https://repo1.maven.org/maven2/org/apache/tika/tika-app/2.6.0/tika-app-2.6.0-sources.jar..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11560
                                                                                                                                                                                                Entropy (8bit):4.476377058372447
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:qf9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SHfH2:kOu9b01DY/rGBt+dc+aclkT8SH+
                                                                                                                                                                                                MD5:D273D63619C9AEAF15CDAF76422C4F87
                                                                                                                                                                                                SHA1:47B573E3824CD5E02A1A3AE99E2735B49E0256E4
                                                                                                                                                                                                SHA-256:3DDF9BE5C28FE27DAD143A5DC76EEA25222AD1DD68934A047064E56ED2FA40C5
                                                                                                                                                                                                SHA-512:4CC5A12BFE984C0A50BF7943E2D70A948D520EF423677C77629707AACE3A95AA378D205DE929105D644680679E70EF2449479B360AD44896B75BAFED66613272
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, or
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1412
                                                                                                                                                                                                Entropy (8bit):5.53181397287856
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wK68ohH0s/rz47WfJNTtxD2oXk/H3m1nLeL1biUv:BoVrzDJhurH3m1ihv
                                                                                                                                                                                                MD5:4B90210168CF75E589B77D9C5E00513B
                                                                                                                                                                                                SHA1:649294F9025977ADF595D9362BB29B6EBFF71030
                                                                                                                                                                                                SHA-256:A4F2ED630AF0A9FF5FB444A1A8505557C019DD523548E1109E1488EDD305D9A3
                                                                                                                                                                                                SHA-512:BA37B5C9E0008D6451C1EEDFE87B6393412ED78A7C374DBDDD73E7FC305D6E6CDE45CB3A419A77B87D81656F0443D8BCBD28BBD8B5890D25A7995FC91E21CEF4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal EnableDelayedExpansion..set TikaVer=2.6.0..set TikaJar=tika-app-%TikaVer%.jar..set DOWNLOAD_URL=https://repo1.maven.org/maven2/org/apache/tika/tika-app/%TikaVer%/%TikaJar%..set TIKA_PATH=Commands\Apache-Tika\%TikaJar%..set MESSAGE='Apache Tika is not installed. Do you want to download it from %DOWNLOAD_URL%'..set TITLE='Apache Tika Plugin'..set TIKA_SHA256=fa289b58a5c1bb531ace78324625512a9448aa8472b5eb88b65988964048815a....cd "%APPDATA%\WinMerge"..if not exist %TIKA_PATH% (.. cd "%~dp0..\..".. if not exist %TIKA_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%TIKA_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebR
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1412
                                                                                                                                                                                                Entropy (8bit):5.53181397287856
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wK68ohH0s/rz47WfJNTtxD2oXk/H3m1nLeL1biUv:BoVrzDJhurH3m1ihv
                                                                                                                                                                                                MD5:4B90210168CF75E589B77D9C5E00513B
                                                                                                                                                                                                SHA1:649294F9025977ADF595D9362BB29B6EBFF71030
                                                                                                                                                                                                SHA-256:A4F2ED630AF0A9FF5FB444A1A8505557C019DD523548E1109E1488EDD305D9A3
                                                                                                                                                                                                SHA-512:BA37B5C9E0008D6451C1EEDFE87B6393412ED78A7C374DBDDD73E7FC305D6E6CDE45CB3A419A77B87D81656F0443D8BCBD28BBD8B5890D25A7995FC91E21CEF4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal EnableDelayedExpansion..set TikaVer=2.6.0..set TikaJar=tika-app-%TikaVer%.jar..set DOWNLOAD_URL=https://repo1.maven.org/maven2/org/apache/tika/tika-app/%TikaVer%/%TikaJar%..set TIKA_PATH=Commands\Apache-Tika\%TikaJar%..set MESSAGE='Apache Tika is not installed. Do you want to download it from %DOWNLOAD_URL%'..set TITLE='Apache Tika Plugin'..set TIKA_SHA256=fa289b58a5c1bb531ace78324625512a9448aa8472b5eb88b65988964048815a....cd "%APPDATA%\WinMerge"..if not exist %TIKA_PATH% (.. cd "%~dp0..\..".. if not exist %TIKA_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%TIKA_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebR
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):591
                                                                                                                                                                                                Entropy (8bit):5.2663802680458724
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:NagoNvM8k22Xj1+/8rAN2im6KbGzzSy4kNny08QYZ4/pG4zGhD:UdNvejwHzm4nbYcpsD
                                                                                                                                                                                                MD5:82DA83A68C008148451B3D08B8669F31
                                                                                                                                                                                                SHA1:DB0A2E90B639D4E325BFFC10DA5681978ECF8015
                                                                                                                                                                                                SHA-256:305E7BAF0F1FDA179EED96DF406473AE277D29FC0D07A6923642A722C7F51291
                                                                                                                                                                                                SHA-512:48CE355F1705DE628F536C71C681761554DC45A6777CF37851E61B9B5BCA1F0589A54FB0A6C8B59F25B20F0621E41FE7C72C93F74D6F6CB3C5626BD11BA1505C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..for %%i in (Apache-Tika Java PlantUML q yq) do (.. for /F "tokens=1,2" %%j in ('type %%i\URL.txt') do (.. echo Downloading %%j.. mkdir "%APPDATA%\WinMerge\Commands\%%i" 2> NUL.. powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri %%j -UseBasicParsing -Outfile '%APPDATA%\WinMerge\Commands\%%i\%%~nxj'".. if not "%%k" == "" (.. powershell -command "Expand-Archive -Path '%APPDATA%\WinMerge\Commands\%%i\%%~nxj' -DestinationPath '%APPDATA%\WinMerge\Commands\%%i\%%k' -Force".. ).. )..)..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19621
                                                                                                                                                                                                Entropy (8bit):4.713551169280443
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:L4rCnitDdE+6phYqIdM3HesZ/8oMPbHDESEUfn/j:Ue05ERLOwjCHDESEUfnb
                                                                                                                                                                                                MD5:BB65CC9158C09770485DA8ED1A1D7F6B
                                                                                                                                                                                                SHA1:4A81E8F3AB5662F8AC79DB1BA44963E962CC9384
                                                                                                                                                                                                SHA-256:B71B9AC72F1B646D1BAF99EBE68C2AFA040C8874D76F7C393E92A02287B90E8E
                                                                                                                                                                                                SHA-512:2DAA6947426D194088CDC15E1C9AC249CDC43376F93018B3181423D444FC6BBD80D943696B3A523A188B671C220C2714CD67618D3D8FBF9257A3B8014B769207
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:The GNU General Public License (GPL)....Version 2, June 1991....Copyright (C) 1989, 1991 Free Software Foundation, Inc...51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA....Everyone is permitted to copy and distribute verbatim copies of this license..document, but changing it is not allowed.....Preamble....The licenses for most software are designed to take away your freedom to share..and change it. By contrast, the GNU General Public License is intended to..guarantee your freedom to share and change free software--to make sure the..software is free for all its users. This General Public License applies to..most of the Free Software Foundation's software and to any other program whose..authors commit to using it. (Some other Free Software Foundation software is..covered by the GNU Library General Public License instead.) You can apply it to..your programs, too.....When we speak of free software, we are referring to freedom, not price. Our..General Public Licenses are desi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):192
                                                                                                                                                                                                Entropy (8bit):5.130781430824907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8SEl82LzqhLVLXszhblZooVmKKq7TVSLBncSlWtEd6VALB7hfD4RigP4puKkCv:2SKEhjKDh9K6TVMTWusVALB7hL40Fpu6
                                                                                                                                                                                                MD5:1FAD3B40E857109BC79FD54FAEFCE288
                                                                                                                                                                                                SHA1:FAF5451A8EA6978E0740D89A545323EA4611085E
                                                                                                                                                                                                SHA-256:B86C62DC32A2CA49995E5BBB8E7B6267FB7AFE4C8D9321C1C91C5FBF7F87D91D
                                                                                                                                                                                                SHA-512:1ED4AF0054838A641C87A9901B9FE0ED3967F3EB6A8B86C479E12437778BB3E5F4DBB45348572643218A749B43436D5E2612E456AB101BB19231A0B5E349159C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://download.java.net/java/GA/jdk19.0.2/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-19.0.2_windows-x64_bin.zip ...https://github.com/openjdk/jdk19u/archive/refs/tags/jdk-19.0.2-ga.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19621
                                                                                                                                                                                                Entropy (8bit):4.713551169280443
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:L4rCnitDdE+6phYqIdM3HesZ/8oMPbHDESEUfn/j:Ue05ERLOwjCHDESEUfnb
                                                                                                                                                                                                MD5:BB65CC9158C09770485DA8ED1A1D7F6B
                                                                                                                                                                                                SHA1:4A81E8F3AB5662F8AC79DB1BA44963E962CC9384
                                                                                                                                                                                                SHA-256:B71B9AC72F1B646D1BAF99EBE68C2AFA040C8874D76F7C393E92A02287B90E8E
                                                                                                                                                                                                SHA-512:2DAA6947426D194088CDC15E1C9AC249CDC43376F93018B3181423D444FC6BBD80D943696B3A523A188B671C220C2714CD67618D3D8FBF9257A3B8014B769207
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:The GNU General Public License (GPL)....Version 2, June 1991....Copyright (C) 1989, 1991 Free Software Foundation, Inc...51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA....Everyone is permitted to copy and distribute verbatim copies of this license..document, but changing it is not allowed.....Preamble....The licenses for most software are designed to take away your freedom to share..and change it. By contrast, the GNU General Public License is intended to..guarantee your freedom to share and change free software--to make sure the..software is free for all its users. This General Public License applies to..most of the Free Software Foundation's software and to any other program whose..authors commit to using it. (Some other Free Software Foundation software is..covered by the GNU Library General Public License instead.) You can apply it to..your programs, too.....When we speak of free software, we are referring to freedom, not price. Our..General Public Licenses are desi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1752
                                                                                                                                                                                                Entropy (8bit):5.632944793459951
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:CPh6qPIeNjI2hNjK47WAOYxD2oXk/H3m9OW/pVeJyrG0YmrX00dly:CPbPVnhNjJWJprH3m8xqA
                                                                                                                                                                                                MD5:172823718D38E1C2DA94577B0E086DDB
                                                                                                                                                                                                SHA1:DBD2568AB948B43591E6E134EAB0040C883E4FCD
                                                                                                                                                                                                SHA-256:2119D62CF4404EDC18D35E22EDB66C4B7B516DC142114E3BD149845083062F48
                                                                                                                                                                                                SHA-512:EB0C249D047857F521B4D9A4095926B12D6E99B4BCABBBDA25487930E62FB11588645D31F1571206A5EC0F8AB0E8D2F64D59C9442A491338C61D9B8E7C36AB5E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..where /q java.exe..if %ERRORLEVEL% == 0 (.. java %*.. goto :eof..)....setlocal EnableDelayedExpansion..set OpenJDKVer=19.0.2..set DOWNLOAD_URL=https://download.java.net/java/GA/jdk%OpenJDKVer%/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-%OpenJDKVer%_windows-x64_bin.zip..set DOWNLOAD_DIR=Commands\Java..set DOWNLOAD_PATH=Commands\Java\openjdk-%OpenJDKVer%_windows-x64_bin.zip..set OPENJDK_JAVA_PATH=Commands\Java\jdk-%OpenJDKVer%\bin\java.exe..set MESSAGE='OpenJDK is not installed. Do you want to download it from %DOWNLOAD_URL%'..set TITLE='OpenJDK'..set OPENJDK_SHA256=9f70eba3f2631674a2d7d3aa01150d697f68be16ad76662ff948d7fe1b4985d8....cd "%APPDATA%\WinMerge"..if not exist %OPENJDK_JAVA_PATH% (.. cd "%~dp0..\..".. if not exist %OPENJDK_JAVA_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. pushd "%APPDATA%\WinMerge".. for %%i in (%OPENJDK_JAVA_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):192
                                                                                                                                                                                                Entropy (8bit):5.130781430824907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8SEl82LzqhLVLXszhblZooVmKKq7TVSLBncSlWtEd6VALB7hfD4RigP4puKkCv:2SKEhjKDh9K6TVMTWusVALB7hL40Fpu6
                                                                                                                                                                                                MD5:1FAD3B40E857109BC79FD54FAEFCE288
                                                                                                                                                                                                SHA1:FAF5451A8EA6978E0740D89A545323EA4611085E
                                                                                                                                                                                                SHA-256:B86C62DC32A2CA49995E5BBB8E7B6267FB7AFE4C8D9321C1C91C5FBF7F87D91D
                                                                                                                                                                                                SHA-512:1ED4AF0054838A641C87A9901B9FE0ED3967F3EB6A8B86C479E12437778BB3E5F4DBB45348572643218A749B43436D5E2612E456AB101BB19231A0B5E349159C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://download.java.net/java/GA/jdk19.0.2/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-19.0.2_windows-x64_bin.zip ...https://github.com/openjdk/jdk19u/archive/refs/tags/jdk-19.0.2-ga.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1752
                                                                                                                                                                                                Entropy (8bit):5.632944793459951
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:CPh6qPIeNjI2hNjK47WAOYxD2oXk/H3m9OW/pVeJyrG0YmrX00dly:CPbPVnhNjJWJprH3m8xqA
                                                                                                                                                                                                MD5:172823718D38E1C2DA94577B0E086DDB
                                                                                                                                                                                                SHA1:DBD2568AB948B43591E6E134EAB0040C883E4FCD
                                                                                                                                                                                                SHA-256:2119D62CF4404EDC18D35E22EDB66C4B7B516DC142114E3BD149845083062F48
                                                                                                                                                                                                SHA-512:EB0C249D047857F521B4D9A4095926B12D6E99B4BCABBBDA25487930E62FB11588645D31F1571206A5EC0F8AB0E8D2F64D59C9442A491338C61D9B8E7C36AB5E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..where /q java.exe..if %ERRORLEVEL% == 0 (.. java %*.. goto :eof..)....setlocal EnableDelayedExpansion..set OpenJDKVer=19.0.2..set DOWNLOAD_URL=https://download.java.net/java/GA/jdk%OpenJDKVer%/fdb695a9d9064ad6b064dc6df578380c/7/GPL/openjdk-%OpenJDKVer%_windows-x64_bin.zip..set DOWNLOAD_DIR=Commands\Java..set DOWNLOAD_PATH=Commands\Java\openjdk-%OpenJDKVer%_windows-x64_bin.zip..set OPENJDK_JAVA_PATH=Commands\Java\jdk-%OpenJDKVer%\bin\java.exe..set MESSAGE='OpenJDK is not installed. Do you want to download it from %DOWNLOAD_URL%'..set TITLE='OpenJDK'..set OPENJDK_SHA256=9f70eba3f2631674a2d7d3aa01150d697f68be16ad76662ff948d7fe1b4985d8....cd "%APPDATA%\WinMerge"..if not exist %OPENJDK_JAVA_PATH% (.. cd "%~dp0..\..".. if not exist %OPENJDK_JAVA_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. pushd "%APPDATA%\WinMerge".. for %%i in (%OPENJDK_JAVA_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):184
                                                                                                                                                                                                Entropy (8bit):4.588723046130315
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEdlJisjistkCmCVnumMVAuR6tEdlJisjistkCmCVnumMVrKCXW:2uNiKsCBlMAuNiKsCBlMA5
                                                                                                                                                                                                MD5:1C5A42368B9C66466C18B68F3AAB2B8B
                                                                                                                                                                                                SHA1:BF2BAC31ED86D524D24680245330C12F8B6FB5AE
                                                                                                                                                                                                SHA-256:78AB71DF0C5D731A7B7084264362287221095660170D8D8331914813868BB372
                                                                                                                                                                                                SHA-512:34E0BF2388645D140EA92861BCC049E59E7934CB15593F72528558B98A7D29E46A43F87A6C65BFB50BAA94A80C6D8AC938F20092B62CB4E85675C5F27A0D9884
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0.jar..https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jar..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):184
                                                                                                                                                                                                Entropy (8bit):4.588723046130315
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEdlJisjistkCmCVnumMVAuR6tEdlJisjistkCmCVnumMVrKCXW:2uNiKsCBlMAuNiKsCBlMA5
                                                                                                                                                                                                MD5:1C5A42368B9C66466C18B68F3AAB2B8B
                                                                                                                                                                                                SHA1:BF2BAC31ED86D524D24680245330C12F8B6FB5AE
                                                                                                                                                                                                SHA-256:78AB71DF0C5D731A7B7084264362287221095660170D8D8331914813868BB372
                                                                                                                                                                                                SHA-512:34E0BF2388645D140EA92861BCC049E59E7934CB15593F72528558B98A7D29E46A43F87A6C65BFB50BAA94A80C6D8AC938F20092B62CB4E85675C5F27A0D9884
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0.jar..https://github.com/plantuml/plantuml/releases/download/v1.2023.0/plantuml-1.2023.0-sources.jar..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1771
                                                                                                                                                                                                Entropy (8bit):5.442693979824128
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wK6l0jKDWwiOskSwEUTCJ6xD2oXk/HFeOJ/deODy1Tl4aGCv:DPknTgrHFXSO7uv
                                                                                                                                                                                                MD5:3DE4EB0A375473E7FCEE7F40EF71DD15
                                                                                                                                                                                                SHA1:D6D134994C30784398D5FF61874E2962BB45EFD2
                                                                                                                                                                                                SHA-256:5A53B01408C9B3C1AD1A8F82E5C4188388BDADFFE08BEEC186710BFA6E678ABC
                                                                                                                                                                                                SHA-512:7A18CAB0F3D8BE21C71046257A28F02C741A0647E8A20355293FA055572834A5E83792EC8865E227462F8CE9325F412D28FBF290FA7F876B533474FBF99BE433
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal EnableDelayedExpansion..set PlantUMLVer=1.2023.0..set PlantUMLJar=plantuml-%PlantUMLVer%.jar..set DOWNLOAD_URL=https://github.com/plantuml/plantuml/releases/download/v%PlantUMLVer%/%PlantUMLJar%..set PlantUML_PATH=Commands\PlantUML\%PlantUMLJar%..set MESSAGE='PlantUML is not installed. Do you want to download it and its dependences from %DOWNLOAD_URL%'..set TITLE='PlantUML Plugin'..set PlantUML_SHA256=0404edcf0af28e5b409bc17aa59ad8b05051f47347377749c46c8018135d0dec....cd "%APPDATA%\WinMerge"..if not exist %PlantUML_PATH% (.. cd "%~dp0..\..".. if not exist %PlantUML_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%PlantUML_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::Securit
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2216
                                                                                                                                                                                                Entropy (8bit):4.968812290902196
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:O3u0zUMycw+o5kdv/MvB7gvhjGJWELuIN:OjzUt+KB7JLuIN
                                                                                                                                                                                                MD5:C89A426CCD90127E46AA3C98E56D7689
                                                                                                                                                                                                SHA1:40F731CF93BE586957D9FC9AE1427183D3897F1E
                                                                                                                                                                                                SHA-256:80B4FDB88057708048A58A1CFB3CF7EE78C3B95E662AB8AF0ECCB1B8A97B6467
                                                                                                                                                                                                SHA-512:7C4B4F74D18669D4659DAF74561EB17F315698FF513B2A5C24BF7FAE5DB2D8B920C58DFDA450365E140552E69E12C4558D90C113D6603A19D4B963036EF8B964
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:=======================================================================..PlantUML : a free UML diagram generator..========================================================================....(C) Copyright 2009-2017, Arnaud Roques....Project Info: http://plantuml.com....If you like this project or if you find it useful, you can support us at:....http://plantuml.com/patreon (only 1$ per month!)..http://plantuml.com/paypal....PlantUML is free software; you can redistribute it and/or modify it..under the terms of the GNU General Public License as published by..the Free Software Foundation, either version 3 of the License, or..(at your option) any later version.....PlantUML distributed in the hope that it will be useful, but..WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY..or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public..License for more details.....You should have received a copy of the GNU General Public..License along with this library; if not,
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2216
                                                                                                                                                                                                Entropy (8bit):4.968812290902196
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:O3u0zUMycw+o5kdv/MvB7gvhjGJWELuIN:OjzUt+KB7JLuIN
                                                                                                                                                                                                MD5:C89A426CCD90127E46AA3C98E56D7689
                                                                                                                                                                                                SHA1:40F731CF93BE586957D9FC9AE1427183D3897F1E
                                                                                                                                                                                                SHA-256:80B4FDB88057708048A58A1CFB3CF7EE78C3B95E662AB8AF0ECCB1B8A97B6467
                                                                                                                                                                                                SHA-512:7C4B4F74D18669D4659DAF74561EB17F315698FF513B2A5C24BF7FAE5DB2D8B920C58DFDA450365E140552E69E12C4558D90C113D6603A19D4B963036EF8B964
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:=======================================================================..PlantUML : a free UML diagram generator..========================================================================....(C) Copyright 2009-2017, Arnaud Roques....Project Info: http://plantuml.com....If you like this project or if you find it useful, you can support us at:....http://plantuml.com/patreon (only 1$ per month!)..http://plantuml.com/paypal....PlantUML is free software; you can redistribute it and/or modify it..under the terms of the GNU General Public License as published by..the Free Software Foundation, either version 3 of the License, or..(at your option) any later version.....PlantUML distributed in the hope that it will be useful, but..WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY..or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public..License for more details.....You should have received a copy of the GNU General Public..License along with this library; if not,
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1771
                                                                                                                                                                                                Entropy (8bit):5.442693979824128
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wK6l0jKDWwiOskSwEUTCJ6xD2oXk/HFeOJ/deODy1Tl4aGCv:DPknTgrHFXSO7uv
                                                                                                                                                                                                MD5:3DE4EB0A375473E7FCEE7F40EF71DD15
                                                                                                                                                                                                SHA1:D6D134994C30784398D5FF61874E2962BB45EFD2
                                                                                                                                                                                                SHA-256:5A53B01408C9B3C1AD1A8F82E5C4188388BDADFFE08BEEC186710BFA6E678ABC
                                                                                                                                                                                                SHA-512:7A18CAB0F3D8BE21C71046257A28F02C741A0647E8A20355293FA055572834A5E83792EC8865E227462F8CE9325F412D28FBF290FA7F876B533474FBF99BE433
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal EnableDelayedExpansion..set PlantUMLVer=1.2023.0..set PlantUMLJar=plantuml-%PlantUMLVer%.jar..set DOWNLOAD_URL=https://github.com/plantuml/plantuml/releases/download/v%PlantUMLVer%/%PlantUMLJar%..set PlantUML_PATH=Commands\PlantUML\%PlantUMLJar%..set MESSAGE='PlantUML is not installed. Do you want to download it and its dependences from %DOWNLOAD_URL%'..set TITLE='PlantUML Plugin'..set PlantUML_SHA256=0404edcf0af28e5b409bc17aa59ad8b05051f47347377749c46c8018135d0dec....cd "%APPDATA%\WinMerge"..if not exist %PlantUML_PATH% (.. cd "%~dp0..\..".. if not exist %PlantUML_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%PlantUML_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::Securit
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1074
                                                                                                                                                                                                Entropy (8bit):5.20644221729891
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wqkKbPFvpPYXvkusPEqXvkugGawXwdSr1VTuKzPFvI:MGPFvBovnsPEevngGZumPFvI
                                                                                                                                                                                                MD5:93AE1D5A603922E678E25A4B8AB60F76
                                                                                                                                                                                                SHA1:BDA6042EBA1F95AC679DD07999F22F3E9842C725
                                                                                                                                                                                                SHA-256:5FCF8C63E99FCD0075E02E05DB393951B790DECA37FC6DB49A70D6A8F2BBEA8F
                                                                                                                                                                                                SHA-512:01D026E0388B63F400728709472EB2F508F2F8529191BAC1B6317B2D82A5514A763B2BFB415FAEC1055BFA95236D7ACABB8744DE9CE34AAC9D7E8C0877769161
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal enabledelayedexpansion..if exist "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt) do set DUMPBIN_PATH=%%i..)..if not exist "!DUMPBIN_PATH!" (.. if exist "%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" (.. for /f "usebackq tokens=*" %%i in (`"%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" -latest -products * -property installationPath`) do (.. set InstallDir=%%i.. ).. ).. if exist "!InstallDir!\Common7\Tools\vsdevcmd.bat" (.. call "!InstallDir!\Common7\Tools\vsdevcmd.bat" > NUL.. ) else (.. echo Visual Studio not installed.. goto :eof.. ).. mkdir "%APPDATA%\WinMerge\Commands\dumpbin\" 2> NUL.. where dumpbin.exe > "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt".. if exist "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\dumpb
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1074
                                                                                                                                                                                                Entropy (8bit):5.20644221729891
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wqkKbPFvpPYXvkusPEqXvkugGawXwdSr1VTuKzPFvI:MGPFvBovnsPEevngGZumPFvI
                                                                                                                                                                                                MD5:93AE1D5A603922E678E25A4B8AB60F76
                                                                                                                                                                                                SHA1:BDA6042EBA1F95AC679DD07999F22F3E9842C725
                                                                                                                                                                                                SHA-256:5FCF8C63E99FCD0075E02E05DB393951B790DECA37FC6DB49A70D6A8F2BBEA8F
                                                                                                                                                                                                SHA-512:01D026E0388B63F400728709472EB2F508F2F8529191BAC1B6317B2D82A5514A763B2BFB415FAEC1055BFA95236D7ACABB8744DE9CE34AAC9D7E8C0877769161
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal enabledelayedexpansion..if exist "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt) do set DUMPBIN_PATH=%%i..)..if not exist "!DUMPBIN_PATH!" (.. if exist "%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" (.. for /f "usebackq tokens=*" %%i in (`"%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" -latest -products * -property installationPath`) do (.. set InstallDir=%%i.. ).. ).. if exist "!InstallDir!\Common7\Tools\vsdevcmd.bat" (.. call "!InstallDir!\Common7\Tools\vsdevcmd.bat" > NUL.. ) else (.. echo Visual Studio not installed.. goto :eof.. ).. mkdir "%APPDATA%\WinMerge\Commands\dumpbin\" 2> NUL.. where dumpbin.exe > "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt".. if exist "%APPDATA%\WinMerge\Commands\dumpbin\dumpbinpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\dumpb
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1058
                                                                                                                                                                                                Entropy (8bit):5.142344487666288
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wqvbPAunPYXvkusPEqXvkugGawXwdSr1V7zPA7:LPAuPovnsPEevngGxPA7
                                                                                                                                                                                                MD5:CD549EA1B144648A57D4D443665C6A0A
                                                                                                                                                                                                SHA1:8B88D7E9452A0C1A7FF37BA1AC05EF9796AC473D
                                                                                                                                                                                                SHA-256:BF9A8D277D4E016AE8FD6EE342EBCD1A8A28FECD3004CEF045FBA373BE4F8E01
                                                                                                                                                                                                SHA-512:F307381687C84FE9C93B529D240B06D78E3F843DEDBA6627EA2ADDB66F279ED022B394B015B24B1B30FE11069CB2779986524EFF2EB187F528235D0441217D33
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal enabledelayedexpansion..if exist "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt) do set ILDASM_PATH=%%i..)..if not exist "!ILDASM_PATH!" (.. if exist "%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" (.. for /f "usebackq tokens=*" %%i in (`"%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" -latest -products * -property installationPath`) do (.. set InstallDir=%%i.. ).. ).. if exist "!InstallDir!\Common7\Tools\vsdevcmd.bat" (.. call "!InstallDir!\Common7\Tools\vsdevcmd.bat" > NUL.. ) else (.. echo Visual Studio not installed.. goto :eof.. ).. mkdir "%APPDATA%\WinMerge\Commands\ildasm\" 2> NUL.. where ildasm.exe > "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt".. if exist "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\ildasm\ildasmpath
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1058
                                                                                                                                                                                                Entropy (8bit):5.142344487666288
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:wqvbPAunPYXvkusPEqXvkugGawXwdSr1V7zPA7:LPAuPovnsPEevngGxPA7
                                                                                                                                                                                                MD5:CD549EA1B144648A57D4D443665C6A0A
                                                                                                                                                                                                SHA1:8B88D7E9452A0C1A7FF37BA1AC05EF9796AC473D
                                                                                                                                                                                                SHA-256:BF9A8D277D4E016AE8FD6EE342EBCD1A8A28FECD3004CEF045FBA373BE4F8E01
                                                                                                                                                                                                SHA-512:F307381687C84FE9C93B529D240B06D78E3F843DEDBA6627EA2ADDB66F279ED022B394B015B24B1B30FE11069CB2779986524EFF2EB187F528235D0441217D33
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..setlocal enabledelayedexpansion..if exist "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt) do set ILDASM_PATH=%%i..)..if not exist "!ILDASM_PATH!" (.. if exist "%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" (.. for /f "usebackq tokens=*" %%i in (`"%programfiles(x86)%\microsoft visual studio\installer\vswhere.exe" -latest -products * -property installationPath`) do (.. set InstallDir=%%i.. ).. ).. if exist "!InstallDir!\Common7\Tools\vsdevcmd.bat" (.. call "!InstallDir!\Common7\Tools\vsdevcmd.bat" > NUL.. ) else (.. echo Visual Studio not installed.. goto :eof.. ).. mkdir "%APPDATA%\WinMerge\Commands\ildasm\" 2> NUL.. where ildasm.exe > "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt".. if exist "%APPDATA%\WinMerge\Commands\ildasm\ildasmpath.txt" (.. for /f "usebackq tokens=*" %%i in (%APPDATA%\WinMerge\Commands\ildasm\ildasmpath
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):591
                                                                                                                                                                                                Entropy (8bit):5.2663802680458724
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:NagoNvM8k22Xj1+/8rAN2im6KbGzzSy4kNny08QYZ4/pG4zGhD:UdNvejwHzm4nbYcpsD
                                                                                                                                                                                                MD5:82DA83A68C008148451B3D08B8669F31
                                                                                                                                                                                                SHA1:DB0A2E90B639D4E325BFFC10DA5681978ECF8015
                                                                                                                                                                                                SHA-256:305E7BAF0F1FDA179EED96DF406473AE277D29FC0D07A6923642A722C7F51291
                                                                                                                                                                                                SHA-512:48CE355F1705DE628F536C71C681761554DC45A6777CF37851E61B9B5BCA1F0589A54FB0A6C8B59F25B20F0621E41FE7C72C93F74D6F6CB3C5626BD11BA1505C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..for %%i in (Apache-Tika Java PlantUML q yq) do (.. for /F "tokens=1,2" %%j in ('type %%i\URL.txt') do (.. echo Downloading %%j.. mkdir "%APPDATA%\WinMerge\Commands\%%i" 2> NUL.. powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri %%j -UseBasicParsing -Outfile '%APPDATA%\WinMerge\Commands\%%i\%%~nxj'".. if not "%%k" == "" (.. powershell -command "Expand-Archive -Path '%APPDATA%\WinMerge\Commands\%%i\%%~nxj' -DestinationPath '%APPDATA%\WinMerge\Commands\%%i\%%k' -Force".. ).. )..)..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6026
                                                                                                                                                                                                Entropy (8bit):5.1770541814752
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:/NPut0CQHT6KyuxDdjCpHHgUODHHgUObTCUePugefQHRDcF5Teprf5IYorYJCrYH:MbQHTvxjCpngU2ngUETr1QHRDcF5Tmr9
                                                                                                                                                                                                MD5:488F4E0B04C0456337FB70D1AC1758BA
                                                                                                                                                                                                SHA1:C4C65D618BA4BA1C37EA9C2F7C5954066D0D3BED
                                                                                                                                                                                                SHA-256:10E974638A41FADFD72357F2F3A4325E20B856C563365128F72FEAA406F8C92D
                                                                                                                                                                                                SHA-512:4C41CC278D4FDEAFF8EC8FAD3353CD1C03CC7E38A681BD64118D541E628A8621A2E327CF94FCD77BAD1EF5F796B839EBA70F90EEFDF297B84629EBBFFE2AC1CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:jq is copyright (C) 2012 Stephen Dolan..Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION.W
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1027584
                                                                                                                                                                                                Entropy (8bit):6.146221741723587
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:eYA6YaK43oPQdrxJnobG25Rt1LdJtgVA1KN8mLgdAM:iMx/25RzioT
                                                                                                                                                                                                MD5:336671437F8806FDD4E82BA63A9C0FFA
                                                                                                                                                                                                SHA1:99DAEC5966F04E018B6CCF267E3B945A6F08EC0F
                                                                                                                                                                                                SHA-256:E4EFDD6A2C463AE714ED98FD5E874FE834A3A2380E17885BD4CDA1C49E5166DF
                                                                                                                                                                                                SHA-512:480A07C4E30B857A211F61A22F4FBC61A623043ED260660ADA8D51429E8F4E17188F2E32D1CB7ED3EC580F406D3D2F2EFB8E47EE2B7D6B9B07013BDACC3F798A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ze...............).L...................`....@..................................o....@... ..............................p...................................O..........................T*.......................s...............................text....K.......L..................`..`.data....N...`...P...P..............@....rdata.............................@..@.eh_framh....P.......>..............@..@.bss.........`...........................idata.......p.......B..............@....CRT....4............T..............@....tls.................V..............@....rsrc................X..............@..@.reloc...O.......P...^..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6026
                                                                                                                                                                                                Entropy (8bit):5.1770541814752
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:/NPut0CQHT6KyuxDdjCpHHgUODHHgUObTCUePugefQHRDcF5Teprf5IYorYJCrYH:MbQHTvxjCpngU2ngUETr1QHRDcF5Tmr9
                                                                                                                                                                                                MD5:488F4E0B04C0456337FB70D1AC1758BA
                                                                                                                                                                                                SHA1:C4C65D618BA4BA1C37EA9C2F7C5954066D0D3BED
                                                                                                                                                                                                SHA-256:10E974638A41FADFD72357F2F3A4325E20B856C563365128F72FEAA406F8C92D
                                                                                                                                                                                                SHA-512:4C41CC278D4FDEAFF8EC8FAD3353CD1C03CC7E38A681BD64118D541E628A8621A2E327CF94FCD77BAD1EF5F796B839EBA70F90EEFDF297B84629EBBFFE2AC1CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:jq is copyright (C) 2012 Stephen Dolan..Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION.W
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1027584
                                                                                                                                                                                                Entropy (8bit):6.146221741723587
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:eYA6YaK43oPQdrxJnobG25Rt1LdJtgVA1KN8mLgdAM:iMx/25RzioT
                                                                                                                                                                                                MD5:336671437F8806FDD4E82BA63A9C0FFA
                                                                                                                                                                                                SHA1:99DAEC5966F04E018B6CCF267E3B945A6F08EC0F
                                                                                                                                                                                                SHA-256:E4EFDD6A2C463AE714ED98FD5E874FE834A3A2380E17885BD4CDA1C49E5166DF
                                                                                                                                                                                                SHA-512:480A07C4E30B857A211F61A22F4FBC61A623043ED260660ADA8D51429E8F4E17188F2E32D1CB7ED3EC580F406D3D2F2EFB8E47EE2B7D6B9B07013BDACC3F798A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ze...............).L...................`....@..................................o....@... ..............................p...................................O..........................T*.......................s...............................text....K.......L..................`..`.data....N...`...P...P..............@....rdata.............................@..@.eh_framh....P.......>..............@..@.bss.........`...........................idata.......p.......B..............@....CRT....4............T..............@....tls.................V..............@....rsrc................X..............@..@.reloc...O.......P...^..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1096
                                                                                                                                                                                                Entropy (8bit):5.186765243069268
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:aZENrRONJHujH0cPP3gtkHw1h39KAHGhsUv4eOk4/+jm3oqMSFJ:aZENtONJYbvE/NKAHGhs5eNm3oEFJ
                                                                                                                                                                                                MD5:383F39920F391605AF6E8E46E60E2378
                                                                                                                                                                                                SHA1:90846C5A4D1373EB1DFA01886CE192B2674DB511
                                                                                                                                                                                                SHA-256:D30937367D5413E7EAA218B1640B8946FF76FD34D97152F6979FD96169D5D0FC
                                                                                                                                                                                                SHA-512:77887FEF6646C62013B72F47EE95F1BCFF67CF8BB5E2577D82C896F7D8AF93784FAFF5CCEF1DCAB20F51D8977E6D2CDAA88D3CB43F23D6F7C6B214B83DB731E3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# The MIT License (MIT)..Copyright . 2016-2024 Martin Mit....Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the .Software.),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED .AS IS., WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISIN
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):295
                                                                                                                                                                                                Entropy (8bit):4.90715201528161
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:h6RmvYz+dd9ujH0/buW/5Y5KxIcDvb7BbAg+S37sQK:YRmvT9ujH0bQEIcPJADeK
                                                                                                                                                                                                MD5:E6EB65A3A26F7DE71B2782E280068160
                                                                                                                                                                                                SHA1:EDB9902910DCE381FD3C560466B063D587D9076B
                                                                                                                                                                                                SHA-256:8C4CA503505D0ACE5B42F279DC92C711B06F1A63340F9F151F7F21B0CFF952AB
                                                                                                                                                                                                SHA-512:0B996AE0D1A44376DCDB6B70B1C8D4BEB032DA904163C4D664FDCB5027A21C79FE85BAE7532EA35144B2A80F4212BA02689ACABA8A65C4A1A01CE7F48AA435CE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..echo ^<!DOCTYPE html^>..echo ^<html^>..echo ^<head^>..echo ^<title^>^</title^>..echo ^<meta name="generator" content="md2html"^>..echo ^<base href="file:///%~dp1"^>..echo ^</head^>..echo ^<body^>..type %1 | "%~dp0\md2html.exe" %2 %3 %4 %5 %6 %7 %8 %9..echo ^</body^>..echo ^</html^>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):95389
                                                                                                                                                                                                Entropy (8bit):6.351958651853396
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:2FhSNBiCwti7kGwKEaRvXT0gMQq/OmIqoamOdqVhV:2FhSNBiCwtiIGwK1eGadqVL
                                                                                                                                                                                                MD5:C441AC00F19E1AAEECA422F450F8FE9B
                                                                                                                                                                                                SHA1:14D8305C863EC3362F1A2011071185AEF974F93E
                                                                                                                                                                                                SHA-256:D9A721D18E6EBD0A274F092B409BDD1302A5CC9741F53184AD1F5D05CF5C03F5
                                                                                                                                                                                                SHA-512:6F670C7F2045A03943221A7AE719D3C4C069A825367DA5F72271BD5B32EE3AAC53F9B7024D3367A85F9B5D1CBBBB84C42685C3A2ADCD87C590FAB4EA5764488B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e.n..,.....&#...*.....j....................Lk.................................%....@... .........................G.......P...........................................................$T......................................................text...............................`..`.data...,...........................@....rdata...:... ...<..................@..@/4...........`.......>..............@..@.bss.....................................edata..G............R..............@..@.idata..P............T..............@....CRT....,............Z..............@....tls.................\..............@....reloc...............^..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):109220
                                                                                                                                                                                                Entropy (8bit):6.105046591488112
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:xDB8At5TE6Bpi4gDKHvJbKTuFpYy8y0tvkTj5JOe51xKTEjRbI:xDOAt5TdBpiRAzpYtvkTj5JOe5PE
                                                                                                                                                                                                MD5:57F31D328C85AFB0BAAD1764C3BA6346
                                                                                                                                                                                                SHA1:258A138704B0A22223E546DC57FFCE7EE8239934
                                                                                                                                                                                                SHA-256:FC3640060BDFB60973E45F2053B6BA39B1B31C8C3492ACA8FEA543F59A761063
                                                                                                                                                                                                SHA-512:981822CC21613233824FCCEA5A3413E5827F949CBEEED50A41FF5E55700F265A03396926D7518CF2BC5C78970205B3FBC5FCD5C6D63AE4DEC00D3D6DD121FECB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e....:.....&#...*...........................n......................... ............@... .........................c.......................................h............................w......................$................................text...............................`..`.data...X...........................@....rdata..............................@..@/4...................d..............@..@.bss....T................................edata..c............~..............@..@.idata..............................@....CRT....,...........................@....tls................................@....reloc..h...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):59176
                                                                                                                                                                                                Entropy (8bit):6.197366541786481
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:8hviIQFF0yNLbdWPOpi0w7H8KDGYrxFn7lhHRhV4ZgA6OTTEC1msaetRJ9oCVA8C:+iTFzdWmpi088KDvL2tUuW43E
                                                                                                                                                                                                MD5:BDD6AE6B15BD8168E02140E0C97A59F2
                                                                                                                                                                                                SHA1:489AA9AC066A9FBC537178681049BA9905930C55
                                                                                                                                                                                                SHA-256:971A810AC5D3F1A5B26822062D3485109E768815B745A299FAECE553D466C26B
                                                                                                                                                                                                SHA-512:2B2C52888B610111DDEF056C4DB00AD692DDAD813C7F5A2CABA61FD921500C07A947FCCA4E68072514EEE39FB9B4DBB5310CA96A228905FB010EA3C576AEC156
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e....L.....&....*..........................@..........................P............@... .................................t....0.......................@..p...................................................l................................text..............................`..`.data...\...........................@....rdata........... ..................@..@/4......h...........................@..@.bss.....................................idata..t...........................@....CRT....0...........................@....tls......... ......................@....rsrc........0......................@..@.reloc..p....@......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1096
                                                                                                                                                                                                Entropy (8bit):5.186765243069268
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:aZENrRONJHujH0cPP3gtkHw1h39KAHGhsUv4eOk4/+jm3oqMSFJ:aZENtONJYbvE/NKAHGhs5eNm3oEFJ
                                                                                                                                                                                                MD5:383F39920F391605AF6E8E46E60E2378
                                                                                                                                                                                                SHA1:90846C5A4D1373EB1DFA01886CE192B2674DB511
                                                                                                                                                                                                SHA-256:D30937367D5413E7EAA218B1640B8946FF76FD34D97152F6979FD96169D5D0FC
                                                                                                                                                                                                SHA-512:77887FEF6646C62013B72F47EE95F1BCFF67CF8BB5E2577D82C896F7D8AF93784FAFF5CCEF1DCAB20F51D8977E6D2CDAA88D3CB43F23D6F7C6B214B83DB731E3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# The MIT License (MIT)..Copyright . 2016-2024 Martin Mit....Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the .Software.),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED .AS IS., WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISIN
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):109220
                                                                                                                                                                                                Entropy (8bit):6.105046591488112
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:xDB8At5TE6Bpi4gDKHvJbKTuFpYy8y0tvkTj5JOe51xKTEjRbI:xDOAt5TdBpiRAzpYtvkTj5JOe5PE
                                                                                                                                                                                                MD5:57F31D328C85AFB0BAAD1764C3BA6346
                                                                                                                                                                                                SHA1:258A138704B0A22223E546DC57FFCE7EE8239934
                                                                                                                                                                                                SHA-256:FC3640060BDFB60973E45F2053B6BA39B1B31C8C3492ACA8FEA543F59A761063
                                                                                                                                                                                                SHA-512:981822CC21613233824FCCEA5A3413E5827F949CBEEED50A41FF5E55700F265A03396926D7518CF2BC5C78970205B3FBC5FCD5C6D63AE4DEC00D3D6DD121FECB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e....:.....&#...*...........................n......................... ............@... .........................c.......................................h............................w......................$................................text...............................`..`.data...X...........................@....rdata..............................@..@/4...................d..............@..@.bss....T................................edata..c............~..............@..@.idata..............................@....CRT....,...........................@....tls................................@....reloc..h...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):95389
                                                                                                                                                                                                Entropy (8bit):6.351958651853396
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:2FhSNBiCwti7kGwKEaRvXT0gMQq/OmIqoamOdqVhV:2FhSNBiCwtiIGwK1eGadqVL
                                                                                                                                                                                                MD5:C441AC00F19E1AAEECA422F450F8FE9B
                                                                                                                                                                                                SHA1:14D8305C863EC3362F1A2011071185AEF974F93E
                                                                                                                                                                                                SHA-256:D9A721D18E6EBD0A274F092B409BDD1302A5CC9741F53184AD1F5D05CF5C03F5
                                                                                                                                                                                                SHA-512:6F670C7F2045A03943221A7AE719D3C4C069A825367DA5F72271BD5B32EE3AAC53F9B7024D3367A85F9B5D1CBBBB84C42685C3A2ADCD87C590FAB4EA5764488B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e.n..,.....&#...*.....j....................Lk.................................%....@... .........................G.......P...........................................................$T......................................................text...............................`..`.data...,...........................@....rdata...:... ...<..................@..@/4...........`.......>..............@..@.bss.....................................edata..G............R..............@..@.idata..P............T..............@....CRT....,............Z..............@....tls.................\..............@....reloc...............^..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):295
                                                                                                                                                                                                Entropy (8bit):4.90715201528161
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:h6RmvYz+dd9ujH0/buW/5Y5KxIcDvb7BbAg+S37sQK:YRmvT9ujH0bQEIcPJADeK
                                                                                                                                                                                                MD5:E6EB65A3A26F7DE71B2782E280068160
                                                                                                                                                                                                SHA1:EDB9902910DCE381FD3C560466B063D587D9076B
                                                                                                                                                                                                SHA-256:8C4CA503505D0ACE5B42F279DC92C711B06F1A63340F9F151F7F21B0CFF952AB
                                                                                                                                                                                                SHA-512:0B996AE0D1A44376DCDB6B70B1C8D4BEB032DA904163C4D664FDCB5027A21C79FE85BAE7532EA35144B2A80F4212BA02689ACABA8A65C4A1A01CE7F48AA435CE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..echo ^<!DOCTYPE html^>..echo ^<html^>..echo ^<head^>..echo ^<title^>^</title^>..echo ^<meta name="generator" content="md2html"^>..echo ^<base href="file:///%~dp1"^>..echo ^</head^>..echo ^<body^>..type %1 | "%~dp0\md2html.exe" %2 %3 %4 %5 %6 %7 %8 %9..echo ^</body^>..echo ^</html^>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):59176
                                                                                                                                                                                                Entropy (8bit):6.197366541786481
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:8hviIQFF0yNLbdWPOpi0w7H8KDGYrxFn7lhHRhV4ZgA6OTTEC1msaetRJ9oCVA8C:+iTFzdWmpi088KDvL2tUuW43E
                                                                                                                                                                                                MD5:BDD6AE6B15BD8168E02140E0C97A59F2
                                                                                                                                                                                                SHA1:489AA9AC066A9FBC537178681049BA9905930C55
                                                                                                                                                                                                SHA-256:971A810AC5D3F1A5B26822062D3485109E768815B745A299FAECE553D466C26B
                                                                                                                                                                                                SHA-512:2B2C52888B610111DDEF056C4DB00AD692DDAD813C7F5A2CABA61FD921500C07A947FCCA4E68072514EEE39FB9B4DBB5310CA96A228905FB010EA3C576AEC156
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..e....L.....&....*..........................@..........................P............@... .................................t....0.......................@..p...................................................l................................text..............................`..`.data...\...........................@....rdata........... ..................@..@/4......h...........................@..@.bss.....................................idata..t...........................@....CRT....0...........................@....tls......... ......................@....rsrc........0......................@..@.reloc..p....@......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):103166
                                                                                                                                                                                                Entropy (8bit):6.438613906021623
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Tre0u0y2Yck4hhyRBxI85p2beki6wQy80gjvq53k54UxnUP:nBuLFt4hhyRDZUad6wQy8pEkVnUP
                                                                                                                                                                                                MD5:55229243A445AF57C59761F4FC10A3B7
                                                                                                                                                                                                SHA1:3608B654334B997A97486F3D840786588BDE47DC
                                                                                                                                                                                                SHA-256:C8C5440AF04BF3C7B35E546B6FA724B8123422DB74A7673801A2B519728A4B5D
                                                                                                                                                                                                SHA-512:A8266EEAD58285BB8120D84DF752A034FD35E257967D99B3AF7519AA63ACAC30782723BA3BEA02E4E9344C6CBD0AA29B76CC61C3AC2FDF386F3FE038D0221905
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........!......#...#.D..........`G.......`.....j.................................h........ .........................s.......X.......................................................................................p............................text....C.......D..................`.P`.data...@....`.......H..............@.`..rdata.......p.......J..............@.`@.buildid5............`..............@.0@/4...................b..............@.0..bss....H.............................`..edata..s............v..............@.0@.idata..X...........................@.0..reloc..............................@.0B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3362559
                                                                                                                                                                                                Entropy (8bit):6.266382256196019
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:cCkgs3WfqTw4LbOI2eLJG0zcR3Py92TI8Ri9HqzSYPgcBl2U0X3UKut5bNbgcD5l:nts9TBJIaYPgcBl2U0X3UKut5bNbgcDf
                                                                                                                                                                                                MD5:3669501666877E287C9FEAFFD1605AB1
                                                                                                                                                                                                SHA1:7451FFCBA556C3CC35602B537D086435FE2A16F5
                                                                                                                                                                                                SHA-256:FB4A05CE7D50721C71F66C37E0AB7E52CD46034A2E394940B3F60C9C2AFB079A
                                                                                                                                                                                                SHA-512:6EFDB9AAD523398ABAECA8E9B640DA14DB5700E589452824B3DFD7FDA707DBFBE837CAC55EB44A07FD029140F7247BA0CB899DC252C33BEFAFE8AC582507A9FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........+..B.....!...$......*..x..@..............a..........................O.......3....... .......................+._....................................P,.......(..............................................................................text....h.......j..................`.``/4.......!......."...n.............. .@..data...............................@.`..rdata..h5...."..6....".............@.`@.buildid5.....(.......'.............@.0@.bss.....v....(.......................`..edata.._.....+.......'.............@.0@.reloc.......P,.......(.............@.0B/19.......... .......N*.............@.`..idata...........0....*.............@.0./38...................+.............@.0B.rsrc.................+.............@.0..cygheap.. .../.......................0.........................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):207279
                                                                                                                                                                                                Entropy (8bit):6.257340830373565
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:8ETp56/3S8Fat2OkIbt8X7nvEDdV7q1IAegepxmMISQVSQOv:8ETp56/3S8Yt2dIbt8X7vEdlpjwOv
                                                                                                                                                                                                MD5:4864A803BF955E82F772DB8B14262B87
                                                                                                                                                                                                SHA1:BD307FFA45F242CB2F4B1261F70F8A2A421AEA73
                                                                                                                                                                                                SHA-256:A9493C56D6A14055AEAB5C8893A5ECDA3EE39D411A09D71CB3C6C2EDE1C94074
                                                                                                                                                                                                SHA-512:3FFA5720BED5054FBF2A211F6428A90BDF9A256F048E5D5DE04722D075BEC1D5E22C40F86CFBB29B15093D63FA83EA6EF43439EB896EB28C0646B461E884F2C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................'......@...................P....@..........................p................ ..............................@..,....`..h............................................................................B...............................text...T?.......@..................`.P`.data...$....P.......D..............@.`..rdata..,g...`...h...F..............@.`@.buildid5...........................@.0@/4.......F.......H..................@.0@.bss.........0........................`..idata..,....@......................@.0..rsrc...h....`......................@.0.................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3362559
                                                                                                                                                                                                Entropy (8bit):6.266382256196019
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:cCkgs3WfqTw4LbOI2eLJG0zcR3Py92TI8Ri9HqzSYPgcBl2U0X3UKut5bNbgcD5l:nts9TBJIaYPgcBl2U0X3UKut5bNbgcDf
                                                                                                                                                                                                MD5:3669501666877E287C9FEAFFD1605AB1
                                                                                                                                                                                                SHA1:7451FFCBA556C3CC35602B537D086435FE2A16F5
                                                                                                                                                                                                SHA-256:FB4A05CE7D50721C71F66C37E0AB7E52CD46034A2E394940B3F60C9C2AFB079A
                                                                                                                                                                                                SHA-512:6EFDB9AAD523398ABAECA8E9B640DA14DB5700E589452824B3DFD7FDA707DBFBE837CAC55EB44A07FD029140F7247BA0CB899DC252C33BEFAFE8AC582507A9FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........+..B.....!...$......*..x..@..............a..........................O.......3....... .......................+._....................................P,.......(..............................................................................text....h.......j..................`.``/4.......!......."...n.............. .@..data...............................@.`..rdata..h5...."..6....".............@.`@.buildid5.....(.......'.............@.0@.bss.....v....(.......................`..edata.._.....+.......'.............@.0@.reloc.......P,.......(.............@.0B/19.......... .......N*.............@.`..idata...........0....*.............@.0./38...................+.............@.0B.rsrc.................+.............@.0..cygheap.. .../.......................0.........................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):103166
                                                                                                                                                                                                Entropy (8bit):6.438613906021623
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Tre0u0y2Yck4hhyRBxI85p2beki6wQy80gjvq53k54UxnUP:nBuLFt4hhyRDZUad6wQy8pEkVnUP
                                                                                                                                                                                                MD5:55229243A445AF57C59761F4FC10A3B7
                                                                                                                                                                                                SHA1:3608B654334B997A97486F3D840786588BDE47DC
                                                                                                                                                                                                SHA-256:C8C5440AF04BF3C7B35E546B6FA724B8123422DB74A7673801A2B519728A4B5D
                                                                                                                                                                                                SHA-512:A8266EEAD58285BB8120D84DF752A034FD35E257967D99B3AF7519AA63ACAC30782723BA3BEA02E4E9344C6CBD0AA29B76CC61C3AC2FDF386F3FE038D0221905
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........!......#...#.D..........`G.......`.....j.................................h........ .........................s.......X.......................................................................................p............................text....C.......D..................`.P`.data...@....`.......H..............@.`..rdata.......p.......J..............@.`@.buildid5............`..............@.0@/4...................b..............@.0..bss....H.............................`..edata..s............v..............@.0@.idata..X...........................@.0..reloc..............................@.0B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):207279
                                                                                                                                                                                                Entropy (8bit):6.257340830373565
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:8ETp56/3S8Fat2OkIbt8X7nvEDdV7q1IAegepxmMISQVSQOv:8ETp56/3S8Yt2dIbt8X7vEdlpjwOv
                                                                                                                                                                                                MD5:4864A803BF955E82F772DB8B14262B87
                                                                                                                                                                                                SHA1:BD307FFA45F242CB2F4B1261F70F8A2A421AEA73
                                                                                                                                                                                                SHA-256:A9493C56D6A14055AEAB5C8893A5ECDA3EE39D411A09D71CB3C6C2EDE1C94074
                                                                                                                                                                                                SHA-512:3FFA5720BED5054FBF2A211F6428A90BDF9A256F048E5D5DE04722D075BEC1D5E22C40F86CFBB29B15093D63FA83EA6EF43439EB896EB28C0646B461E884F2C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................'......@...................P....@..........................p................ ..............................@..,....`..h............................................................................B...............................text...T?.......@..................`.P`.data...$....P.......D..............@.`..rdata..,g...`...h...F..............@.`@.buildid5...........................@.0@/4.......F.......H..................@.0@.bss.........0........................`..idata..,....@......................@.0..rsrc...h....`......................@.0.................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6195
                                                                                                                                                                                                Entropy (8bit):5.183035655065466
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:M78QlvtNrPF7WFGIcH6Rg6GuRcHi6JGYcHQ+GkcHszqoG4cHAHqmGQcHfdcDcGY7:pQlrQ8ZtZIw3bdxLUct
                                                                                                                                                                                                MD5:7FDC216116CBE7C16085A1C08E15409B
                                                                                                                                                                                                SHA1:BEA84B8E4DD5DD559B5A9A9F4A63584109338E00
                                                                                                                                                                                                SHA-256:79AA95224BA6F373C4088D6E55DEB220DA92C1DA212F32A3DADC8EF3B9616689
                                                                                                                                                                                                SHA-512:C17C05A6FA6320C6AEBB77F59672578131331AAD7E08E72F9A28A01FDB675001FE119D2246744CB9F2795FF5213CD390FA5BDFE69A47AFCBFBEB97A7067BCAAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# =========================================================================..#..# Schema Extension for Cygwin User and Group auxiliary classes..#..# Extend your Active Directory using..#..# ldifde -i -f <path>\<this>.ldif -b <username> <domain> <password> \..# -k -c "CN=schema,CN=Configuration,DC=X" #schemaNamingContext..#..# Remember:..# - you have to be schema admin for your active directory..# - you have to run the above command directly from your schema master..#..# For further information read..# http://technet.microsoft.com/en-us/magazine/2008.05.schema.aspx..#..# ----------------------------------------------------------------------..#..# Explanation for the OIDs:..#..# Value Meaning Description..# 1 ISO Identifies the root authority...# 3 IANA Group designation assigned by ISO...# 6.1.4.1.2312 Red Hat Organization assigned by IANA...# 15 Cygwin Assigned by Organization...# Y Object Type Numb
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6195
                                                                                                                                                                                                Entropy (8bit):5.183035655065466
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:M78QlvtNrPF7WFGIcH6Rg6GuRcHi6JGYcHQ+GkcHszqoG4cHAHqmGQcHfdcDcGY7:pQlrQ8ZtZIw3bdxLUct
                                                                                                                                                                                                MD5:7FDC216116CBE7C16085A1C08E15409B
                                                                                                                                                                                                SHA1:BEA84B8E4DD5DD559B5A9A9F4A63584109338E00
                                                                                                                                                                                                SHA-256:79AA95224BA6F373C4088D6E55DEB220DA92C1DA212F32A3DADC8EF3B9616689
                                                                                                                                                                                                SHA-512:C17C05A6FA6320C6AEBB77F59672578131331AAD7E08E72F9A28A01FDB675001FE119D2246744CB9F2795FF5213CD390FA5BDFE69A47AFCBFBEB97A7067BCAAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# =========================================================================..#..# Schema Extension for Cygwin User and Group auxiliary classes..#..# Extend your Active Directory using..#..# ldifde -i -f <path>\<this>.ldif -b <username> <domain> <password> \..# -k -c "CN=schema,CN=Configuration,DC=X" #schemaNamingContext..#..# Remember:..# - you have to be schema admin for your active directory..# - you have to run the above command directly from your schema master..#..# For further information read..# http://technet.microsoft.com/en-us/magazine/2008.05.schema.aspx..#..# ----------------------------------------------------------------------..#..# Explanation for the OIDs:..#..# Value Meaning Description..# 1 ISO Identifies the root authority...# 3 IANA Group designation assigned by ISO...# 6.1.4.1.2312 Red Hat Organization assigned by IANA...# 15 Cygwin Assigned by Organization...# Y Object Type Numb
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35147
                                                                                                                                                                                                Entropy (8bit):4.573442652974749
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Mo1acy3LTB2VsrHG/OfvMmnBCtLmJ9A7D:Mhcycsrfrnoue
                                                                                                                                                                                                MD5:D32239BCB673463AB874E80D47FAE504
                                                                                                                                                                                                SHA1:8624BCDAE55BAEEF00CD11D5DFCFA60F68710A02
                                                                                                                                                                                                SHA-256:8CEB4B9EE5ADEDDE47B31E975C1D90C73AD27B6B165A1DCD80C7C545EB65B903
                                                                                                                                                                                                SHA-512:7633623B66B5E686BB94DD96A7CDB5A7E5EE00E87004FAB416A5610D59C62BADAF512A2E26E34E2455B7ED6B76690D2CD47464836D7D85D78B51D50F7E933D5C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: GNU GENERAL PUBLIC LICENSE. Version 3, 29 June 2007.. Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed... Preamble.. The GNU General Public License is a free, copyleft license for.software and other kinds of works... The licenses for most software and other practical works are designed.to take away your freedom to share and change the works. By contrast,.the GNU General Public License is intended to guarantee your freedom to.share and change all versions of a program--to make sure it remains free.software for all its users. We, the Free Software Foundation, use the.GNU General Public License for most of our software; it applies also to.any other work released this way by its authors. You can apply it to.your programs, too... When we speak of free software, we are referring to
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1458
                                                                                                                                                                                                Entropy (8bit):4.890560517081035
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:C9TPYoEOkfQQRXKNgwNBtrfXPK+n9hakssFQ6WjCQGN/vp7crzESiz8zA:QTg/fQQRaqgZl/DsCQsT/vp7cvUzJ
                                                                                                                                                                                                MD5:31BF89A571F62566F84D9C1B3E0D8545
                                                                                                                                                                                                SHA1:CC391CC58B8A33BAD26474BBFBBD66526EBF9376
                                                                                                                                                                                                SHA-256:794433752103CF4BBB4A84A1BDB8FBC150ABB1762704BB35FECC9F7F820BE984
                                                                                                                                                                                                SHA-512:36BE9C18A83BA498966B74F1C01F8DFE8342C8871D47935D1677F3602F802AABD7530E8653FF403C26B5FC80BE09004393C844364AE86FAAD214840B83C00925
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESSED OR.IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE...Unless stated otherwise, the sources under the cygwin subdirectory,.as well as the sources under the cygserver subdirectory linked into.the Cygwin DLL, are licensed under the Lesser Gnu Public License,.version 3 or (at your option) any later version (LGPLv3+). See the.COPYING.LIB file for the exact wording of that license...Unless stated otherwise, the sources under the cygserver subdir not.linked into the Cygwin DLL, as well as the sources under the lsaauth.and the utils subdirectories are licensed under the Gnu Public License,.version 3 or (at your option) any later version (GPLv3+). See the.COPYING file for the exact wording of that license. ..Parts of the sources in any subdirectory are licensed using a BSD-like.license. The affected source files contain explicit copyright notices.to t
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8136
                                                                                                                                                                                                Entropy (8bit):4.494288173324342
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:vm8yrd5ei20HoHvnxST3j83LpIpXoT+aPOVhvpNrpU/RdV3+tQI+wla7ZvOv/I/P:v9yrd5eiHHoHvxWOp8oPPwmdech+0P
                                                                                                                                                                                                MD5:815865B276963D26F9B4BB70FBB56075
                                                                                                                                                                                                SHA1:4C849B55F93CEA2F7CDB419FA471919C839E3848
                                                                                                                                                                                                SHA-256:A311D924C6A11E6107B498F2A6E8B04A54CF24B4B8533CFB8FCD64BD899179ED
                                                                                                                                                                                                SHA-512:8BBDB23C273155B1B388E09A0552857D93AA8A322ED0E3C4639EC455C3EFE340F5C443838E5C986563C4C00CD55C54F95B2F7767FE7622A4BAC8856D36E24579
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:What is Cygserver?.. Cygserver is a program which is designed to run as a background service.. It provides Cygwin applications with services which require security. arbitration or which need to persist while no other cygwin application. is running... The implemented services so far are:.. - Control slave tty/pty handle dispersal from tty owner to other. processes without compromising the owner processes' security.. - XSI IPC Message Queues.. - XSI IPC Semaphores.. - XSI IPC Shared Memory.. - Allows non-privileged users to store obfuscated passwords in the. registry to be used for setuid(2) to create user tokens with network. credentials. This service is used by `passwd -R'. Using the stored. passwords in setuid(2) does not require running cygserver. The. registry storage is the same as Windows uses to store passwords for. accounts running Windows services....Cygserver command line options:.. Options to Cygserver take the normal UNIX-style `-X' or `--long
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35147
                                                                                                                                                                                                Entropy (8bit):4.573442652974749
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Mo1acy3LTB2VsrHG/OfvMmnBCtLmJ9A7D:Mhcycsrfrnoue
                                                                                                                                                                                                MD5:D32239BCB673463AB874E80D47FAE504
                                                                                                                                                                                                SHA1:8624BCDAE55BAEEF00CD11D5DFCFA60F68710A02
                                                                                                                                                                                                SHA-256:8CEB4B9EE5ADEDDE47B31E975C1D90C73AD27B6B165A1DCD80C7C545EB65B903
                                                                                                                                                                                                SHA-512:7633623B66B5E686BB94DD96A7CDB5A7E5EE00E87004FAB416A5610D59C62BADAF512A2E26E34E2455B7ED6B76690D2CD47464836D7D85D78B51D50F7E933D5C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: GNU GENERAL PUBLIC LICENSE. Version 3, 29 June 2007.. Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed... Preamble.. The GNU General Public License is a free, copyleft license for.software and other kinds of works... The licenses for most software and other practical works are designed.to take away your freedom to share and change the works. By contrast,.the GNU General Public License is intended to guarantee your freedom to.share and change all versions of a program--to make sure it remains free.software for all its users. We, the Free Software Foundation, use the.GNU General Public License for most of our software; it applies also to.any other work released this way by its authors. You can apply it to.your programs, too... When we speak of free software, we are referring to
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8136
                                                                                                                                                                                                Entropy (8bit):4.494288173324342
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:vm8yrd5ei20HoHvnxST3j83LpIpXoT+aPOVhvpNrpU/RdV3+tQI+wla7ZvOv/I/P:v9yrd5eiHHoHvxWOp8oPPwmdech+0P
                                                                                                                                                                                                MD5:815865B276963D26F9B4BB70FBB56075
                                                                                                                                                                                                SHA1:4C849B55F93CEA2F7CDB419FA471919C839E3848
                                                                                                                                                                                                SHA-256:A311D924C6A11E6107B498F2A6E8B04A54CF24B4B8533CFB8FCD64BD899179ED
                                                                                                                                                                                                SHA-512:8BBDB23C273155B1B388E09A0552857D93AA8A322ED0E3C4639EC455C3EFE340F5C443838E5C986563C4C00CD55C54F95B2F7767FE7622A4BAC8856D36E24579
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:What is Cygserver?.. Cygserver is a program which is designed to run as a background service.. It provides Cygwin applications with services which require security. arbitration or which need to persist while no other cygwin application. is running... The implemented services so far are:.. - Control slave tty/pty handle dispersal from tty owner to other. processes without compromising the owner processes' security.. - XSI IPC Message Queues.. - XSI IPC Semaphores.. - XSI IPC Shared Memory.. - Allows non-privileged users to store obfuscated passwords in the. registry to be used for setuid(2) to create user tokens with network. credentials. This service is used by `passwd -R'. Using the stored. passwords in setuid(2) does not require running cygserver. The. registry storage is the same as Windows uses to store passwords for. accounts running Windows services....Cygserver command line options:.. Options to Cygserver take the normal UNIX-style `-X' or `--long
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1458
                                                                                                                                                                                                Entropy (8bit):4.890560517081035
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:C9TPYoEOkfQQRXKNgwNBtrfXPK+n9hakssFQ6WjCQGN/vp7crzESiz8zA:QTg/fQQRaqgZl/DsCQsT/vp7cvUzJ
                                                                                                                                                                                                MD5:31BF89A571F62566F84D9C1B3E0D8545
                                                                                                                                                                                                SHA1:CC391CC58B8A33BAD26474BBFBBD66526EBF9376
                                                                                                                                                                                                SHA-256:794433752103CF4BBB4A84A1BDB8FBC150ABB1762704BB35FECC9F7F820BE984
                                                                                                                                                                                                SHA-512:36BE9C18A83BA498966B74F1C01F8DFE8342C8871D47935D1677F3602F802AABD7530E8653FF403C26B5FC80BE09004393C844364AE86FAAD214840B83C00925
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESSED OR.IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE...Unless stated otherwise, the sources under the cygwin subdirectory,.as well as the sources under the cygserver subdirectory linked into.the Cygwin DLL, are licensed under the Lesser Gnu Public License,.version 3 or (at your option) any later version (LGPLv3+). See the.COPYING.LIB file for the exact wording of that license...Unless stated otherwise, the sources under the cygserver subdir not.linked into the Cygwin DLL, as well as the sources under the lsaauth.and the utils subdirectories are licensed under the Gnu Public License,.version 3 or (at your option) any later version (GPLv3+). See the.COPYING file for the exact wording of that license. ..Parts of the sources in any subdirectory are licensed using a BSD-like.license. The affected source files contain explicit copyright notices.to t
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 210247
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):47855
                                                                                                                                                                                                Entropy (8bit):7.9940811952790245
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:768:2HEB76JTORRyCsmcRKzXkCPIx4X8vpZzLtZJZ6yM5TXs8PqvLe1ZGQmsK:2HvuRyXRKxAx4MvpZzLtvCJcaqvLeyQA
                                                                                                                                                                                                MD5:0E424118539084CE331B5913F922E3BE
                                                                                                                                                                                                SHA1:A26CF825DC47092C7BD4C83435F0061FD942A99D
                                                                                                                                                                                                SHA-256:BF16F3C319C8780B6538ACE21D4E2B769A046194DB9AA7027D4DEE21DEB51AEC
                                                                                                                                                                                                SHA-512:B59153ED6365B9C9F18A59199C9151A27C7E04982B53CD187652685C161F7CE731310727734F9F34E44815C74984AC778A1181DB73BE15944F65341CA1807324
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.............V.Y. ..s.%.._.*.`..3.@.:.."R].:..n..r7.ts.Q}.h^d^n.d....o..Q..'OJr3....i...z..M....Y7oF.a....Nt..../....%.".ho.e.....~3J....~>x..7..he.5....[.......$....x.D..q.G0P3:...].Eg...4:..f.g#.|.Gm...u.b4L..$...O.0.....p...=.'...'C.-.F0^..]...O...y.f...v..I3.E.......F.=D..Fp....{iq..#N....>...+........."i."..c........`.....g.......|....h%^.V.x.:....M<.7W..n.....#.i.?j.G.Q...s......Y.7..........+....%8...C\.k.e^.6../..fp]0..z.EW.1..q.......>.........K.N.W.....Go.&...4.9i8...4)..h..pN].w..........u.G..8:y..vpt.vq..ytzBo...C...h\\../..K.'.../...D+.7.#..G8.v{yL.{.8...l.......|...Od......Ay.<.K<.>......M.$u.5j...t20.OGH..^...q:H..g4&..........r...^/....Nz.0..a.t........?.3..>...@....w7.Y.}..._..Q3z.vG......{..#.I.[..........f..E..'m.O..wJ.....>.%oJ"Bt.w...|.........f..a...?!q..............h.'\...o...G....b`..b..F...O?.......>..F... .?93..6...q;.V....qik.@;.W?*n..:k.....<...]..]C.....U+qmT..tu.u#en...a.6.6..%..&."E..<...L3..CS..=.....w
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 36614
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11481
                                                                                                                                                                                                Entropy (8bit):7.981940046894167
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:YczOB6tnRdml8andTUdR2sqnIC+jracFthMak+MWmfF3gZoeIPCyMAOzPaB1vAlO:bzOBwRkl8andTUdmnICutG5+LfZAPCyb
                                                                                                                                                                                                MD5:24873A406B207B56BF376D8E91ABF6E2
                                                                                                                                                                                                SHA1:F5A966BE3DA16FD16E96E8A8F3D5B52B3BA0ABF0
                                                                                                                                                                                                SHA-256:5A76BFE06016E7E85253244895181DAE54C980E2BE0D97B6D99194F5C4BB5554
                                                                                                                                                                                                SHA-512:BD26CE202B6B4BE35BEFEE8CF2F7E1A2DBD2AA786C44D1236AC88BFCA59046E1B125C832AA685B326087B5E0816ADAE2D7E45737730D99CE30F0C8AB7DEB492C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........<ks.8...'...-..Y..L&..l..GF[......]. ...... mk..._?...(......)E".@...h..*1..K...J.kY.FI..C..:."...F..g.O.*L.3.z..X.z....!..zG:...rU.gG{b:......X..J.k.(.e....X...P......T.:1..`.,dV......:.qb.".W..2._.B.u.,6..s.......J.....(aQ#.~....Q9....8K"..5.E.d.9.M.l"..H%,...W.41+&...8./R..O..4..N...J\.....x....G.6.7.'....H......g....p....L<.{n.T..8$::R.|f.t.Ei..q`....N.}.2U1/...x...".+n.@...F..;.._t%V.N.n.X2.k.g<./.p.N...z.............<K...W........:......<....,..7.[...G..,T........\..w@.o.UF..a.{|Aqx9c-.|T.....N`Lf.S..u.P.P.&.r.;M5..;mJT..C1.N@.'/.....!..oE...._+j.?z.I..:....1......~.}..X-.d.........9.k..{..,+.1.qz..^o..UF...3.b.C){M..s >... ..52..P.BFJ<....>..*...K.1.....E...@.(..4.p...+].0..Gv.....QT..5.Z.nO<....I.iF......o..........-.......Hf^B.Y.!+k....T....xW-.......#.........I.C.Y.;... .wN3P..[.7.^...-}...)..<..7.f.vFe"..x.H1(y...jp{..u.......@..E.e.....(..EV.../.n-.B.h...6`?WI.........$....~.....H#V.g7.........b.L)`.T...3.....i.@.6
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 210247
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):47855
                                                                                                                                                                                                Entropy (8bit):7.9940811952790245
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:768:2HEB76JTORRyCsmcRKzXkCPIx4X8vpZzLtZJZ6yM5TXs8PqvLe1ZGQmsK:2HvuRyXRKxAx4MvpZzLtvCJcaqvLeyQA
                                                                                                                                                                                                MD5:0E424118539084CE331B5913F922E3BE
                                                                                                                                                                                                SHA1:A26CF825DC47092C7BD4C83435F0061FD942A99D
                                                                                                                                                                                                SHA-256:BF16F3C319C8780B6538ACE21D4E2B769A046194DB9AA7027D4DEE21DEB51AEC
                                                                                                                                                                                                SHA-512:B59153ED6365B9C9F18A59199C9151A27C7E04982B53CD187652685C161F7CE731310727734F9F34E44815C74984AC778A1181DB73BE15944F65341CA1807324
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.............V.Y. ..s.%.._.*.`..3.@.:.."R].:..n..r7.ts.Q}.h^d^n.d....o..Q..'OJr3....i...z..M....Y7oF.a....Nt..../....%.".ho.e.....~3J....~>x..7..he.5....[.......$....x.D..q.G0P3:...].Eg...4:..f.g#.|.Gm...u.b4L..$...O.0.....p...=.'...'C.-.F0^..]...O...y.f...v..I3.E.......F.=D..Fp....{iq..#N....>...+........."i."..c........`.....g.......|....h%^.V.x.:....M<.7W..n.....#.i.?j.G.Q...s......Y.7..........+....%8...C\.k.e^.6../..fp]0..z.EW.1..q.......>.........K.N.W.....Go.&...4.9i8...4)..h..pN].w..........u.G..8:y..vpt.vq..ytzBo...C...h\\../..K.'.../...D+.7.#..G8.v{yL.{.8...l.......|...Od......Ay.<.K<.>......M.$u.5j...t20.OGH..^...q:H..g4&..........r...^/....Nz.0..a.t........?.3..>...@....w7.Y.}..._..Q3z.vG......{..#.I.[..........f..E..'m.O..wJ.....>.%oJ"Bt.w...|.........f..a...?!q..............h.'\...o...G....b`..b..F...O?.......>..F... .?93..6...q;.V....qik.@;.W?*n..:k.....<...]..]C.....U+qmT..tu.u#en...a.6.6..%..&."E..<...L3..CS..=.....w
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 36614
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11481
                                                                                                                                                                                                Entropy (8bit):7.981940046894167
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:YczOB6tnRdml8andTUdR2sqnIC+jracFthMak+MWmfF3gZoeIPCyMAOzPaB1vAlO:bzOBwRkl8andTUdmnICutG5+LfZAPCyb
                                                                                                                                                                                                MD5:24873A406B207B56BF376D8E91ABF6E2
                                                                                                                                                                                                SHA1:F5A966BE3DA16FD16E96E8A8F3D5B52B3BA0ABF0
                                                                                                                                                                                                SHA-256:5A76BFE06016E7E85253244895181DAE54C980E2BE0D97B6D99194F5C4BB5554
                                                                                                                                                                                                SHA-512:BD26CE202B6B4BE35BEFEE8CF2F7E1A2DBD2AA786C44D1236AC88BFCA59046E1B125C832AA685B326087B5E0816ADAE2D7E45737730D99CE30F0C8AB7DEB492C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........<ks.8...'...-..Y..L&..l..GF[......]. ...... mk..._?...(......)E".@...h..*1..K...J.kY.FI..C..:."...F..g.O.*L.3.z..X.z....!..zG:...rU.gG{b:......X..J.k.(.e....X...P......T.:1..`.,dV......:.qb.".W..2._.B.u.,6..s.......J.....(aQ#.~....Q9....8K"..5.E.d.9.M.l"..H%,...W.41+&...8./R..O..4..N...J\.....x....G.6.7.'....H......g....p....L<.{n.T..8$::R.|f.t.Ei..q`....N.}.2U1/...x...".+n.@...F..;.._t%V.N.n.X2.k.g<./.p.N...z.............<K...W........:......<....,..7.[...G..,T........\..w@.o.UF..a.{|Aqx9c-.|T.....N`Lf.S..u.P.P.&.r.;M5..;mJT..C1.N@.'/.....!..oE...._+j.?z.I..:....1......~.}..X-.d.........9.k..{..,+.1.qz..^o..UF...3.b.C){M..s >... ..52..P.BFJ<....>..*...K.1.....E...@.(..4.p...+].0..Gv.....QT..5.Z.nO<....I.iF......o..........-.......Hf^B.Y.!+k....T....xW-.......#.........I.C.Y.;... .wN3P..[.7.^...-}...)..<..7.f.vFe"..x.H1(y...jp{..u.......@..E.e.....(..EV.../.n-.B.h...6`?WI.........$....~.....H#V.g7.........b.L)`.T...3.....i.@.6
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3324
                                                                                                                                                                                                Entropy (8bit):4.657970991150273
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:SDLuUETp4Y6+qu+vvQwmIYBQ2wzNade4BtT2eC7XL:SDaESS4wgqjc9qeC7XL
                                                                                                                                                                                                MD5:FE60D87048567D4FE8C8A0ED2448BCC8
                                                                                                                                                                                                SHA1:C0AD296B24F96E7C77CE564CAD2FA1A4F76024D8
                                                                                                                                                                                                SHA-256:9D6B43CE4D8DE0C878BF16B54D8E7A10D9BD42B75178153E3AF6A815BDC90F74
                                                                                                                                                                                                SHA-512:0FA9CDD317B02A5706DBB619231DDE8AD843F4052DBF2C8DAEF97FDAEEC81AF413BE12FAEC4D3BFBA583E77604596B5AAB62F1C9D54758DD32358AAA9BEBEF5A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GCC RUNTIME LIBRARY EXCEPTION..Version 3.1, 31 March 2009..Copyright (C) 2009 Free Software Foundation, Inc. <http://fsf.org/>..Everyone is permitted to copy and distribute verbatim copies of this.license document, but changing it is not allowed...This GCC Runtime Library Exception ("Exception") is an additional.permission under section 7 of the GNU General Public License, version.3 ("GPLv3"). It applies to a given file (the "Runtime Library") that.bears a notice placed by the copyright holder of the file stating that.the file is governed by GPLv3 along with this Exception...When you use GCC to compile a program, GCC may combine portions of.certain GCC header files and runtime libraries with the compiled.program. The purpose of this Exception is to allow compilation of.non-GPL (including proprietary) programs to use, in this way, the.header files and runtime libraries covered by this Exception...0. Definitions...A file is an "Independent Module" if it either requires the Runtime.Librar
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3324
                                                                                                                                                                                                Entropy (8bit):4.657970991150273
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:SDLuUETp4Y6+qu+vvQwmIYBQ2wzNade4BtT2eC7XL:SDaESS4wgqjc9qeC7XL
                                                                                                                                                                                                MD5:FE60D87048567D4FE8C8A0ED2448BCC8
                                                                                                                                                                                                SHA1:C0AD296B24F96E7C77CE564CAD2FA1A4F76024D8
                                                                                                                                                                                                SHA-256:9D6B43CE4D8DE0C878BF16B54D8E7A10D9BD42B75178153E3AF6A815BDC90F74
                                                                                                                                                                                                SHA-512:0FA9CDD317B02A5706DBB619231DDE8AD843F4052DBF2C8DAEF97FDAEEC81AF413BE12FAEC4D3BFBA583E77604596B5AAB62F1C9D54758DD32358AAA9BEBEF5A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GCC RUNTIME LIBRARY EXCEPTION..Version 3.1, 31 March 2009..Copyright (C) 2009 Free Software Foundation, Inc. <http://fsf.org/>..Everyone is permitted to copy and distribute verbatim copies of this.license document, but changing it is not allowed...This GCC Runtime Library Exception ("Exception") is an additional.permission under section 7 of the GNU General Public License, version.3 ("GPLv3"). It applies to a given file (the "Runtime Library") that.bears a notice placed by the copyright holder of the file stating that.the file is governed by GPLv3 along with this Exception...When you use GCC to compile a program, GCC may combine portions of.certain GCC header files and runtime libraries with the compiled.program. The purpose of this Exception is to allow compilation of.non-GPL (including proprietary) programs to use, in this way, the.header files and runtime libraries covered by this Exception...0. Definitions...A file is an "Independent Module" if it either requires the Runtime.Librar
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 34708
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11906
                                                                                                                                                                                                Entropy (8bit):7.982665202243619
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:X7zFICeuru4KzbI0uBeHJwmPEfbn74MxcysO9is9oVK5cwQdAGHsxoJtro5sA+vV:2CZiIeHqsPysYROUcwervJto5sAg/9
                                                                                                                                                                                                MD5:2BFA45B0D19992B16A80DDA3671969BE
                                                                                                                                                                                                SHA1:CB28BE23EC99087554385093665F2B96706348D3
                                                                                                                                                                                                SHA-256:CA57E06025443F32FCFFA186B082B7BA5A336E3846534D0D2AD4F30398420719
                                                                                                                                                                                                SHA-512:9D427280FE74C8BBFA287FF4B9D93B23FDBD92C2FE7DB3229B535BE8E1AE85AD753EF8D04D1CC7EF7B232094C5213BF549B73F92FC8CFFF9168B84AE21F0E1C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........}.s.....Wt)Wk)KR....8u.,..%.$.....HuL....LW*..~...H.....&..G?.../.nw.*k.wv....0...W.vx...C....+3r3.._..s...?.hdF7......;{`wv....ft....?5<...f..bm3.......Mea..vsWf.z..........yIft5..n.U...?.....#..q......w.6..m..i........vG..;e.....#.R^.^.\./o...q5M........'/N...\....rZ...^\.U.N..N..+p`|...y.-..9...,.].d......6o.U]. .:....4...f./j.p...^.$`..6..V.....`.....`..l..]y;.#...)y.....m..'.......Omdn`.2[..d\Z0ng...k..B0.vVW.^zi@..h..x..`.(.Q.....U1u3....<..K.......C........4.V.o..iW.YF.4.r....).%...l..9.r9..iK./...^..>....o......_............-..E..(..%.-.#..mr.-i..@8.......n...Y..mY<..!yy..0<.......3..k|........-r...n.<a...0y.+x...."w.`......#..X;.!..`uk.(.......`b.a9z........JSgn.....z..Z;..E.kC.,a.......(.Q..I...E.a|.i......P.Ff.hR....[.......N.aD.b.e...1.Q..9R....\....O...~.F....|...B..8....s..b.#.......$.A..,.......Y~...|BS0..V].Ec......70.....)....t......<m.bY...k......x:0..I..Y.B..~c....0...........{.. ......g..4E.Ft\.E2
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 34708
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11906
                                                                                                                                                                                                Entropy (8bit):7.982665202243619
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:X7zFICeuru4KzbI0uBeHJwmPEfbn74MxcysO9is9oVK5cwQdAGHsxoJtro5sA+vV:2CZiIeHqsPysYROUcwervJto5sAg/9
                                                                                                                                                                                                MD5:2BFA45B0D19992B16A80DDA3671969BE
                                                                                                                                                                                                SHA1:CB28BE23EC99087554385093665F2B96706348D3
                                                                                                                                                                                                SHA-256:CA57E06025443F32FCFFA186B082B7BA5A336E3846534D0D2AD4F30398420719
                                                                                                                                                                                                SHA-512:9D427280FE74C8BBFA287FF4B9D93B23FDBD92C2FE7DB3229B535BE8E1AE85AD753EF8D04D1CC7EF7B232094C5213BF549B73F92FC8CFFF9168B84AE21F0E1C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........}.s.....Wt)Wk)KR....8u.,..%.$.....HuL....LW*..~...H.....&..G?.../.nw.*k.wv....0...W.vx...C....+3r3.._..s...?.hdF7......;{`wv....ft....?5<...f..bm3.......Mea..vsWf.z..........yIft5..n.U...?.....#..q......w.6..m..i........vG..;e.....#.R^.^.\./o...q5M........'/N...\....rZ...^\.U.N..N..+p`|...y.-..9...,.].d......6o.U]. .:....4...f./j.p...^.$`..6..V.....`.....`..l..]y;.#...)y.....m..'.......Omdn`.2[..d\Z0ng...k..B0.vVW.^zi@..h..x..`.(.Q.....U1u3....<..K.......C........4.V.o..iW.YF.4.r....).%...l..9.r9..iK./...^..>....o......_............-..E..(..%.-.#..mr.-i..@8.......n...Y..mY<..!yy..0<.......3..k|........-r...n.<a...0y.+x...."w.`......#..X;.!..`uk.(.......`b.a9z........JSgn.....z..Z;..E.kC.,a.......(.Q..I...E.a|.i......P.Ff.hR....[.......N.aD.b.e...1.Q..9R....\....O...~.F....|...B..8....s..b.#.......$.A..,.......Y~...|BS0..V].Ec......70.....)....t......<m.bY...k......x:0..I..Y.B..~c....0...........{.. ......g..4E.Ft\.E2
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 17339
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6488
                                                                                                                                                                                                Entropy (8bit):7.968254671784316
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:g1MVFitte8mUmQdevBtpmK+rPDoNdF+UTuUh:eMV4ttTmqdNrLoXMOuUh
                                                                                                                                                                                                MD5:08135494D5D01619738BD09CBEACED57
                                                                                                                                                                                                SHA1:DFB0BFF2E359A5A2F6A51D0EABCAEBAEE0A41EAB
                                                                                                                                                                                                SHA-256:A56618EE997A62C1AFB5824C69956CC188F7955B57FEF95E50F316B958F65BDC
                                                                                                                                                                                                SHA-512:E10820D2EC9EDB40596E20EDC728674F9CCAE11C38ADF78C02887F147818A6EEC76F3D4A744A512DCCAD83BE8936E6776D57AB3FCE8B3605E662A3DE74E8AE50
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........[.s.F..9.+.t.]2.h..JbW..I.6k)R!(?*.zApHa..4..........`@.rRuW...X$.=..{.._N.(...xs].N.U....I..}..>S.u..U..i........W.k..z..P.Z..z..7:/.rOWFa...<..R.$QL.P..t~.W........e+..w.sPY.u.mU....0...y..J.)35..G..Z...|y.Wq!..Y..t..... \..+.8..2X..=u...*..oV.Lf...u..D......qI....&^.W.a.ZXgI....^..R.d.........X..-..*J(..........2.a*./..8.=<..% Ht..Y.6[X5J.xk....,...YW..._.F....*..-.+..{..dx W....I...F.]AD.g}5.1.H...V..i..f[.e.]....m....H.:].&..3..J.T..2..:.%f.L.;....../'.J..."..z..`.r.v0..>_.go.......M_..W.t....\.f..|<.Z.......^......L.+......5.....d.B.<.L.c?..t4.:.O_....l.&....-f=Z.)...f/.?.....p<./.3K/.).......`....&....._..!G.....d0...@.S,..7.L....IKT.jI:...`8.b..$=....Dj>..9.7........0.......?].!.dr..+....j`.... ....j.,....^.f......?.3....5.......a.........yx..Yy........+)p.......~..MYl(j6.O.I'l..z....9.57 u...h..G....p.US..d..|.;#Jo.....=0......W..2........j.R....}.0.!....dR...1A.._.G..9..]..W?....-.]....GR.../s....sU..$^.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 17339
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6488
                                                                                                                                                                                                Entropy (8bit):7.968254671784316
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:g1MVFitte8mUmQdevBtpmK+rPDoNdF+UTuUh:eMV4ttTmqdNrLoXMOuUh
                                                                                                                                                                                                MD5:08135494D5D01619738BD09CBEACED57
                                                                                                                                                                                                SHA1:DFB0BFF2E359A5A2F6A51D0EABCAEBAEE0A41EAB
                                                                                                                                                                                                SHA-256:A56618EE997A62C1AFB5824C69956CC188F7955B57FEF95E50F316B958F65BDC
                                                                                                                                                                                                SHA-512:E10820D2EC9EDB40596E20EDC728674F9CCAE11C38ADF78C02887F147818A6EEC76F3D4A744A512DCCAD83BE8936E6776D57AB3FCE8B3605E662A3DE74E8AE50
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........[.s.F..9.+.t.]2.h..JbW..I.6k)R!(?*.zApHa..4..........`@.rRuW...X$.=..{.._N.(...xs].N.U....I..}..>S.u..U..i........W.k..z..P.Z..z..7:/.rOWFa...<..R.$QL.P..t~.W........e+..w.sPY.u.mU....0...y..J.)35..G..Z...|y.Wq!..Y..t..... \..+.8..2X..=u...*..oV.Lf...u..D......qI....&^.W.a.ZXgI....^..R.d.........X..-..*J(..........2.a*./..8.=<..% Ht..Y.6[X5J.xk....,...YW..._.F....*..-.+..{..dx W....I...F.]AD.g}5.1.H...V..i..f[.e.]....m....H.:].&..3..J.T..2..:.%f.L.;....../'.J..."..z..`.r.v0..>_.go.......M_..W.t....\.f..|<.Z.......^......L.+......5.....d.B.<.L.c?..t4.:.O_....l.&....-f=Z.)...f/.?.....p<./.3K/.).......`....&....._..!G.....d0...@.S,..7.L....IKT.jI:...`8.b..$=....Dj>..9.7........0.......?].!.dr..+....j`.... ....j.,....^.f......?.3....5.......a.........yx..Yy........+)p.......~..MYl(j6.O.I'l..z....9.57 u...h..G....p.US..d..|.;#Jo.....=0......W..2........j.R....}.0.!....dR...1A.._.G..9..]..W?....-.]....GR.../s....sU..$^.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 12431
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4756
                                                                                                                                                                                                Entropy (8bit):7.963589231177926
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Pw4HBZoR5A3HbfzaudYN+3iHgV2jryX1XMkd1qyfyDVXRy3:Pw4hZk8gNuzV0CZMa1wVRy3
                                                                                                                                                                                                MD5:A50FE89ED2996E24414514231AECF8BF
                                                                                                                                                                                                SHA1:A6603F49EF60829033B0128146846F9E8256914F
                                                                                                                                                                                                SHA-256:6FECAF141EB6DCCA21A13D6C3ADD18F74279AA503399896B440B23E2372CDF1E
                                                                                                                                                                                                SHA-512:1067DC563568280C449A27789AC2080602A28A3494492BFC52C1DCAFEF85707552B8AC2B53D496035A4BC05DF7CFE42984BD25374FCE7C2665A22409B75C0698
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........[mw.G.....}......l..fs...9G.-..>..4C...3dz..&......7..l.......z}.....:I..4..3........[.....o.k..k5\.80i.k.v...3..503.gV%S...e....~9.Q8M.8.m.:Q...U..&.1....F.. ........DM.d.l2.nuj.4..p...$K.I.Md.j.f..[...f.ZY.&...D.,.. .J....Xc1D].....JR...2&.H&.4.4.i).gi.E..0.4..'$.\g..i.E.m..H.IH.,........=.X.N,..be3(+.....qrC..e....'Y...^..".$:%g.b],p."..rc.n......`.......F.FsR.$X-.^:..3.%...Z..^.#[...F.....}.V=..Bz!....c.|..3[.]..\.....r$vE.O...@.E..%z...2.$w.s3e.& ..../%....".....a...Mg.U.|1...vO..;<.A.U.7..N.T..{...|9....._;C,..+z.:.w...b...U....3..@y..........{.R .z..:....^..[.)m.U...;8y...c....c.^....{...u.......@]\...C!G[;..'g...{.....Zu.....u..U......!;.gB.9a....{2.-..N.9.w.R..O..o..Lg........Kx..N;.W._.3..]N...s....^..G..r.U....!...aw.....Pg.!k.r.m......T...||9.Yy~o..../F~.......@.......=.6....#..6DK.y.....+k.C..B.'#&Wy.|..Qe...}u.C.']z.'Jo.a....Cz...o:.d....2...../n.a..RuN..I|.2.a.;..dR.....EL..o.....B.Jg..v.o?W..H4..g...n./^....O..M.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:gzip compressed data, max compression, from Unix, original size modulo 2^32 12431
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4756
                                                                                                                                                                                                Entropy (8bit):7.963589231177926
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Pw4HBZoR5A3HbfzaudYN+3iHgV2jryX1XMkd1qyfyDVXRy3:Pw4hZk8gNuzV0CZMa1wVRy3
                                                                                                                                                                                                MD5:A50FE89ED2996E24414514231AECF8BF
                                                                                                                                                                                                SHA1:A6603F49EF60829033B0128146846F9E8256914F
                                                                                                                                                                                                SHA-256:6FECAF141EB6DCCA21A13D6C3ADD18F74279AA503399896B440B23E2372CDF1E
                                                                                                                                                                                                SHA-512:1067DC563568280C449A27789AC2080602A28A3494492BFC52C1DCAFEF85707552B8AC2B53D496035A4BC05DF7CFE42984BD25374FCE7C2665A22409B75C0698
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........[mw.G.....}......l..fs...9G.-..>..4C...3dz..&......7..l.......z}.....:I..4..3........[.....o.k..k5\.80i.k.v...3..503.gV%S...e....~9.Q8M.8.m.:Q...U..&.1....F.. ........DM.d.l2.nuj.4..p...$K.I.Md.j.f..[...f.ZY.&...D.,.. .J....Xc1D].....JR...2&.H&.4.4.i).gi.E..0.4..'$.\g..i.E.m..H.IH.,........=.X.N,..be3(+.....qrC..e....'Y...^..".$:%g.b],p."..rc.n......`.......F.FsR.$X-.^:..3.%...Z..^.#[...F.....}.V=..Bz!....c.|..3[.]..\.....r$vE.O...@.E..%z...2.$w.s3e.& ..../%....".....a...Mg.U.|1...vO..;<.A.U.7..N.T..{...|9....._;C,..+z.:.w...b...U....3..@y..........{.R .z..:....^..[.)m.U...;8y...c....c.^....{...u.......@]\...C!G[;..'g...{.....Zu.....u..U......!;.gB.9a....{2.-..N.9.w.R..O..o..Lg........Kx..N;.W._.3..]N...s....^..G..r.U....!...aw.....Pg.!k.r.m......T...||9.Yy~o..../F~.......@.......=.6....#..6DK.y.....+k.C..B.'#&Wy.|..Qe...}u.C.']z.'Jo.a....Cz...o:.d....2...../n.a..RuN..I|.2.a.;..dR.....EL..o.....B.Jg..v.o?W..H4..g...n./^....O..M.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35815
                                                                                                                                                                                                Entropy (8bit):4.622965346596128
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:A7Y+tNdSz3ZlqXOWoInuzx3Y8N3WiAD0Jv:AVtNIq1uzZY1q
                                                                                                                                                                                                MD5:9C25E1CDC3B5122842A6A70FAB49A522
                                                                                                                                                                                                SHA1:2EA9F02239DC6B5FDBFFF01FCDF85BCC8C13667C
                                                                                                                                                                                                SHA-256:53927BD0B739D38C87A0A82236FD9B070C2DFFF11C0C119BE50372005D5047AD
                                                                                                                                                                                                SHA-512:7A0429020657FCF4B6035C393B10A98978360E99F3B0A092373057378A406BF016D8A96F41E3A4ED023343CE6805CD94CB5861DF81503D105291EFC51119E3C9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: GNU GENERAL PUBLIC LICENSE.. Version 3, 29 June 2007.... Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed..... Preamble.... The GNU General Public License is a free, copyleft license for..software and other kinds of works..... The licenses for most software and other practical works are designed..to take away your freedom to share and change the works. By contrast,..the GNU General Public License is intended to guarantee your freedom to..share and change all versions of a program--to make sure it remains free..software for all its users. We, the Free Software Foundation, use the..GNU General Public License for most of our software; it applies also to..any other work released this way by its authors. You can apply it to..your programs, too..... When we speak of free software
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):134
                                                                                                                                                                                                Entropy (8bit):4.841558315007637
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEd9EFKkCXdFwkoFRIyK8qJ6tEd9EjT4RigNUcrMVovn:2uQFKSZBqJ6uQv40mZp
                                                                                                                                                                                                MD5:1BC0303C1A9801768EC7AE4E4947536D
                                                                                                                                                                                                SHA1:676A1D6475D82015FC722F9FAF9244C04D3A7EF0
                                                                                                                                                                                                SHA-256:78541436076111CB84F2BAC0FE4BC8E6CC91743FBB016B3EF80B89D3D58B6ED9
                                                                                                                                                                                                SHA-512:E2029FE5A70651EAC11E4772D66B47F11DBD43161755E60A8E6D7E3D600183334CE173B5A08EAE24870671495238153E838F48A16D4BD0150A6698649BBBA462
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe..https://github.com/harelba/q/archive/refs/tags/2.0.19.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1566
                                                                                                                                                                                                Entropy (8bit):5.565538419382493
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:b7Bp747BfKc6zqGqNPfSmiXDYrH3mfotT:Q9DZJKW2Q1
                                                                                                                                                                                                MD5:C22F1914C559C00286C0A1A531B6DD1B
                                                                                                                                                                                                SHA1:1D27339DF9ABC524083CE0E3B273236FEBCB3C00
                                                                                                                                                                                                SHA-256:E53F3808A6FA1107050FB0131F6DFA3EBD524CDB49F78B5F9831209C0D6687A4
                                                                                                                                                                                                SHA-512:9D731A355EB4B0E8AB6F1A579F68BA156D26C38112422D9ADD5E54ABDD2A1BCEC56F71AA949620BD267F72190EAD54D6676C810C6D911968EE8D33BC3320C3C3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..if "%PROCESSOR_ARCHITECTURE%" == "AMD64" goto :next..if "%PROCESSOR_ARCHITEW6432%" == "AMD64" goto :next..if "%PROCESSOR_ARCHITECTURE%" == "ARM64" (.. rem Check if the OS is Windows 11.. (ver | findstr /c:"Version 10.0.2") > NUL && goto :next..).. ..echo QueryCSV and QueryTSV plugins are only supported on x64 systems..goto :eof....:next..set DOWNLOAD_URL=https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe..set Q_PATH=Commands\q\q-AMD64-Windows.exe..set MESSAGE='q command is not installed. Do you want to download it from %DOWNLOAD_URL%?'..set TITLE='CSV/TSV Data Querier Plugin'..set SHA256=f534ab37868d4fd5a472f8be0936b42583bc08860f92fa8135ab16c0d80a03f1....cd "%APPDATA%\WinMerge"..if not exist %Q_PATH% (.. cd "%~dp0..\..".. if not exist %Q_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%Q_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1)
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):134
                                                                                                                                                                                                Entropy (8bit):4.841558315007637
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEd9EFKkCXdFwkoFRIyK8qJ6tEd9EjT4RigNUcrMVovn:2uQFKSZBqJ6uQv40mZp
                                                                                                                                                                                                MD5:1BC0303C1A9801768EC7AE4E4947536D
                                                                                                                                                                                                SHA1:676A1D6475D82015FC722F9FAF9244C04D3A7EF0
                                                                                                                                                                                                SHA-256:78541436076111CB84F2BAC0FE4BC8E6CC91743FBB016B3EF80B89D3D58B6ED9
                                                                                                                                                                                                SHA-512:E2029FE5A70651EAC11E4772D66B47F11DBD43161755E60A8E6D7E3D600183334CE173B5A08EAE24870671495238153E838F48A16D4BD0150A6698649BBBA462
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe..https://github.com/harelba/q/archive/refs/tags/2.0.19.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):35815
                                                                                                                                                                                                Entropy (8bit):4.622965346596128
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:A7Y+tNdSz3ZlqXOWoInuzx3Y8N3WiAD0Jv:AVtNIq1uzZY1q
                                                                                                                                                                                                MD5:9C25E1CDC3B5122842A6A70FAB49A522
                                                                                                                                                                                                SHA1:2EA9F02239DC6B5FDBFFF01FCDF85BCC8C13667C
                                                                                                                                                                                                SHA-256:53927BD0B739D38C87A0A82236FD9B070C2DFFF11C0C119BE50372005D5047AD
                                                                                                                                                                                                SHA-512:7A0429020657FCF4B6035C393B10A98978360E99F3B0A092373057378A406BF016D8A96F41E3A4ED023343CE6805CD94CB5861DF81503D105291EFC51119E3C9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: GNU GENERAL PUBLIC LICENSE.. Version 3, 29 June 2007.... Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed..... Preamble.... The GNU General Public License is a free, copyleft license for..software and other kinds of works..... The licenses for most software and other practical works are designed..to take away your freedom to share and change the works. By contrast,..the GNU General Public License is intended to guarantee your freedom to..share and change all versions of a program--to make sure it remains free..software for all its users. We, the Free Software Foundation, use the..GNU General Public License for most of our software; it applies also to..any other work released this way by its authors. You can apply it to..your programs, too..... When we speak of free software
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1566
                                                                                                                                                                                                Entropy (8bit):5.565538419382493
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:b7Bp747BfKc6zqGqNPfSmiXDYrH3mfotT:Q9DZJKW2Q1
                                                                                                                                                                                                MD5:C22F1914C559C00286C0A1A531B6DD1B
                                                                                                                                                                                                SHA1:1D27339DF9ABC524083CE0E3B273236FEBCB3C00
                                                                                                                                                                                                SHA-256:E53F3808A6FA1107050FB0131F6DFA3EBD524CDB49F78B5F9831209C0D6687A4
                                                                                                                                                                                                SHA-512:9D731A355EB4B0E8AB6F1A579F68BA156D26C38112422D9ADD5E54ABDD2A1BCEC56F71AA949620BD267F72190EAD54D6676C810C6D911968EE8D33BC3320C3C3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off..if "%PROCESSOR_ARCHITECTURE%" == "AMD64" goto :next..if "%PROCESSOR_ARCHITEW6432%" == "AMD64" goto :next..if "%PROCESSOR_ARCHITECTURE%" == "ARM64" (.. rem Check if the OS is Windows 11.. (ver | findstr /c:"Version 10.0.2") > NUL && goto :next..).. ..echo QueryCSV and QueryTSV plugins are only supported on x64 systems..goto :eof....:next..set DOWNLOAD_URL=https://github.com/harelba/q/releases/download/2.0.19/q-AMD64-Windows.exe..set Q_PATH=Commands\q\q-AMD64-Windows.exe..set MESSAGE='q command is not installed. Do you want to download it from %DOWNLOAD_URL%?'..set TITLE='CSV/TSV Data Querier Plugin'..set SHA256=f534ab37868d4fd5a472f8be0936b42583bc08860f92fa8135ab16c0d80a03f1....cd "%APPDATA%\WinMerge"..if not exist %Q_PATH% (.. cd "%~dp0..\..".. if not exist %Q_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%Q_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1)
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2039
                                                                                                                                                                                                Entropy (8bit):4.657764928272199
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:waOnGtUKAPZuknB8kDstCbMJNLMKKvJFrpPAA:waOnGt9ANgAbKMxR4A
                                                                                                                                                                                                MD5:FCA2FCC0C318CB66D3871F8906117B17
                                                                                                                                                                                                SHA1:25AB2F51391C272FEC1396067B3610FC55563853
                                                                                                                                                                                                SHA-256:E7D0BE075BC6F0426E382AE715B0F9D45B16E8BF01E216EE29D14184C3CE4643
                                                                                                                                                                                                SHA-512:BCE4A63C4DF39A0634D9EDEB3AA6C00C976164A75998A1E9E9C679DB547BD355A332FD1DD519D03F054C5D6DF9E4BDA853FCC605157E1C65295A9E3A0F848474
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# HTML Tidy..## HTML parser and pretty printer..Copyright (c) 1998-2016 World Wide Web Consortium.(Massachusetts Institute of Technology, European Research .Consortium for Informatics and Mathematics, Keio University)..All Rights Reserved...Additional contributions (c) 2001-2016 University of Toronto, Terry Teague, .@geoffmcl, HTACG, and others...### Contributing Author(s):.. Dave Raggett <dsr@w3.org>..The contributing author(s) would like to thank all those who.helped with testing, bug fixes and suggestions for improvements. .This wouldn't have been possible without your help...## COPYRIGHT NOTICE:..This software and documentation is provided "as is," and.the copyright holders and contributing author(s) make no.representations or warranties, express or implied, including.but not limited to, warranties of merchantability or fitness.for any particular purpose or that the use of the software or.documentation will not infringe any third party patents,.copyrights, trademarks or other righ
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2039
                                                                                                                                                                                                Entropy (8bit):4.657764928272199
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:waOnGtUKAPZuknB8kDstCbMJNLMKKvJFrpPAA:waOnGt9ANgAbKMxR4A
                                                                                                                                                                                                MD5:FCA2FCC0C318CB66D3871F8906117B17
                                                                                                                                                                                                SHA1:25AB2F51391C272FEC1396067B3610FC55563853
                                                                                                                                                                                                SHA-256:E7D0BE075BC6F0426E382AE715B0F9D45B16E8BF01E216EE29D14184C3CE4643
                                                                                                                                                                                                SHA-512:BCE4A63C4DF39A0634D9EDEB3AA6C00C976164A75998A1E9E9C679DB547BD355A332FD1DD519D03F054C5D6DF9E4BDA853FCC605157E1C65295A9E3A0F848474
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# HTML Tidy..## HTML parser and pretty printer..Copyright (c) 1998-2016 World Wide Web Consortium.(Massachusetts Institute of Technology, European Research .Consortium for Informatics and Mathematics, Keio University)..All Rights Reserved...Additional contributions (c) 2001-2016 University of Toronto, Terry Teague, .@geoffmcl, HTACG, and others...### Contributing Author(s):.. Dave Raggett <dsr@w3.org>..The contributing author(s) would like to thank all those who.helped with testing, bug fixes and suggestions for improvements. .This wouldn't have been possible without your help...## COPYRIGHT NOTICE:..This software and documentation is provided "as is," and.the copyright holders and contributing author(s) make no.representations or warranties, express or implied, including.but not limited to, warranties of merchantability or fitness.for any particular purpose or that the use of the software or.documentation will not infringe any third party patents,.copyrights, trademarks or other righ
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):656384
                                                                                                                                                                                                Entropy (8bit):5.636252683370469
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:UuHtXrfWv3W/l82KKRPY/kKEPLzLOB1mpPjhTgs4SZeVhsqjcr5MLxqVz:UuHRr2G/VukKa3OBwZj0sqjcr04
                                                                                                                                                                                                MD5:58CAAE364D18ACE58A888693EBF04ECD
                                                                                                                                                                                                SHA1:BD54E72DEC083380E542302C73F6F57D87776497
                                                                                                                                                                                                SHA-256:A2292D0AA8D3F219591FC3EF88FE4B9B6DC0E9C71947DA2DC0BD1D245EAE88B2
                                                                                                                                                                                                SHA-512:2DAC1A499B70239885DD69E47E747B8DDA95CCA5114C1C6091CE60CB6BE8479445818DDC4F681FF1059C13A7438EB322E0070B2F04F5AA792E5390E557B4C1C5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MJ...J...J.....Q.A.....S......R.S....!g.H...q..]...q..\...q..E...C.3.I...J...)......Q......K....._.K......K...RichJ...................PE..L...9.2Y...........!.................i.......................................`............@..............................%..T...(............................ ..X;......................................@...............P............................text............................... ..`.rdata..............................@..@.data...d...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..X;... ...<..................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):643072
                                                                                                                                                                                                Entropy (8bit):5.637579642460327
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:NPlX7UmLs/mwO8UCzPv8rxIyJ+QO+GVJz9JvDF1sqjcrlBvRX0gGeOMw3f1pk:ERmEPv8xIjQXg9psqjcrIMwP1pk
                                                                                                                                                                                                MD5:0781B34905DFB8A5383E726293E2480F
                                                                                                                                                                                                SHA1:2AA53E4E6D2F3E0FE34FD67F87752D7DAF236354
                                                                                                                                                                                                SHA-256:A0047FEB097747BBF8393F6CD6E3A849F8BB4227E5B6A401B858C7DD188C4441
                                                                                                                                                                                                SHA-512:D55424FC40B4E4D5C7FDFD85A29776E1DF3F5FB73E5A3B2273BD1AC42D14D55EB05957E524D05154B122E494E9FECDCB994824D6FD102C4EA5CDA2331386C64B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 7%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V5n..T...T...T......T.....T......T......T..)....T..)....T..)....T...,...T...T..wT.......T.......T.......T..Rich.T..........PE..L...6.2Y.................8...........\.......P....@.......................... ............@.................................d...(...............................d8..@...............................`...@............P..X............................text...e7.......8.................. ..`.rdata.."....P.......<..............@..@.data...0...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..d8.......:..................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):656384
                                                                                                                                                                                                Entropy (8bit):5.636252683370469
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:UuHtXrfWv3W/l82KKRPY/kKEPLzLOB1mpPjhTgs4SZeVhsqjcr5MLxqVz:UuHRr2G/VukKa3OBwZj0sqjcr04
                                                                                                                                                                                                MD5:58CAAE364D18ACE58A888693EBF04ECD
                                                                                                                                                                                                SHA1:BD54E72DEC083380E542302C73F6F57D87776497
                                                                                                                                                                                                SHA-256:A2292D0AA8D3F219591FC3EF88FE4B9B6DC0E9C71947DA2DC0BD1D245EAE88B2
                                                                                                                                                                                                SHA-512:2DAC1A499B70239885DD69E47E747B8DDA95CCA5114C1C6091CE60CB6BE8479445818DDC4F681FF1059C13A7438EB322E0070B2F04F5AA792E5390E557B4C1C5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MJ...J...J.....Q.A.....S......R.S....!g.H...q..]...q..\...q..E...C.3.I...J...)......Q......K....._.K......K...RichJ...................PE..L...9.2Y...........!.................i.......................................`............@..............................%..T...(............................ ..X;......................................@...............P............................text............................... ..`.rdata..............................@..@.data...d...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..X;... ...<..................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):643072
                                                                                                                                                                                                Entropy (8bit):5.637579642460327
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:NPlX7UmLs/mwO8UCzPv8rxIyJ+QO+GVJz9JvDF1sqjcrlBvRX0gGeOMw3f1pk:ERmEPv8xIjQXg9psqjcrIMwP1pk
                                                                                                                                                                                                MD5:0781B34905DFB8A5383E726293E2480F
                                                                                                                                                                                                SHA1:2AA53E4E6D2F3E0FE34FD67F87752D7DAF236354
                                                                                                                                                                                                SHA-256:A0047FEB097747BBF8393F6CD6E3A849F8BB4227E5B6A401B858C7DD188C4441
                                                                                                                                                                                                SHA-512:D55424FC40B4E4D5C7FDFD85A29776E1DF3F5FB73E5A3B2273BD1AC42D14D55EB05957E524D05154B122E494E9FECDCB994824D6FD102C4EA5CDA2331386C64B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 7%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V5n..T...T...T......T.....T......T......T..)....T..)....T..)....T...,...T...T..wT.......T.......T.......T..Rich.T..........PE..L...6.2Y.................8...........\.......P....@.......................... ............@.................................d...(...............................d8..@...............................`...@............P..X............................text...e7.......8.................. ..`.rdata.."....P.......<..............@..@.data...0...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..d8.......:..................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1073
                                                                                                                                                                                                Entropy (8bit):5.139723101957799
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:J5rzJHkH0yw3gt3DQJq1hBE9QHbsUv4fOk4/+8/3oqaFN:J5HJMlUE/BGQHbs5JK/3oDFN
                                                                                                                                                                                                MD5:F746027DDDCC918DB68B8905C2D3CCBA
                                                                                                                                                                                                SHA1:F1EE4F4E7B72BA2C090FEBEE2D413BDA38F9FCFE
                                                                                                                                                                                                SHA-256:AEE8102444F037D29D2157FE8B5627A9EBA34DC15DE8B7DABA242E5804348602
                                                                                                                                                                                                SHA-512:27047D7C1777F2623464F35E6AD6A0E74F79AF5A8034A449A31DD1122C2AFEB6D5E32EAF282C57CBA6E407956E4E42922DD8A10286FA75E632C9956F3408A7D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (c) 2017 Mike Farah....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,..OUT OF OR IN CONN
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):141
                                                                                                                                                                                                Entropy (8bit):4.808641378616769
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEd4Oe0kCMU5lyf6tEd4OevT4RigT9Vy:2uuO3awG6uuOA406Vy
                                                                                                                                                                                                MD5:970FD55834D487D8E9861AA870A0E711
                                                                                                                                                                                                SHA1:6D1D249C26CE4411C27FDD271777D3B298815A89
                                                                                                                                                                                                SHA-256:3D6C18E34709A88E9A141FE0B486F6EFB467C61ABC214EF4EA39A66A69715C2B
                                                                                                                                                                                                SHA-512:3F84C0CB2D84AB6E419B7E65656137D4EE9A8AC459947B8079C9975EBF7C41C8888C15CAF0AE7EE0163578677A9EB464B3DBECCC3A2A5968EB99087BCD3A3752
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe..https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1073
                                                                                                                                                                                                Entropy (8bit):5.139723101957799
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:J5rzJHkH0yw3gt3DQJq1hBE9QHbsUv4fOk4/+8/3oqaFN:J5HJMlUE/BGQHbs5JK/3oDFN
                                                                                                                                                                                                MD5:F746027DDDCC918DB68B8905C2D3CCBA
                                                                                                                                                                                                SHA1:F1EE4F4E7B72BA2C090FEBEE2D413BDA38F9FCFE
                                                                                                                                                                                                SHA-256:AEE8102444F037D29D2157FE8B5627A9EBA34DC15DE8B7DABA242E5804348602
                                                                                                                                                                                                SHA-512:27047D7C1777F2623464F35E6AD6A0E74F79AF5A8034A449A31DD1122C2AFEB6D5E32EAF282C57CBA6E407956E4E42922DD8A10286FA75E632C9956F3408A7D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (c) 2017 Mike Farah....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,..OUT OF OR IN CONN
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1235
                                                                                                                                                                                                Entropy (8bit):5.5393711308103475
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:otL8Dbw0P6VT+xD2oXk/H3mKlgbe61IfY:A4w0P6JPrH3mKltrY
                                                                                                                                                                                                MD5:01BDBF3652B6DEC639560B259D1BA7D6
                                                                                                                                                                                                SHA1:6AFC20C69DFF3DBC141D9A4666E1C2236FB187F2
                                                                                                                                                                                                SHA-256:699A464E99C9344D28640CD135CD602673049913D1C1CED29CF94E6C2334BDE9
                                                                                                                                                                                                SHA-512:EC49CB3658B2C9DEF2726CF5C247198C2871C4096F3633122327E7CE4A5C51DB523235810AE68C2C498B15707AD065282E9099AF181FBEAE61711E8AD60B45E0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off....set DOWNLOAD_URL=https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe..set YQ_PATH=Commands\yq\yq_windows_386.exe..set MESSAGE='yq command is not installed. Do you want to download it from %DOWNLOAD_URL%?'..set TITLE='YAML Data Querier Plugin'..set SHA256=fde958b4f5830d0cb878bedcb4a3155e4b269520ceeb33966d9b326fb5c62bb2....cd "%APPDATA%\WinMerge"..if not exist %YQ_PATH% (.. cd "%~dp0..\..".. if not exist %YQ_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%YQ_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri %DOWNLOAD_URL% -UseBasicParsing -Outfile %YQ_PATH%".. powershell -command "
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):141
                                                                                                                                                                                                Entropy (8bit):4.808641378616769
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N8tEd4Oe0kCMU5lyf6tEd4OevT4RigT9Vy:2uuO3awG6uuOA406Vy
                                                                                                                                                                                                MD5:970FD55834D487D8E9861AA870A0E711
                                                                                                                                                                                                SHA1:6D1D249C26CE4411C27FDD271777D3B298815A89
                                                                                                                                                                                                SHA-256:3D6C18E34709A88E9A141FE0B486F6EFB467C61ABC214EF4EA39A66A69715C2B
                                                                                                                                                                                                SHA-512:3F84C0CB2D84AB6E419B7E65656137D4EE9A8AC459947B8079C9975EBF7C41C8888C15CAF0AE7EE0163578677A9EB464B3DBECCC3A2A5968EB99087BCD3A3752
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe..https://github.com/mikefarah/yq/archive/refs/tags/v4.11.1.zip..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1235
                                                                                                                                                                                                Entropy (8bit):5.5393711308103475
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:otL8Dbw0P6VT+xD2oXk/H3mKlgbe61IfY:A4w0P6JPrH3mKltrY
                                                                                                                                                                                                MD5:01BDBF3652B6DEC639560B259D1BA7D6
                                                                                                                                                                                                SHA1:6AFC20C69DFF3DBC141D9A4666E1C2236FB187F2
                                                                                                                                                                                                SHA-256:699A464E99C9344D28640CD135CD602673049913D1C1CED29CF94E6C2334BDE9
                                                                                                                                                                                                SHA-512:EC49CB3658B2C9DEF2726CF5C247198C2871C4096F3633122327E7CE4A5C51DB523235810AE68C2C498B15707AD065282E9099AF181FBEAE61711E8AD60B45E0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@echo off....set DOWNLOAD_URL=https://github.com/mikefarah/yq/releases/download/v4.11.1/yq_windows_386.exe..set YQ_PATH=Commands\yq\yq_windows_386.exe..set MESSAGE='yq command is not installed. Do you want to download it from %DOWNLOAD_URL%?'..set TITLE='YAML Data Querier Plugin'..set SHA256=fde958b4f5830d0cb878bedcb4a3155e4b269520ceeb33966d9b326fb5c62bb2....cd "%APPDATA%\WinMerge"..if not exist %YQ_PATH% (.. cd "%~dp0..\..".. if not exist %YQ_PATH% (.. mkdir "%APPDATA%\WinMerge" 2> NUL.. cd "%APPDATA%\WinMerge".. for %%i in (%YQ_PATH%) do mkdir %%~pi 2> NUL.. powershell "if ((New-Object -com WScript.Shell).Popup(%MESSAGE%,0,%TITLE%,1) -ne 1) { throw }" > NUL.. if errorlevel 1 (.. echo "download is canceled" 1>&2.. ) else (.. start "Downloading..." /WAIT powershell -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri %DOWNLOAD_URL% -UseBasicParsing -Outfile %YQ_PATH%".. powershell -command "
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9087
                                                                                                                                                                                                Entropy (8bit):5.294161224264135
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:pk+y285bYzFCBShKc2cW6tMzG1im8ZOwy2q4CONE6XG:q+mMBhKc2G/8ZOwyN4CONVG
                                                                                                                                                                                                MD5:194C2FD9CF27231E588579683344DC09
                                                                                                                                                                                                SHA1:8F2A75989268609F0F41B6DFB1932E44120921D9
                                                                                                                                                                                                SHA-256:6A29845E6AFAFEF5252F8FE58CA07708620260FD71B3FBB36AD58651DCFA4BEB
                                                                                                                                                                                                SHA-512:C6C1138843585BCD9A990E20887C752D38B6A9F5B51EFB0A995B23AF79097694B6D4AC1D81052979A41A427A73B333CBEED113175B7A80AF194611B7A41B8232
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..People who have contributed to WinMerge..---------------------------------------....Original developer, project admin:..* Dean Grimm <grimmdp@yahoo.com>....Project lead:..* Christian List <list1974@hotmail.com>....Developers:..* Denis Bradford <denisbradford@users.sourceforge.net>..* Tim Gerundt <tim@gerundt.de>..* Marcel Gosselin <marcelgosselin@users.sourceforge.net>..* Gal Hammer <galh@users.sourceforge.net>..* Takashi Sawanaka <sdottaka@users.sourceforge.net>..* Alexander Skinner (Graphic Design) <neonapple@users.sourceforge.net>..* Jochen Tucht <jtuc@users.sourceforge.net>....Inactive/past developers:..* Laurent Ganier..* Dennis Limm..* Chris Mumford..* Perry Rapp..* Christian "Seier" Blackburn (Installer)..* Kimmo Varis <kimmov@winmerge.org>....Localization:..* Arabic:.. Downzen team <https://downzen.com>....* Basque:.. Xabier Aramendi <Azpidatziak@gmail.com> ....* Bulgarian:.. Sld <sld|mail.bg>.. tigertron <ivg_18@yahoo.com>.. Yanko Yankov <yankonik70 at hotmail.com>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (10419), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):188293
                                                                                                                                                                                                Entropy (8bit):5.400052052014627
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:iE8wR6yLftzYusjOql3mc/CoMCPRWMHmWFGrReKr9:iE8C6yL1zYDqo31vPIR9
                                                                                                                                                                                                MD5:C0BC6B707599D3389A904ACCD3B1D29B
                                                                                                                                                                                                SHA1:21FD97C6EE36E4BF6C9B5103AFAA954CFDDB30F1
                                                                                                                                                                                                SHA-256:B7BED3B51C85786AF578DD08EBD585542F9B210F9C1DDF3F9ED1BA6FA970FFE3
                                                                                                                                                                                                SHA-512:ED394582CAB40EFC189033B95296AD31669EE52369153E29B3E5B61EE05CB5F7DC9053A741178B1E5C747727B94D818C081FD7F71FB5FBB77CC3A157E5EBF4BD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml" lang xml:lang>..<head>.. <meta charset="utf-8" />.. <meta name="generator" content="pandoc" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />.. <title>ChangeLog</title>.. <style>..code{white-space: pre-wrap;}..span.smallcaps{font-variant: small-caps;}..div.columns{display: flex; gap: min(4vw, 1.5em);}..div.column{flex: auto; overflow-x: auto;}..div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}....ul.task-list[class]{list-style: none;}..ul.task-list li input[type="checkbox"] {..font-size: inherit;..width: 0.8em;..margin: 0 0.8em 0.2em -1.6em;..vertical-align: middle;..}...display.math{display: block; text-align: center; margin: 0.5rem auto;}..</style>.. <style type="text/css">article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary {display: block;}audio,canvas,video {display: inline-block;}audio:not([controls]) {display: none;height: 0
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19610
                                                                                                                                                                                                Entropy (8bit):4.867663780720245
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:emSQYkZR4X2n6xUQeNbOsTP7BZR20MyBei6+ogExlJ2:ZlFj0E3ZbVei6+ogExlI
                                                                                                                                                                                                MD5:FD71BB2AB1F19C9EABAB911328203531
                                                                                                                                                                                                SHA1:0F894898E6428DC0D9C1B397ED8AF5BCBB9D5495
                                                                                                                                                                                                SHA-256:34F8865FD79D7AB78701C8CEE5C1B4A74A93324271369DEB2EF5C4B015D44CE3
                                                                                                                                                                                                SHA-512:12B41E35FAC85280325C0A303A98C1CD7FFA6055307013880F17E4F10FBF7D64A467EF21EB3AE82007B2ACE29FE3A027B72F1AAA875FE4666EA3A495F86FB732
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Arial;}{\f1\froman\fprq2\fcharset2 Symbol;}{\f2\fmodern\fprq1\fcharset0 Courier New;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Riched20 10.0.16299}\viewkind4\uc1 ..\pard\s2\sb100\sa100\b\f0\fs24 GNU GENERAL PUBLIC LICENSE\par....\pard\sb100\sa100\b0\fs20 Version 2, June 1991 \par....\pard Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.\fs24 \par....\pard\s2\sb100\sa100\b Preamble\par....\pard\sb100\sa100\b0\fs20 The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is fre
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2018
                                                                                                                                                                                                Entropy (8bit):4.727835384823898
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:h04M+knMptYv9WfMg9dIBXp6fM0tp3bEWNW0bK6:hxM+Xcv9Wf/YLMM0jBbK6
                                                                                                                                                                                                MD5:83A8A7F12B73936EE7CED7FEDE862557
                                                                                                                                                                                                SHA1:869A7B7B28B3298A0B8BB7E26042793AB02288EF
                                                                                                                                                                                                SHA-256:3B01C3BEF8F5E5FA8ABFE008B71C818C6BF727AC6A737CA6068C9E9B0824F6A9
                                                                                                                                                                                                SHA-512:6BB4289C0628A31A9E926F23219603A212FB4A07A2226C81459A0A3C389EB54677F6EFC2245DE40AB5178B17017EEA401944E8668BFDA1C531F80417CF61C4DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:WINMERGE....WinMerge is an Open Source comparing and merging tool for Windows. WinMerge can..compare both folders and files, presenting differences in a visual text format..that is easy to understand and handle. WinMerge can be used as an external..differencing/merging tool or as a standalone application.....WinMerge has many helpful supporting features to make comparing, synchronising,..and merging as easy and useful as possible. Several programming languages and..other file formats are syntax-highlighted.....The latest WinMerge version and WinMerge information is available at..https://winmerge.org/.....Quick start..===========..To learn how to perform basic operations after installing WinMerge, click..Help>WinMerge Help and navigate to the Quick start topic. Or, go to the Web..version at https://manual.winmerge.org/Quick_start.html.....WinMerge Help..============= ..WinMerge Help is installed locally as a Microsoft HTML Help file, WinMerge.chm,..when you install WinMerge. To open He
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines (10419), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16545
                                                                                                                                                                                                Entropy (8bit):5.5796009164122635
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:zphrv7frnD9pG2UyCOCqaf3pFhX8CF4cqL+:fJk2Ux1fpFhMCF4S
                                                                                                                                                                                                MD5:FEBAB85D1F9E87F63637C09797F84D48
                                                                                                                                                                                                SHA1:EBD82C442E2D2130A5A1D3926F33697992C24E45
                                                                                                                                                                                                SHA-256:D9D2A9ADD5EFEBA998585D1FD5BF7A61F6A82C2725621FDBD4D07D95CA292103
                                                                                                                                                                                                SHA-512:AC2E13BAE1136000A87DC10ABF5E29A09E9A6E17BC87702CBA1B9BAEDF145094AF52FC9D95685BAE20563FB7A604A7B6FA0AD105E3A9FB7409E4AAC97530495A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml" lang xml:lang>..<head>.. <meta charset="utf-8" />.. <meta name="generator" content="pandoc" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />.. <title>ReleaseNotes</title>.. <style>..code{white-space: pre-wrap;}..span.smallcaps{font-variant: small-caps;}..div.columns{display: flex; gap: min(4vw, 1.5em);}..div.column{flex: auto; overflow-x: auto;}..div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}....ul.task-list[class]{list-style: none;}..ul.task-list li input[type="checkbox"] {..font-size: inherit;..width: 0.8em;..margin: 0 0.8em 0.2em -1.6em;..vertical-align: middle;..}...display.math{display: block; text-align: center; margin: 0.5rem auto;}..</style>.. <style type="text/css">article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary {display: block;}audio,canvas,video {display: inline-block;}audio:not([controls]) {display: none;height
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1029392
                                                                                                                                                                                                Entropy (8bit):7.98952148834042
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:j5OBYUaJgR6rtqm1uzrShGMG076s1TsIV/Jz5YfUOi:+jsr8pmGMG07fTsIV/V5YMj
                                                                                                                                                                                                MD5:068E7FE2AA2CE33373FF0F9874E29D3C
                                                                                                                                                                                                SHA1:042E2BDD93F688CDC20AD773F0970084A6DD81C1
                                                                                                                                                                                                SHA-256:F178BA3C9733FAC83363CC78DFD6A7111645FB81970B109B0E9259D3E9961337
                                                                                                                                                                                                SHA-512:45AA382670E5E55E3431FF6FCC26FC3F38D93D104776C0A70486F7A9AE070019AEF46094D2A52BB0D3E54B54C858AD785BCF797B3AAD947AD1A7EB9338D6ED60
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:ITSF....`.......j..B.......|.{.......".....|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGL4................/..../#IDXHDR....../#ITBITS..../#STRINGS..,.H./#SYSTEM....6./#TOCIDX......./#TOPICS.... ./#URLSTR...U..W./#URLTBL..9.../#WINDOWS..%.L./$FIftiMain..,..]./$OBJINST...m.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...i../$WWKeywordLinks/..../$WWKeywordLinks/BTree..q..L./$WWKeywordLinks/Data...=.../$WWKeywordLinks/Map...?.../$WWKeywordLinks/Property...I ./htmlhelp/..../htmlhelp/About_Doc.html.....$./htmlhelp/Command_line.html......../htmlhelp/Compare_bin.html...'.4./htmlhelp/Compare_dirs.html...M..../htmlhelp/Compare_files.html...[..L./htmlhelp/Compare_images.html...b.*./htmlhelp/Compare_table.html...[.../htmlhelp/Compare_webpages.html.....(./htmlhelp/Configuration.html...4..t./htmlhelp/css/..../htmlhelp/css/all.css....../htmlhelp/css/help.css......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1029392
                                                                                                                                                                                                Entropy (8bit):7.98952148834042
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:j5OBYUaJgR6rtqm1uzrShGMG076s1TsIV/Jz5YfUOi:+jsr8pmGMG07fTsIV/V5YMj
                                                                                                                                                                                                MD5:068E7FE2AA2CE33373FF0F9874E29D3C
                                                                                                                                                                                                SHA1:042E2BDD93F688CDC20AD773F0970084A6DD81C1
                                                                                                                                                                                                SHA-256:F178BA3C9733FAC83363CC78DFD6A7111645FB81970B109B0E9259D3E9961337
                                                                                                                                                                                                SHA-512:45AA382670E5E55E3431FF6FCC26FC3F38D93D104776C0A70486F7A9AE070019AEF46094D2A52BB0D3E54B54C858AD785BCF797B3AAD947AD1A7EB9338D6ED60
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:ITSF....`.......j..B.......|.{.......".....|.{......."..`...............x.......T0.......0..............................ITSP....T...........................................j..].!......."..T...............PMGL4................/..../#IDXHDR....../#ITBITS..../#STRINGS..,.H./#SYSTEM....6./#TOCIDX......./#TOPICS.... ./#URLSTR...U..W./#URLTBL..9.../#WINDOWS..%.L./$FIftiMain..,..]./$OBJINST...m.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...i../$WWKeywordLinks/..../$WWKeywordLinks/BTree..q..L./$WWKeywordLinks/Data...=.../$WWKeywordLinks/Map...?.../$WWKeywordLinks/Property...I ./htmlhelp/..../htmlhelp/About_Doc.html.....$./htmlhelp/Command_line.html......../htmlhelp/Compare_bin.html...'.4./htmlhelp/Compare_dirs.html...M..../htmlhelp/Compare_files.html...[..L./htmlhelp/Compare_images.html...b.*./htmlhelp/Compare_table.html...[.../htmlhelp/Compare_webpages.html.....(./htmlhelp/Configuration.html...4..t./htmlhelp/css/..../htmlhelp/css/all.css....../htmlhelp/css/help.css......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (10419), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):188293
                                                                                                                                                                                                Entropy (8bit):5.400052052014627
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:iE8wR6yLftzYusjOql3mc/CoMCPRWMHmWFGrReKr9:iE8C6yL1zYDqo31vPIR9
                                                                                                                                                                                                MD5:C0BC6B707599D3389A904ACCD3B1D29B
                                                                                                                                                                                                SHA1:21FD97C6EE36E4BF6C9B5103AFAA954CFDDB30F1
                                                                                                                                                                                                SHA-256:B7BED3B51C85786AF578DD08EBD585542F9B210F9C1DDF3F9ED1BA6FA970FFE3
                                                                                                                                                                                                SHA-512:ED394582CAB40EFC189033B95296AD31669EE52369153E29B3E5B61EE05CB5F7DC9053A741178B1E5C747727B94D818C081FD7F71FB5FBB77CC3A157E5EBF4BD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml" lang xml:lang>..<head>.. <meta charset="utf-8" />.. <meta name="generator" content="pandoc" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />.. <title>ChangeLog</title>.. <style>..code{white-space: pre-wrap;}..span.smallcaps{font-variant: small-caps;}..div.columns{display: flex; gap: min(4vw, 1.5em);}..div.column{flex: auto; overflow-x: auto;}..div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}....ul.task-list[class]{list-style: none;}..ul.task-list li input[type="checkbox"] {..font-size: inherit;..width: 0.8em;..margin: 0 0.8em 0.2em -1.6em;..vertical-align: middle;..}...display.math{display: block; text-align: center; margin: 0.5rem auto;}..</style>.. <style type="text/css">article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary {display: block;}audio,canvas,video {display: inline-block;}audio:not([controls]) {display: none;height: 0
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2018
                                                                                                                                                                                                Entropy (8bit):4.727835384823898
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:h04M+knMptYv9WfMg9dIBXp6fM0tp3bEWNW0bK6:hxM+Xcv9Wf/YLMM0jBbK6
                                                                                                                                                                                                MD5:83A8A7F12B73936EE7CED7FEDE862557
                                                                                                                                                                                                SHA1:869A7B7B28B3298A0B8BB7E26042793AB02288EF
                                                                                                                                                                                                SHA-256:3B01C3BEF8F5E5FA8ABFE008B71C818C6BF727AC6A737CA6068C9E9B0824F6A9
                                                                                                                                                                                                SHA-512:6BB4289C0628A31A9E926F23219603A212FB4A07A2226C81459A0A3C389EB54677F6EFC2245DE40AB5178B17017EEA401944E8668BFDA1C531F80417CF61C4DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:WINMERGE....WinMerge is an Open Source comparing and merging tool for Windows. WinMerge can..compare both folders and files, presenting differences in a visual text format..that is easy to understand and handle. WinMerge can be used as an external..differencing/merging tool or as a standalone application.....WinMerge has many helpful supporting features to make comparing, synchronising,..and merging as easy and useful as possible. Several programming languages and..other file formats are syntax-highlighted.....The latest WinMerge version and WinMerge information is available at..https://winmerge.org/.....Quick start..===========..To learn how to perform basic operations after installing WinMerge, click..Help>WinMerge Help and navigate to the Quick start topic. Or, go to the Web..version at https://manual.winmerge.org/Quick_start.html.....WinMerge Help..============= ..WinMerge Help is installed locally as a Microsoft HTML Help file, WinMerge.chm,..when you install WinMerge. To open He
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19610
                                                                                                                                                                                                Entropy (8bit):4.867663780720245
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:emSQYkZR4X2n6xUQeNbOsTP7BZR20MyBei6+ogExlJ2:ZlFj0E3ZbVei6+ogExlI
                                                                                                                                                                                                MD5:FD71BB2AB1F19C9EABAB911328203531
                                                                                                                                                                                                SHA1:0F894898E6428DC0D9C1B397ED8AF5BCBB9D5495
                                                                                                                                                                                                SHA-256:34F8865FD79D7AB78701C8CEE5C1B4A74A93324271369DEB2EF5C4B015D44CE3
                                                                                                                                                                                                SHA-512:12B41E35FAC85280325C0A303A98C1CD7FFA6055307013880F17E4F10FBF7D64A467EF21EB3AE82007B2ACE29FE3A027B72F1AAA875FE4666EA3A495F86FB732
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Arial;}{\f1\froman\fprq2\fcharset2 Symbol;}{\f2\fmodern\fprq1\fcharset0 Courier New;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Riched20 10.0.16299}\viewkind4\uc1 ..\pard\s2\sb100\sa100\b\f0\fs24 GNU GENERAL PUBLIC LICENSE\par....\pard\sb100\sa100\b0\fs20 Version 2, June 1991 \par....\pard Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.\fs24 \par....\pard\s2\sb100\sa100\b Preamble\par....\pard\sb100\sa100\b0\fs20 The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is fre
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines (10419), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16545
                                                                                                                                                                                                Entropy (8bit):5.5796009164122635
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:zphrv7frnD9pG2UyCOCqaf3pFhX8CF4cqL+:fJk2Ux1fpFhMCF4S
                                                                                                                                                                                                MD5:FEBAB85D1F9E87F63637C09797F84D48
                                                                                                                                                                                                SHA1:EBD82C442E2D2130A5A1D3926F33697992C24E45
                                                                                                                                                                                                SHA-256:D9D2A9ADD5EFEBA998585D1FD5BF7A61F6A82C2725621FDBD4D07D95CA292103
                                                                                                                                                                                                SHA-512:AC2E13BAE1136000A87DC10ABF5E29A09E9A6E17BC87702CBA1B9BAEDF145094AF52FC9D95685BAE20563FB7A604A7B6FA0AD105E3A9FB7409E4AAC97530495A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml" lang xml:lang>..<head>.. <meta charset="utf-8" />.. <meta name="generator" content="pandoc" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />.. <title>ReleaseNotes</title>.. <style>..code{white-space: pre-wrap;}..span.smallcaps{font-variant: small-caps;}..div.columns{display: flex; gap: min(4vw, 1.5em);}..div.column{flex: auto; overflow-x: auto;}..div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}....ul.task-list[class]{list-style: none;}..ul.task-list li input[type="checkbox"] {..font-size: inherit;..width: 0.8em;..margin: 0 0.8em 0.2em -1.6em;..vertical-align: middle;..}...display.math{display: block; text-align: center; margin: 0.5rem auto;}..</style>.. <style type="text/css">article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary {display: block;}audio,canvas,video {display: inline-block;}audio:not([controls]) {display: none;height
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                Entropy (8bit):4.620935812441775
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboNbvr0rqGuy1UOPhtBsbqrFFAdhjq88djHBubhiLSl:f6xIzOqGAO5t9wSclr
                                                                                                                                                                                                MD5:1C6936A1A8EF598A1BA6D71FBA1BDC7B
                                                                                                                                                                                                SHA1:4B8453128C3688613969945460A4E4BDECE4B4E1
                                                                                                                                                                                                SHA-256:9104E65CE3726B24A1B5278CC51C4F94505A0F2FC63BF6EBE554E8966D5E7B23
                                                                                                                                                                                                SHA-512:B7BA4F7FC924D7AEE91DCF0F125C3B45D8FB83E921DD55DA7546B01D243BD364F321CBE1E74279633B26FDC6C4AA94AAB7B412199B4B77675205679BE8C823E2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in ADAMulti source trees..name: ADAMulti..desc: Suppresses various binaries found in ADAMulti source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.o$ ## Object file..f: \.lib$..f: \.obj$ ## Object file..f: \.inf$ ## Generated file..f: \.map$ ## Map file..f: \.lst$ ## list file..f: \.ti$ ## generated file..f: \.dbo$ ## Object file..f: \.dla$ ## Object file..f: \.dnm$ ## Node map file?..f: \.bin$ ## Code file..f: \.a$ ## library file..f: \.s$....d: \\cvs$ ## cvs repository files..d: \\obj$ ## object file directory..d: \\objs$ ## object file directory..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):814
                                                                                                                                                                                                Entropy (8bit):4.759950979909193
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63J19xfUh9du3yU97qMd8u41UOPaGQDgDLo:f6r4hju0Md8sOiX0o
                                                                                                                                                                                                MD5:1F12DA4937ACBDF8EC79628E28F6D209
                                                                                                                                                                                                SHA1:432FCF7AE57410E84C4E557430B923B3A58798AB
                                                                                                                                                                                                SHA-256:332796A673BF853FF1413A06353472AF864019837DF9EC64FF4C748F756447D4
                                                                                                                                                                                                SHA-512:CFDF7B9440927F22EF23A7B0CCB034FF462D747691D4D0B18257CF8D08B99BE9351C76F6DF717F692BF3CD5DEDF4D607B1CA8E57B76302DA4C8B4E0BA3A3F199
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge ..## This filter lets through only files ASP.NET developers care about ..name: ASP.NET Devel ..desc: Lets through only files ASP.NET developer cares about....## This is an exclusive filter ..## (it lets through only matching files) ..def: exclude ....## Filters for filenames begin with f: ..## Filters for directories begin with d: ..## (Inline comments begin with " ##" and extend to the end of the line) ....f: \.xml$ ..f: \.xlst$..f: \.xsl$..f: \.xslt$..f: \.dtd$ ..f: \.html$ ..f: \.htm$ ..f: \.css$ ..f: \.gif$ ..f: \.bmp$ ..f: \.jpg$ ..f: \.png$ ..f: \.js$ ..f: \.dll$ ..f: \.aspx$ ..f: \.asmx$ ..f: \.ascx$ ..f: \.vb$ ..f: \.resx$ ..f: \.cs$ ..f: \.js$ ..f: \.vbproj$ ..f: \.csproj$ ..f: \.sln$ ..f: \.webinfo$ ..f: \.config$ ....d: \\*$ ## Subdirectories ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1327
                                                                                                                                                                                                Entropy (8bit):4.862463583066028
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboRYTkPR00rqGuy1UOPhbO3LF2/BRGXCLMe9YvQExg7+8SDCencQtSTIZg:f6xj/OqGAO5b4EiX2WvQkC+8SDpftAKg
                                                                                                                                                                                                MD5:2B6932858C2C520552694D93714A70DA
                                                                                                                                                                                                SHA1:B3353709B0B9C5383FFD7FE82D6B50011283860D
                                                                                                                                                                                                SHA-256:4D93D7F441237F83FD64E8C5F501E9CA834FCF2CD8F445FBE2EAE2E57145C01D
                                                                                                                                                                                                SHA-512:00B7BD69DD08DAF794F868678829591D6EDBD13F059B2E7D9DFE7AE2939998DE3F6A02B5C0A689C7E678DEF2E673B1D83E4FFBBE90DFC1957DAF70895F820B37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual C# source trees..name: Visual C# loose..desc: Suppresses various binaries found in Visual C# source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows executable..f: \.obj$ ## VC object module file..f: \.pdb$ ## VC program database file (debugging symbolic information)..f: \.res$ ## VC compiled resources file (output of RC [resource compiler])..f: \.suo$ ## VC options file (binary)..f: \.cache$ ## ??..f: \.resource$ ## Compiled resource file...f: \.xfrm ## ??..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working cop
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1220
                                                                                                                                                                                                Entropy (8bit):4.919200066834932
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63/UtEkfbkt319T8qGuy1UOPhnd4BK8DD2AynkrAY70/to00vc+K+W:f61OqGAO5a/2wxYFo00v0j
                                                                                                                                                                                                MD5:38F962A51B73259DDC502CDFCB2B62B5
                                                                                                                                                                                                SHA1:494FE599A47B459863AA8CFFB896B6BDD4E29FBB
                                                                                                                                                                                                SHA-256:05D73888BEFFB8D3A81AAB24B8F320E038122148FF57B98B3150C22E0DE4798B
                                                                                                                                                                                                SHA-512:0F9E7AEA5E7025D4695BC91DF715E6B50C05E508B34BA97B89EECCCDC44C411B74AEC1746F7D1BC07845D83F4F21884B3F5827998C652FC688AB6FAE6B85C1DB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter template for WinMerge..name: Delphi filter..desc: View only files .PAS and files .DFM....## Select if filter is inclusive or exclusive..## Inclusive (loose) filter lets through all items not matching rules..## Exclusive filter lets through only items that match to rule..## include or exclude..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.^~..## EXCLUDE temporary files..f: \.dcu$ .## EXCLUDE Delphi compiled unit..f: \.exe$ .## EXCLUDE Exe file..f: \.cfg$ .## EXCLUDE configuration file..f: \.dsk$ .## EXCLUDE File of internal information of the project..f: \.dof$ .## EXCLUDE Delphi options file..f: \.ddp$ .## EXCLUDE Delphi diagram portfolio file..f: \.db$ .## EXCLUDE File Paradox..f: \.ims$ .## EXCLUDE Icon file, normally created with IconForge..f: \.bak$ .## EXCLUDE Backup file made with WinMerge....## f: \.dfm$ ## Delphi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):699
                                                                                                                                                                                                Entropy (8bit):4.560292414919042
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13mkUUKmugzPHFXeO2v3O09khwmPfaBSCrCfua/15/qm/1UOPSoZbfiSK+mO:jL63/U+fbkt319T8qGuuXqm1UOPhFiSh
                                                                                                                                                                                                MD5:12F11F1BDE5974E44B522F10F1D58A82
                                                                                                                                                                                                SHA1:A0E99CFD836A594BA0156803D6503EF1246AFD8D
                                                                                                                                                                                                SHA-256:8D7E3E2910D6A70F2D34E4DFF6F4CC4E730631CCF882F37D1B7813BE743A6BAF
                                                                                                                                                                                                SHA-512:4D71948EE04E1363131F4F2456FF03BF357713BBE9AAA92EC0686B82264D39952F8F40E2E553E8C8E3F5E634593D3BC619FFD62E28925F69C03CBCBC335A34C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter template for WinMerge..name: ${name}..desc: Longer description....## Select if filter is inclusive or exclusive..## Inclusive (loose) filter lets through all items not matching rules..## Exclusive filter lets through only items that match to rule..## include or exclude..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## To exclude some of the files that match the f: pattern, specify f!:..## To exclude some of the folders that match the d: pattern, specify d!:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.ext$ ## Filter for filename....d: \\subdir$ ## Filter for directory..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):898
                                                                                                                                                                                                Entropy (8bit):4.832661136389676
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TUaMrqGuy1UOPhs7WUOMk3O87ds+8SDCeDSTIZn:f6+qGAO5sazO8O+8SDpAKn
                                                                                                                                                                                                MD5:C784341DB7F8E83142222553C55DD25C
                                                                                                                                                                                                SHA1:379B62172B174FA495DEC9C1F9309861910D21D6
                                                                                                                                                                                                SHA-256:D50B1891FDE7B91C4D2B86D4A4E7EAA74C157FC47CD7C53D8D51A638A6A05F92
                                                                                                                                                                                                SHA-512:C373049D44C4C219C6998EA1299B1D024EAD5551E3832862C9696572645721A034F63437752DDD663B966FDB312F0A76D744BBF07D7C0A3517BA60C25A5BE064
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..name: Frontpage..desc: Suppresses _vti and other system directories in Frontpage websites....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....d: \\fpdb$..d: \\stats$..d: \\_borders$..d: \\_derived$..d: \\_fpclass$..d: \\_overlay$..d: \\_private$..d: \\_contentindex$..d: \\_themes$..d: \\_vti_bin$..d: \\_vti_cnf$..d: \\_vti_log$..d: \\_vti_map$..d: \\_vti_pvt$..d: \\_vti_txt$..d: \\_vti_script$..d: \\_vti*$..d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):631
                                                                                                                                                                                                Entropy (8bit):4.745696255656045
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TULVavioTFXZaBSCrCfuy1UOPSovFvMzDI8MMCFeqUQ1fYDn:jL63TULsq0rqGuy1UOPhvFvgs8SFhUQy
                                                                                                                                                                                                MD5:AE1D1DC03D9330ACB82244B7F8E021B9
                                                                                                                                                                                                SHA1:8E1857D3A1435FE7863E218139CA7C281F665118
                                                                                                                                                                                                SHA-256:0D4D52EDCAF548157654BA4DD2AB853D07F7F672093638DCE0E2877BCA5DB655
                                                                                                                                                                                                SHA-512:034EEE5D6DD59FFC4576931EBF38C1A60C470DC517B49B482C5181FCF69D86F846F937364966BE219F3851E3A8C96C858C297A319A9339274EADA5E57AB93292
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..name: MASM loose..desc: Suppresses various binaries found in MASM source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \~$ ..f: \.map$ ..f: \.mod$ ..f: \.aml$ ..f: \.bak$ ..f: \.bin$ ..f: \.dat$ ..f: \.icr$ ..f: \.lib$ ..f: \.lnk$ ..f: \.log$ ..f: \.lst$ ..f: \.map$ ..f: \.mod$ ..f: \.obj$ ..f: \.pgx$ ..f: \.res$ ..f: \.rom$ ..f: \.rls$ ..f: MAKEFILE$ ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):737
                                                                                                                                                                                                Entropy (8bit):4.822961918948526
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TRPzJaZinra/oTFXZaBSCrCfuy1UOPSosO7mq1W8S6qVCe7317QTDdWZov:jL63TRboZinm/0rqGuy1UOPhv7+8SDCp
                                                                                                                                                                                                MD5:5787B440857832957C254E863A7632B8
                                                                                                                                                                                                SHA1:5BCECBA898693F303BE64D2244148839AF2D064E
                                                                                                                                                                                                SHA-256:5DD0AB6E1D24A2F612A85C76ABCC2B27DEB102B5AC3DF2377FF0F4137CE21ED2
                                                                                                                                                                                                SHA-512:59EF9CC97D745A14F550FF602CBB9F4F32FCF6658FCA4D766EA6C151F90201DADE850C4DFE3EFDBE80FA646953579E5A3B0A53A4119F6D3744B72640DD0715B4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in GNU C source trees..name: GNU C loose..desc: Suppresses various binaries found in GNU C source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.o$..f: \.lib$..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):945
                                                                                                                                                                                                Entropy (8bit):4.845766436892308
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboyTIS0rqGuy1UOPhnVvFgQ7+8SDCeDSTIZaaMy:f6x9rOqGAO5nf+8SDpAKao
                                                                                                                                                                                                MD5:B2B86FC2614904FE5399DB1656675822
                                                                                                                                                                                                SHA1:3B9B1C2F59FBBE3901F27A11C6C25442941F8F22
                                                                                                                                                                                                SHA-256:BB1F729B7FACFE014769E654AE5E85955730CCE28B144279D0696D6A86421510
                                                                                                                                                                                                SHA-512:C085D5F9E1741EDAA5A035166BC9AEC2E172EC0B0E198EC8FAB895E49ED78F97AF0D2C0C6272F7F1BF6852A154D166BB5264E9C636751CBD92838056DE1CC33B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual Basic source trees..name: Visual Basic loose..desc: Suppresses various binaries found in Visual Basic source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.frx$ ## ..f: \.dca$ ## ..f: \.ctx$ ## ..f: \.dll$ ## Windows DLL..f: \.ocx$ ## OLE Control Extension..f: \.exe$ ## Windows/DOS executable..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..d: \\\.vs$ ## A hidden folder that stores .suo and *.db files....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1902
                                                                                                                                                                                                Entropy (8bit):4.888600408792252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:f6xuJOqGAO5b4AZmeCTrXqX27vQj1pXSrI+8SDpAKa4l:r4qGAU4Ake4XqX2cX0HAlM
                                                                                                                                                                                                MD5:84BE66100C7698A215F2D72D379B7858
                                                                                                                                                                                                SHA1:E3CCB4A5840AD33D82E7183086123A761BE993CC
                                                                                                                                                                                                SHA-256:41FE39326A2782DA298D35600FAA77BB33D616011FCFEB97E433B4B70FBA14AF
                                                                                                                                                                                                SHA-512:A5799E7992300C6C6E6002448843D8D471A3DA662506204344F54AF46A27A3A77929C0E1A325EFD16BE3D0FF31820EECCEE671EB7D09DFED47E1E8AB0E774C46
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual C++ source trees..name: Visual C++ loose..desc: Suppresses various binaries found in Visual C++ source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.clw$ ## VC class-wizard status file..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows/DOS executable..f: \.exp$ ## VC library export file..f: ^BuildLog.htm$ ## VC build log file..f: ^vc\d+\.idb$ ## VC Minimal rebuild dependency file..f: \.ilk$ ## VC incremental linker memory file..f: \.lib$ ## compiled libraries..f: \.ncb$ ## VC parser information file (class view & component gallery stuff)..f: \.obj$ ## VC obje
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                Entropy (8bit):4.7954037272647145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63J19xflvCwrLd8u41UOP7Tsu4yhMLF+0LKIl+8SDCeDSTIZn:f6rZCiLd8sO/su1Sp+0LN+8SDpAKn
                                                                                                                                                                                                MD5:102386258D4864B15ECF3A7434F831C3
                                                                                                                                                                                                SHA1:FBAC69D0501A45EF5C243C11A6305E2A4328451F
                                                                                                                                                                                                SHA-256:CB48E7C3DD5604C177FF1CA2CB5214FCFF1782CF83441030B701521F8991D292
                                                                                                                                                                                                SHA-512:456789E56FF3A630A53E1ECAB54163500F2B4BC573C87F493EAF31243DC2B27C72AC0648A88A97AEA28DD05EB6D6C0EC8AFFEB375BE1F58D27263722E2B0EBDF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge ..## This filter lets through only files ASP.NET developers care about ..name: Exclude Source Control..desc: Exclude Source Control files and directories....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include......## Filters for filenames begin with f: ..## Filters for directories begin with d: ..## (Inline comments begin with " ##" and extend to the end of the line) ....## f: \.bzrignore$ ## Bazaar ignore file..## f: \.cvsignore$ ## CVS ignore file..## f: \.gitignore$ ## Git ignore file..## f: \.hgignore$ ## Mercurial ignore file..## f: \.svnignore$ ## Subversion ignore file....f: \.(vs[sp])?scc$ ## Visual SourceSafe files....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1594
                                                                                                                                                                                                Entropy (8bit):4.890642227970731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:f6xnO1qGAO5kP4ANeCTrXqX27vQKs+8SDpAKn:0O1qGAhP4ANe4XqX2NFHAK
                                                                                                                                                                                                MD5:80BFA16C9B937241F549FBED791DBF30
                                                                                                                                                                                                SHA1:19F53E3082BC0B0F13B1BFA9183FD4C08FE3A9AB
                                                                                                                                                                                                SHA-256:3603F5D52522FAAE2D9CF234D6A47049B0367A16509767A3143691021569734B
                                                                                                                                                                                                SHA-512:1A0B5C6FB97089082417E13875DC34F99E90C29D028364246AB4773AC16139B94FA8271512DEBC056CCAD813E18FD8159662AF6DCB890FC5EE56BD49BF72C76A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Symbian development source trees...name: Symbian C++..desc: Suppresses various binaries found in Visual C++ source trees compiling Symbian....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.bsc$ ## VC Browser database..f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.clw$ ## VC class-wizard status file..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows executable..f: \.exp$ ## VC library export file..f: \\vc60.idb$ ## VC ?..f: \.ilk$ ## VC incremental linker memory file..f: \.lib$ ## compiled libraries..f: \.ncb$ ## VC parser information file (class view & component gallery stuff)..f: \.obj$ ## VC object module file..f:
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):679
                                                                                                                                                                                                Entropy (8bit):4.862099867293502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TRO09JM7+tK9L9JM7OQxN9MGSCrCfuy1UOPSodfIkdcIV8xF24qIX:jL63TR19b8L99uN9HGuy1UOPhCAcIGj
                                                                                                                                                                                                MD5:384273E239F4F46EFECCD402E7A69F10
                                                                                                                                                                                                SHA1:A2E941A5605247366C7D3013C6521E21FD28A91C
                                                                                                                                                                                                SHA-256:68516B0D7BDECDA26A92A5EBC1C078DDADCC259FB12D409791E3827BEE85C9DF
                                                                                                                                                                                                SHA-512:3F9A4CBCD5501E4E322DC42DB241F4B87349BDD30A036D7A94FE7740737E13EC7A5C6A0BE1EAEB4E82B147272E59A3C29E25A499DEEC1FD924E6D52E826B82DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter lets through only files XML/HTML developer cares about..name: XML/HTML Devel..desc: Lets through only files XML/HTML developer cares about....## This is an exclusive filter..## (it lets through only matching files)..def: exclude....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.xml$ ## XML files..f: \.xslt$..f: \.dtd$..f: \.html$ ## HTML files..f: \.htm$..f: \.css$ ## CSS style files..f: \.gif$ ## Pictures..f: \.bmp$..f: \.jpg$..f: \.png$..f: \.js$ ## Java-script....d: \\*$ ## Subdirectories....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1902
                                                                                                                                                                                                Entropy (8bit):4.888600408792252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:f6xuJOqGAO5b4AZmeCTrXqX27vQj1pXSrI+8SDpAKa4l:r4qGAU4Ake4XqX2cX0HAlM
                                                                                                                                                                                                MD5:84BE66100C7698A215F2D72D379B7858
                                                                                                                                                                                                SHA1:E3CCB4A5840AD33D82E7183086123A761BE993CC
                                                                                                                                                                                                SHA-256:41FE39326A2782DA298D35600FAA77BB33D616011FCFEB97E433B4B70FBA14AF
                                                                                                                                                                                                SHA-512:A5799E7992300C6C6E6002448843D8D471A3DA662506204344F54AF46A27A3A77929C0E1A325EFD16BE3D0FF31820EECCEE671EB7D09DFED47E1E8AB0E774C46
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual C++ source trees..name: Visual C++ loose..desc: Suppresses various binaries found in Visual C++ source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.clw$ ## VC class-wizard status file..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows/DOS executable..f: \.exp$ ## VC library export file..f: ^BuildLog.htm$ ## VC build log file..f: ^vc\d+\.idb$ ## VC Minimal rebuild dependency file..f: \.ilk$ ## VC incremental linker memory file..f: \.lib$ ## compiled libraries..f: \.ncb$ ## VC parser information file (class view & component gallery stuff)..f: \.obj$ ## VC obje
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                Entropy (8bit):4.7954037272647145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63J19xflvCwrLd8u41UOP7Tsu4yhMLF+0LKIl+8SDCeDSTIZn:f6rZCiLd8sO/su1Sp+0LN+8SDpAKn
                                                                                                                                                                                                MD5:102386258D4864B15ECF3A7434F831C3
                                                                                                                                                                                                SHA1:FBAC69D0501A45EF5C243C11A6305E2A4328451F
                                                                                                                                                                                                SHA-256:CB48E7C3DD5604C177FF1CA2CB5214FCFF1782CF83441030B701521F8991D292
                                                                                                                                                                                                SHA-512:456789E56FF3A630A53E1ECAB54163500F2B4BC573C87F493EAF31243DC2B27C72AC0648A88A97AEA28DD05EB6D6C0EC8AFFEB375BE1F58D27263722E2B0EBDF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge ..## This filter lets through only files ASP.NET developers care about ..name: Exclude Source Control..desc: Exclude Source Control files and directories....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include......## Filters for filenames begin with f: ..## Filters for directories begin with d: ..## (Inline comments begin with " ##" and extend to the end of the line) ....## f: \.bzrignore$ ## Bazaar ignore file..## f: \.cvsignore$ ## CVS ignore file..## f: \.gitignore$ ## Git ignore file..## f: \.hgignore$ ## Mercurial ignore file..## f: \.svnignore$ ## Subversion ignore file....f: \.(vs[sp])?scc$ ## Visual SourceSafe files....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1327
                                                                                                                                                                                                Entropy (8bit):4.862463583066028
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboRYTkPR00rqGuy1UOPhbO3LF2/BRGXCLMe9YvQExg7+8SDCencQtSTIZg:f6xj/OqGAO5b4EiX2WvQkC+8SDpftAKg
                                                                                                                                                                                                MD5:2B6932858C2C520552694D93714A70DA
                                                                                                                                                                                                SHA1:B3353709B0B9C5383FFD7FE82D6B50011283860D
                                                                                                                                                                                                SHA-256:4D93D7F441237F83FD64E8C5F501E9CA834FCF2CD8F445FBE2EAE2E57145C01D
                                                                                                                                                                                                SHA-512:00B7BD69DD08DAF794F868678829591D6EDBD13F059B2E7D9DFE7AE2939998DE3F6A02B5C0A689C7E678DEF2E673B1D83E4FFBBE90DFC1957DAF70895F820B37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual C# source trees..name: Visual C# loose..desc: Suppresses various binaries found in Visual C# source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows executable..f: \.obj$ ## VC object module file..f: \.pdb$ ## VC program database file (debugging symbolic information)..f: \.res$ ## VC compiled resources file (output of RC [resource compiler])..f: \.suo$ ## VC options file (binary)..f: \.cache$ ## ??..f: \.resource$ ## Compiled resource file...f: \.xfrm ## ??..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working cop
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):737
                                                                                                                                                                                                Entropy (8bit):4.822961918948526
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TRPzJaZinra/oTFXZaBSCrCfuy1UOPSosO7mq1W8S6qVCe7317QTDdWZov:jL63TRboZinm/0rqGuy1UOPhv7+8SDCp
                                                                                                                                                                                                MD5:5787B440857832957C254E863A7632B8
                                                                                                                                                                                                SHA1:5BCECBA898693F303BE64D2244148839AF2D064E
                                                                                                                                                                                                SHA-256:5DD0AB6E1D24A2F612A85C76ABCC2B27DEB102B5AC3DF2377FF0F4137CE21ED2
                                                                                                                                                                                                SHA-512:59EF9CC97D745A14F550FF602CBB9F4F32FCF6658FCA4D766EA6C151F90201DADE850C4DFE3EFDBE80FA646953579E5A3B0A53A4119F6D3744B72640DD0715B4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in GNU C source trees..name: GNU C loose..desc: Suppresses various binaries found in GNU C source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.o$..f: \.lib$..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):898
                                                                                                                                                                                                Entropy (8bit):4.832661136389676
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TUaMrqGuy1UOPhs7WUOMk3O87ds+8SDCeDSTIZn:f6+qGAO5sazO8O+8SDpAKn
                                                                                                                                                                                                MD5:C784341DB7F8E83142222553C55DD25C
                                                                                                                                                                                                SHA1:379B62172B174FA495DEC9C1F9309861910D21D6
                                                                                                                                                                                                SHA-256:D50B1891FDE7B91C4D2B86D4A4E7EAA74C157FC47CD7C53D8D51A638A6A05F92
                                                                                                                                                                                                SHA-512:C373049D44C4C219C6998EA1299B1D024EAD5551E3832862C9696572645721A034F63437752DDD663B966FDB312F0A76D744BBF07D7C0A3517BA60C25A5BE064
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..name: Frontpage..desc: Suppresses _vti and other system directories in Frontpage websites....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....d: \\fpdb$..d: \\stats$..d: \\_borders$..d: \\_derived$..d: \\_fpclass$..d: \\_overlay$..d: \\_private$..d: \\_contentindex$..d: \\_themes$..d: \\_vti_bin$..d: \\_vti_cnf$..d: \\_vti_log$..d: \\_vti_map$..d: \\_vti_pvt$..d: \\_vti_txt$..d: \\_vti_script$..d: \\_vti*$..d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1220
                                                                                                                                                                                                Entropy (8bit):4.919200066834932
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63/UtEkfbkt319T8qGuy1UOPhnd4BK8DD2AynkrAY70/to00vc+K+W:f61OqGAO5a/2wxYFo00v0j
                                                                                                                                                                                                MD5:38F962A51B73259DDC502CDFCB2B62B5
                                                                                                                                                                                                SHA1:494FE599A47B459863AA8CFFB896B6BDD4E29FBB
                                                                                                                                                                                                SHA-256:05D73888BEFFB8D3A81AAB24B8F320E038122148FF57B98B3150C22E0DE4798B
                                                                                                                                                                                                SHA-512:0F9E7AEA5E7025D4695BC91DF715E6B50C05E508B34BA97B89EECCCDC44C411B74AEC1746F7D1BC07845D83F4F21884B3F5827998C652FC688AB6FAE6B85C1DB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter template for WinMerge..name: Delphi filter..desc: View only files .PAS and files .DFM....## Select if filter is inclusive or exclusive..## Inclusive (loose) filter lets through all items not matching rules..## Exclusive filter lets through only items that match to rule..## include or exclude..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.^~..## EXCLUDE temporary files..f: \.dcu$ .## EXCLUDE Delphi compiled unit..f: \.exe$ .## EXCLUDE Exe file..f: \.cfg$ .## EXCLUDE configuration file..f: \.dsk$ .## EXCLUDE File of internal information of the project..f: \.dof$ .## EXCLUDE Delphi options file..f: \.ddp$ .## EXCLUDE Delphi diagram portfolio file..f: \.db$ .## EXCLUDE File Paradox..f: \.ims$ .## EXCLUDE Icon file, normally created with IconForge..f: \.bak$ .## EXCLUDE Backup file made with WinMerge....## f: \.dfm$ ## Delphi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1594
                                                                                                                                                                                                Entropy (8bit):4.890642227970731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:f6xnO1qGAO5kP4ANeCTrXqX27vQKs+8SDpAKn:0O1qGAhP4ANe4XqX2NFHAK
                                                                                                                                                                                                MD5:80BFA16C9B937241F549FBED791DBF30
                                                                                                                                                                                                SHA1:19F53E3082BC0B0F13B1BFA9183FD4C08FE3A9AB
                                                                                                                                                                                                SHA-256:3603F5D52522FAAE2D9CF234D6A47049B0367A16509767A3143691021569734B
                                                                                                                                                                                                SHA-512:1A0B5C6FB97089082417E13875DC34F99E90C29D028364246AB4773AC16139B94FA8271512DEBC056CCAD813E18FD8159662AF6DCB890FC5EE56BD49BF72C76A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Symbian development source trees...name: Symbian C++..desc: Suppresses various binaries found in Visual C++ source trees compiling Symbian....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.bsc$ ## VC Browser database..f: \.aps$ ## VC Binary version of resource file, for quick loading..f: \.bsc$ ## VC Browser database..f: \.clw$ ## VC class-wizard status file..f: \.dll$ ## Windows DLL..f: \.exe$ ## Windows executable..f: \.exp$ ## VC library export file..f: \\vc60.idb$ ## VC ?..f: \.ilk$ ## VC incremental linker memory file..f: \.lib$ ## compiled libraries..f: \.ncb$ ## VC parser information file (class view & component gallery stuff)..f: \.obj$ ## VC object module file..f:
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                Entropy (8bit):4.620935812441775
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboNbvr0rqGuy1UOPhtBsbqrFFAdhjq88djHBubhiLSl:f6xIzOqGAO5t9wSclr
                                                                                                                                                                                                MD5:1C6936A1A8EF598A1BA6D71FBA1BDC7B
                                                                                                                                                                                                SHA1:4B8453128C3688613969945460A4E4BDECE4B4E1
                                                                                                                                                                                                SHA-256:9104E65CE3726B24A1B5278CC51C4F94505A0F2FC63BF6EBE554E8966D5E7B23
                                                                                                                                                                                                SHA-512:B7BA4F7FC924D7AEE91DCF0F125C3B45D8FB83E921DD55DA7546B01D243BD364F321CBE1E74279633B26FDC6C4AA94AAB7B412199B4B77675205679BE8C823E2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in ADAMulti source trees..name: ADAMulti..desc: Suppresses various binaries found in ADAMulti source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.o$ ## Object file..f: \.lib$..f: \.obj$ ## Object file..f: \.inf$ ## Generated file..f: \.map$ ## Map file..f: \.lst$ ## list file..f: \.ti$ ## generated file..f: \.dbo$ ## Object file..f: \.dla$ ## Object file..f: \.dnm$ ## Node map file?..f: \.bin$ ## Code file..f: \.a$ ## library file..f: \.s$....d: \\cvs$ ## cvs repository files..d: \\obj$ ## object file directory..d: \\objs$ ## object file directory..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):631
                                                                                                                                                                                                Entropy (8bit):4.745696255656045
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TULVavioTFXZaBSCrCfuy1UOPSovFvMzDI8MMCFeqUQ1fYDn:jL63TULsq0rqGuy1UOPhvFvgs8SFhUQy
                                                                                                                                                                                                MD5:AE1D1DC03D9330ACB82244B7F8E021B9
                                                                                                                                                                                                SHA1:8E1857D3A1435FE7863E218139CA7C281F665118
                                                                                                                                                                                                SHA-256:0D4D52EDCAF548157654BA4DD2AB853D07F7F672093638DCE0E2877BCA5DB655
                                                                                                                                                                                                SHA-512:034EEE5D6DD59FFC4576931EBF38C1A60C470DC517B49B482C5181FCF69D86F846F937364966BE219F3851E3A8C96C858C297A319A9339274EADA5E57AB93292
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..name: MASM loose..desc: Suppresses various binaries found in MASM source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \~$ ..f: \.map$ ..f: \.mod$ ..f: \.aml$ ..f: \.bak$ ..f: \.bin$ ..f: \.dat$ ..f: \.icr$ ..f: \.lib$ ..f: \.lnk$ ..f: \.log$ ..f: \.lst$ ..f: \.map$ ..f: \.mod$ ..f: \.obj$ ..f: \.pgx$ ..f: \.res$ ..f: \.rom$ ..f: \.rls$ ..f: MAKEFILE$ ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):679
                                                                                                                                                                                                Entropy (8bit):4.862099867293502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13TRO09JM7+tK9L9JM7OQxN9MGSCrCfuy1UOPSodfIkdcIV8xF24qIX:jL63TR19b8L99uN9HGuy1UOPhCAcIGj
                                                                                                                                                                                                MD5:384273E239F4F46EFECCD402E7A69F10
                                                                                                                                                                                                SHA1:A2E941A5605247366C7D3013C6521E21FD28A91C
                                                                                                                                                                                                SHA-256:68516B0D7BDECDA26A92A5EBC1C078DDADCC259FB12D409791E3827BEE85C9DF
                                                                                                                                                                                                SHA-512:3F9A4CBCD5501E4E322DC42DB241F4B87349BDD30A036D7A94FE7740737E13EC7A5C6A0BE1EAEB4E82B147272E59A3C29E25A499DEEC1FD924E6D52E826B82DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter lets through only files XML/HTML developer cares about..name: XML/HTML Devel..desc: Lets through only files XML/HTML developer cares about....## This is an exclusive filter..## (it lets through only matching files)..def: exclude....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.xml$ ## XML files..f: \.xslt$..f: \.dtd$..f: \.html$ ## HTML files..f: \.htm$..f: \.css$ ## CSS style files..f: \.gif$ ## Pictures..f: \.bmp$..f: \.jpg$..f: \.png$..f: \.js$ ## Java-script....d: \\*$ ## Subdirectories....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):814
                                                                                                                                                                                                Entropy (8bit):4.759950979909193
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63J19xfUh9du3yU97qMd8u41UOPaGQDgDLo:f6r4hju0Md8sOiX0o
                                                                                                                                                                                                MD5:1F12DA4937ACBDF8EC79628E28F6D209
                                                                                                                                                                                                SHA1:432FCF7AE57410E84C4E557430B923B3A58798AB
                                                                                                                                                                                                SHA-256:332796A673BF853FF1413A06353472AF864019837DF9EC64FF4C748F756447D4
                                                                                                                                                                                                SHA-512:CFDF7B9440927F22EF23A7B0CCB034FF462D747691D4D0B18257CF8D08B99BE9351C76F6DF717F692BF3CD5DEDF4D607B1CA8E57B76302DA4C8B4E0BA3A3F199
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge ..## This filter lets through only files ASP.NET developers care about ..name: ASP.NET Devel ..desc: Lets through only files ASP.NET developer cares about....## This is an exclusive filter ..## (it lets through only matching files) ..def: exclude ....## Filters for filenames begin with f: ..## Filters for directories begin with d: ..## (Inline comments begin with " ##" and extend to the end of the line) ....f: \.xml$ ..f: \.xlst$..f: \.xsl$..f: \.xslt$..f: \.dtd$ ..f: \.html$ ..f: \.htm$ ..f: \.css$ ..f: \.gif$ ..f: \.bmp$ ..f: \.jpg$ ..f: \.png$ ..f: \.js$ ..f: \.dll$ ..f: \.aspx$ ..f: \.asmx$ ..f: \.ascx$ ..f: \.vb$ ..f: \.resx$ ..f: \.cs$ ..f: \.js$ ..f: \.vbproj$ ..f: \.csproj$ ..f: \.sln$ ..f: \.webinfo$ ..f: \.config$ ....d: \\*$ ## Subdirectories ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):945
                                                                                                                                                                                                Entropy (8bit):4.845766436892308
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:jL63TRboyTIS0rqGuy1UOPhnVvFgQ7+8SDCeDSTIZaaMy:f6x9rOqGAO5nf+8SDpAKao
                                                                                                                                                                                                MD5:B2B86FC2614904FE5399DB1656675822
                                                                                                                                                                                                SHA1:3B9B1C2F59FBBE3901F27A11C6C25442941F8F22
                                                                                                                                                                                                SHA-256:BB1F729B7FACFE014769E654AE5E85955730CCE28B144279D0696D6A86421510
                                                                                                                                                                                                SHA-512:C085D5F9E1741EDAA5A035166BC9AEC2E172EC0B0E198EC8FAB895E49ED78F97AF0D2C0C6272F7F1BF6852A154D166BB5264E9C636751CBD92838056DE1CC33B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter for WinMerge..## This filter suppresses various binaries found in Visual Basic source trees..name: Visual Basic loose..desc: Suppresses various binaries found in Visual Basic source trees....## This is an inclusive (loose) filter..## (it lets through everything not specified)..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.frx$ ## ..f: \.dca$ ## ..f: \.ctx$ ## ..f: \.dll$ ## Windows DLL..f: \.ocx$ ## OLE Control Extension..f: \.exe$ ## Windows/DOS executable..f: \.bak$ ## backup....d: \\\.svn$ ## Subversion working copy..d: \\_svn$ ## Subversion working copy ASP.NET Hack..d: \\cvs$ ## CVS control directory..d: \\\.git$ ## Git directory..d: \\\.bzr$ ## Bazaar branch..d: \\\.hg$ ## Mercurial repository..d: \\\.vs$ ## A hidden folder that stores .suo and *.db files....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):699
                                                                                                                                                                                                Entropy (8bit):4.560292414919042
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:jLI13mkUUKmugzPHFXeO2v3O09khwmPfaBSCrCfua/15/qm/1UOPSoZbfiSK+mO:jL63/U+fbkt319T8qGuuXqm1UOPhFiSh
                                                                                                                                                                                                MD5:12F11F1BDE5974E44B522F10F1D58A82
                                                                                                                                                                                                SHA1:A0E99CFD836A594BA0156803D6503EF1246AFD8D
                                                                                                                                                                                                SHA-256:8D7E3E2910D6A70F2D34E4DFF6F4CC4E730631CCF882F37D1B7813BE743A6BAF
                                                                                                                                                                                                SHA-512:4D71948EE04E1363131F4F2456FF03BF357713BBE9AAA92EC0686B82264D39952F8F40E2E553E8C8E3F5E634593D3BC619FFD62E28925F69C03CBCBC335A34C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:## This is a directory/file filter template for WinMerge..name: ${name}..desc: Longer description....## Select if filter is inclusive or exclusive..## Inclusive (loose) filter lets through all items not matching rules..## Exclusive filter lets through only items that match to rule..## include or exclude..def: include....## Filters for filenames begin with f:..## Filters for directories begin with d:..## To exclude some of the files that match the f: pattern, specify f!:..## To exclude some of the folders that match the d: pattern, specify d!:..## (Inline comments begin with " ##" and extend to the end of the line)....f: \.ext$ ## Filter for filename....d: \\subdir$ ## Filter for directory..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10194
                                                                                                                                                                                                Entropy (8bit):5.068515088227938
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:gpREQanuy9jH35d8BbjP219v3qeCh12CyoRGH48D6oAEXa04wB1Gx:gpREPff+P2/da1yoR8goJox
                                                                                                                                                                                                MD5:B9F00A431D3B266CA691C73CB9B0DE9B
                                                                                                                                                                                                SHA1:D4EC0BFFC3ABAB9AE19C781E42A9757B83FFD644
                                                                                                                                                                                                SHA-256:DF8BB22BAA0CB5EED922DEBED5BBBE5AA878A09941E8B0E6AE35A4E49F96C834
                                                                                                                                                                                                SHA-512:50AAABE71FDFA50C3A0DD87B52EA6A1F055906618879D9708A8EC74ECEE607BFDB9F137E5DFE750D3470AA7D89527C0A72052BC6BD4F1DB01C5FE2E6A2BFEEF2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This file summarizes changes in Frhed releases...Numbers in parentheses refer to SourceForge.net tracker item numbers (#XXXXX) or..to Subversion revision numbers (rXXXXX).....For changes in version 1.1 beta 1 and earlier, see the History.txt file.....Frhed 0.10904.2017.14 (2023-12-19).. BugFix: Could not replace data at the end of the file.. Update French translation....Frhed 0.10904.2017.13 (2023-11-03).. BugFix: Searching with the 32-bit version of frhed sometimes scrolled to an unexpected position... Update French translation....Frhed 0.10904.2017.12 (2023-02-04).. BugFix: Resizing WinMerge Window looses the correct scroll position for the memory address your cursor is at (#13).. (Problem only when embedded in WinMerge).. Update German translation....Frhed 0.10904.2017.11 (2022-11-06).. Add Open files larger than 2GB for 64bit version....frhed 0.10904.2017.9 (2022-03-18).. Add Tranlslation : Polish, Slovak....Frhed 0.10904.2017.7 (2021-04-03).. Add ARM64 support....Frhed
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1638
                                                                                                                                                                                                Entropy (8bit):5.11467331521252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:lubFoYI7elVjeMCPYWr2PVXECHJhIVTgrz:JYhQTr2dXECHJhIVi
                                                                                                                                                                                                MD5:CFAE657B6779BC9792103BD7A000A6A5
                                                                                                                                                                                                SHA1:7AF5EA292877E2A29B1202FFE69C8A1BF3B49E5D
                                                                                                                                                                                                SHA-256:5A44BBC92DA3D4C885D066B5DE75D22009BFD5130874D21E5BACA8C54DBD5CCB
                                                                                                                                                                                                SHA-512:429E21BA63FE447961AA21533A56E056E5FBE60EE5EAD15F01D62DE2397A7925A486FFE6B413D55016F96564C1BEDCEFF15D234616E2D2A4C41FF82278B28588
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:People who have contributed to Frhed..====================================....Original developer:..Raihan Kibria <raihan@kibria.de>....Maintainer on GitHub:..Takashi Sawanaka (GitHub@sdottaka, 2014 and after)..And other contributors: https://github.com/WinMerge/frhed/graphs/contributors....Localization:....* Dutch:.. Thomas De Rocker <thomasderocker@yahoo.com>....* French:.. Fr.d.ric Dectot.. Lolo S... Need74....* Galician.. Luis A. Mart.nez <luis.martinez.sobrino at gmail.com> (GitHub@qosobrin)....* German.. Tim Gerundt <gerundt@users.sourceforge.net>.. Mr-Update (GitHub@Mr-Update)....* Japanese.. Takashi Sawanaka....* Polish.. Miros.aw .ylewicz (GitHub@miroslaw-zylewicz)....* Slovak.. Jozef Matta <jozef.m923@gmail.com>....* Slovenian.. Jadran Rudec <***@***.***>....Other contributors (heksedit versions):..Jochen Tucht (@jtuc in history, 2017)..Jochen Neubeck (admin@jochen in history, 2013)..Kimmo Varis <kimmov@winmerge.org>..Tim Gerundt <gerundt@users.sourceforge.net>
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19925
                                                                                                                                                                                                Entropy (8bit):4.798085859566502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:9D+peuEzgkm47A95bNZSn/Nywi1NffIE4I6d9qnZ90eKRqPqd:d+wgkz7OhNZI/NywiMED1EWPqd
                                                                                                                                                                                                MD5:2BDF9F20119B82C6CD73EF23A948F068
                                                                                                                                                                                                SHA1:6E0572F586341F99AEA818F9E90D674AC2477846
                                                                                                                                                                                                SHA-256:BE3DA215AA52EEE334676049677C9A34160716F876EA60A7A01EC1D5669EC6AD
                                                                                                                                                                                                SHA-512:66C7EDBBE85B794FBDC65052E1268832FEFA49BB44A55BEB9A2DA1314A0A8B700B52E448D82A0F6D81A5F8F5414A98A04ED140396BE9919D0F5FA9A33BB5B892
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This file lists changes in versions before 1.3.1 Alpha. To see changes in 1.3.1 Alpha..and later releases, see the ChangeLog.txt file.....To find source-level changes use diff or a visual diff prog such as CSdiff (good for RTF files) or Araxis Merge....version Experimental/Alpha..- Status bar.. - notify uses different method w less Win32 calls.. (except "Bits=bbbbbbbb" section) but a little less accurate.. - notify now takes into account some stuff like initpopupmenu does.. - won't change bits on read-only mode etc.. - Optimized notify func & made easier to read.. - Can right-click for slightly different stuff (see src/help file).. - Bugfix when clicking in ANSI/OEM - caret is resized properly now.. - Bugfix when iCurbyte is on the END & there is a selection - used to get goto dlg....- Partial open mode.. - Revert can now be used.. - Open partially deselects when successful.. - Can now change the buffer size in partial open mode because.. I figured out a way to resize
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):154
                                                                                                                                                                                                Entropy (8bit):4.714554859553999
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N1KcxyHvOWK5ABz/fKJS4Ifmd1rT2QA6zgKW7wPl62eiNKJNLNvn:CcxyH7/ic4II6CPW8PjePpn
                                                                                                                                                                                                MD5:6EAD33EDB9A6DF8606541E5A48A77CB5
                                                                                                                                                                                                SHA1:C9A2559222D5DF4737BBA7C470A17D02E5A670A2
                                                                                                                                                                                                SHA-256:1D09EA42D91E1274907E0BAAF06D9DB898B9776536DE9DD80FC9CA59C6BB46DE
                                                                                                                                                                                                SHA-512:206B2446B0286935FD50F50C4C69F5870D2234592104A3C6CDA3FE604C493D498F9669D4D2AC67DB23BB97B111A3FD6B80ABB48BE1FAABEBC3F6299C3E1294EE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:http://bonedaddy.net/pabs3/files/frhed/..http://www.unrealtexture.com/Unreal/Website/Downloads/3DEditing/UnrealEditor/Tools/Info/frhed_v11/frhed_v11.htm..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):45
                                                                                                                                                                                                Entropy (8bit):4.455648863372104
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:gS+AoqnGg553TQJsNRN:gdAhGa9cARN
                                                                                                                                                                                                MD5:071F282CADDD55450ADA69BC4FAEF3F8
                                                                                                                                                                                                SHA1:4DD12E41D372A481FC07D59D69CE89BB0F4E8540
                                                                                                                                                                                                SHA-256:CF537117C1DA1698D587EA3D19E2D9897A278D37B6F4EF9DDCCEB6D74C8032FD
                                                                                                                                                                                                SHA-512:328DD823791BA284E0E343D2FA2C0429D29C609DA33D7E10B83962B4ED9A57675CD10EE95A7F226DA99B12FFCB8C05FBDB8B9979DD95B962EC2C6D23A1BEEB9D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:BYTE filetype..WORD version..DWORD filelength
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):45
                                                                                                                                                                                                Entropy (8bit):4.455648863372104
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:gS+AoqnGg553TQJsNRN:gdAhGa9cARN
                                                                                                                                                                                                MD5:071F282CADDD55450ADA69BC4FAEF3F8
                                                                                                                                                                                                SHA1:4DD12E41D372A481FC07D59D69CE89BB0F4E8540
                                                                                                                                                                                                SHA-256:CF537117C1DA1698D587EA3D19E2D9897A278D37B6F4EF9DDCCEB6D74C8032FD
                                                                                                                                                                                                SHA-512:328DD823791BA284E0E343D2FA2C0429D29C609DA33D7E10B83962B4ED9A57675CD10EE95A7F226DA99B12FFCB8C05FBDB8B9979DD95B962EC2C6D23A1BEEB9D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:BYTE filetype..WORD version..DWORD filelength
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1638
                                                                                                                                                                                                Entropy (8bit):5.11467331521252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:lubFoYI7elVjeMCPYWr2PVXECHJhIVTgrz:JYhQTr2dXECHJhIVi
                                                                                                                                                                                                MD5:CFAE657B6779BC9792103BD7A000A6A5
                                                                                                                                                                                                SHA1:7AF5EA292877E2A29B1202FFE69C8A1BF3B49E5D
                                                                                                                                                                                                SHA-256:5A44BBC92DA3D4C885D066B5DE75D22009BFD5130874D21E5BACA8C54DBD5CCB
                                                                                                                                                                                                SHA-512:429E21BA63FE447961AA21533A56E056E5FBE60EE5EAD15F01D62DE2397A7925A486FFE6B413D55016F96564C1BEDCEFF15D234616E2D2A4C41FF82278B28588
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:People who have contributed to Frhed..====================================....Original developer:..Raihan Kibria <raihan@kibria.de>....Maintainer on GitHub:..Takashi Sawanaka (GitHub@sdottaka, 2014 and after)..And other contributors: https://github.com/WinMerge/frhed/graphs/contributors....Localization:....* Dutch:.. Thomas De Rocker <thomasderocker@yahoo.com>....* French:.. Fr.d.ric Dectot.. Lolo S... Need74....* Galician.. Luis A. Mart.nez <luis.martinez.sobrino at gmail.com> (GitHub@qosobrin)....* German.. Tim Gerundt <gerundt@users.sourceforge.net>.. Mr-Update (GitHub@Mr-Update)....* Japanese.. Takashi Sawanaka....* Polish.. Miros.aw .ylewicz (GitHub@miroslaw-zylewicz)....* Slovak.. Jozef Matta <jozef.m923@gmail.com>....* Slovenian.. Jadran Rudec <***@***.***>....Other contributors (heksedit versions):..Jochen Tucht (@jtuc in history, 2017)..Jochen Neubeck (admin@jochen in history, 2013)..Kimmo Varis <kimmov@winmerge.org>..Tim Gerundt <gerundt@users.sourceforge.net>
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):154
                                                                                                                                                                                                Entropy (8bit):4.714554859553999
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:N1KcxyHvOWK5ABz/fKJS4Ifmd1rT2QA6zgKW7wPl62eiNKJNLNvn:CcxyH7/ic4II6CPW8PjePpn
                                                                                                                                                                                                MD5:6EAD33EDB9A6DF8606541E5A48A77CB5
                                                                                                                                                                                                SHA1:C9A2559222D5DF4737BBA7C470A17D02E5A670A2
                                                                                                                                                                                                SHA-256:1D09EA42D91E1274907E0BAAF06D9DB898B9776536DE9DD80FC9CA59C6BB46DE
                                                                                                                                                                                                SHA-512:206B2446B0286935FD50F50C4C69F5870D2234592104A3C6CDA3FE604C493D498F9669D4D2AC67DB23BB97B111A3FD6B80ABB48BE1FAABEBC3F6299C3E1294EE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:http://bonedaddy.net/pabs3/files/frhed/..http://www.unrealtexture.com/Unreal/Website/Downloads/3DEditing/UnrealEditor/Tools/Info/frhed_v11/frhed_v11.htm..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19925
                                                                                                                                                                                                Entropy (8bit):4.798085859566502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:9D+peuEzgkm47A95bNZSn/Nywi1NffIE4I6d9qnZ90eKRqPqd:d+wgkz7OhNZI/NywiMED1EWPqd
                                                                                                                                                                                                MD5:2BDF9F20119B82C6CD73EF23A948F068
                                                                                                                                                                                                SHA1:6E0572F586341F99AEA818F9E90D674AC2477846
                                                                                                                                                                                                SHA-256:BE3DA215AA52EEE334676049677C9A34160716F876EA60A7A01EC1D5669EC6AD
                                                                                                                                                                                                SHA-512:66C7EDBBE85B794FBDC65052E1268832FEFA49BB44A55BEB9A2DA1314A0A8B700B52E448D82A0F6D81A5F8F5414A98A04ED140396BE9919D0F5FA9A33BB5B892
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This file lists changes in versions before 1.3.1 Alpha. To see changes in 1.3.1 Alpha..and later releases, see the ChangeLog.txt file.....To find source-level changes use diff or a visual diff prog such as CSdiff (good for RTF files) or Araxis Merge....version Experimental/Alpha..- Status bar.. - notify uses different method w less Win32 calls.. (except "Bits=bbbbbbbb" section) but a little less accurate.. - notify now takes into account some stuff like initpopupmenu does.. - won't change bits on read-only mode etc.. - Optimized notify func & made easier to read.. - Can right-click for slightly different stuff (see src/help file).. - Bugfix when clicking in ANSI/OEM - caret is resized properly now.. - Bugfix when iCurbyte is on the END & there is a selection - used to get goto dlg....- Partial open mode.. - Revert can now be used.. - Open partially deselects when successful.. - Can now change the buffer size in partial open mode because.. I figured out a way to resize
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10194
                                                                                                                                                                                                Entropy (8bit):5.068515088227938
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:gpREQanuy9jH35d8BbjP219v3qeCh12CyoRGH48D6oAEXa04wB1Gx:gpREPff+P2/da1yoR8goJox
                                                                                                                                                                                                MD5:B9F00A431D3B266CA691C73CB9B0DE9B
                                                                                                                                                                                                SHA1:D4EC0BFFC3ABAB9AE19C781E42A9757B83FFD644
                                                                                                                                                                                                SHA-256:DF8BB22BAA0CB5EED922DEBED5BBBE5AA878A09941E8B0E6AE35A4E49F96C834
                                                                                                                                                                                                SHA-512:50AAABE71FDFA50C3A0DD87B52EA6A1F055906618879D9708A8EC74ECEE607BFDB9F137E5DFE750D3470AA7D89527C0A72052BC6BD4F1DB01C5FE2E6A2BFEEF2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:This file summarizes changes in Frhed releases...Numbers in parentheses refer to SourceForge.net tracker item numbers (#XXXXX) or..to Subversion revision numbers (rXXXXX).....For changes in version 1.1 beta 1 and earlier, see the History.txt file.....Frhed 0.10904.2017.14 (2023-12-19).. BugFix: Could not replace data at the end of the file.. Update French translation....Frhed 0.10904.2017.13 (2023-11-03).. BugFix: Searching with the 32-bit version of frhed sometimes scrolled to an unexpected position... Update French translation....Frhed 0.10904.2017.12 (2023-02-04).. BugFix: Resizing WinMerge Window looses the correct scroll position for the memory address your cursor is at (#13).. (Problem only when embedded in WinMerge).. Update German translation....Frhed 0.10904.2017.11 (2022-11-06).. Add Open files larger than 2GB for 64bit version....frhed 0.10904.2017.9 (2022-03-18).. Add Tranlslation : Polish, Slovak....Frhed 0.10904.2017.7 (2021-04-03).. Add ARM64 support....Frhed
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18327
                                                                                                                                                                                                Entropy (8bit):4.734251349778708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lq2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDT2:lzun1iYWrTXo0UDT2
                                                                                                                                                                                                MD5:537A8603E1EDA9DE80EE34F607C0CB09
                                                                                                                                                                                                SHA1:9871A6FC4895037B02AC04978AB4A21D9BA4030C
                                                                                                                                                                                                SHA-256:D3533C10B656BEC2782600B05B471ABE3AC916E228B27929CDA1F83C49D7E7A5
                                                                                                                                                                                                SHA-512:5DDFA15A89DCF147072A442C05AA16AF6A215FE8A3811E5A71007099D260687929A5505373F96B9F70EF21E101DC7042345CD358150367905C4CBA18E5DA32B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed........ Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free software, we are referring to freedom, not..price. Our General Publi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58943
                                                                                                                                                                                                Entropy (8bit):5.148573435822846
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:W4fx7ieHltnGjfQauI4YEFasjAqrR3umI7pEImm1S4flZLHll70Koa:W4fx7igp/FFasTF0ESfl1Hll06
                                                                                                                                                                                                MD5:4CFA0E952B2B8DAD6BF4DB1EABBC8A1D
                                                                                                                                                                                                SHA1:E83385D57C1A654F063D8AC7250B8192BB7A0ADF
                                                                                                                                                                                                SHA-256:35B15829919D760EA8F87D4726926A0818847A0DB9432BBA28261C470BE4659D
                                                                                                                                                                                                SHA-512:C3BF17DA6C65FA8FC647E982885DFD006719EBC085EB4192EE201B48BBBCF2D0AE2C1590C757FCFD8017E2B741C7ACBB25212CE476E37A3966D786F3C3654B91
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Tim Gerundt <tim at gerundt.de>.#.# ID line follows -- this is updated by SVN.# $Id: de.po 697 2009-06-10 11:30:30Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2020-08-21 00:20+0000\n"."Last-Translator: Mr. Update\n"."Language-Team: German <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-Language: German\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_GERMAN, SUBLANG_GERMAN"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "65001"..#: heksedit.rc:12.#, c-format.msgid "
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text, with very long lines (302)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60483
                                                                                                                                                                                                Entropy (8bit):5.1267124843958785
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:WeYdzbITVazVyll0DhTZ+dL4emaQXa7WqhRLkuIOU:WeYhHzVyll09TZiL4e+MLkVl
                                                                                                                                                                                                MD5:A2E97FAE64E59DFC0847EBAB810E7FA0
                                                                                                                                                                                                SHA1:E8E8D67CD98322A95C75CBD6BACDEFA6A3A5E4C9
                                                                                                                                                                                                SHA-256:13A7373AF166E25AF5EF69824F6998B55AEAF527B374788627AC37FD382F31F9
                                                                                                                                                                                                SHA-512:85EB26CC9DFAC5A9A5E7F9D0A2CA0FD8247C88BE6CD2B31EDCB59922F2F5A3F0470C3FF8F02F94FBE0F379178843014ADE98C5582F5D551887FB95012D484F27
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * freddydelanuit <fred.dec@free.fr>.# * Lolo S. <slolo2000 at hotmail.com>.# * Need74 <need74 at free.fr>.#.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: 2022-11-06 12:47+0000\n"."PO-Revision-Date: 2023-12-18 19:57:19+0100\n"."Last-Translator: Lolo S. <slolo2000@hotmail.com>\n"."Language-Team: freddydelanuit <fred.dec@free.fr>\n"."Language: fr\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."X-Generator: Poedit 3.4.1\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_FRENCH, SUBLANG_FRENCH_FR"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "65001"..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):96872
                                                                                                                                                                                                Entropy (8bit):5.33928443875562
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:LQD9V+zMxqfIOHOirWyJJdsuzQnOcI4zPFaCLvcvtxRtHvAXShOyGheSoQuGXPJp:LLnrW8mucnOx4rFaCLUlMQOTkL7GXPJp
                                                                                                                                                                                                MD5:FAC5ACE3508163EA5A868C53C711304D
                                                                                                                                                                                                SHA1:C8E0B751AB041826E16944E777BA334E7117B29F
                                                                                                                                                                                                SHA-256:834F3197C0F110B3DC4E99A4227CEAEB075FAA92DB62F09407DF10F9E9AC5044
                                                                                                                                                                                                SHA-512:3DCD6CAD69060D65D4D5CB738ED0BC4CD609D43D0FCC2C2B27E1E57D0B8763202782B6D27756207ED8BE5269028E9F8750E6BC77B13C740339CE6B3509445317
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.f.....R.f.P...R.Rich..R.PE..d....e.........." .........P...............................................p............`.......................................................... .. M...........R..h(...........................................................................................rdata..p...........................@..@.rsrc... M... ...N..................@..@.....e........T........................rdata......T....rdata$zzzdbg.... .......rsrc$01........P>...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):96872
                                                                                                                                                                                                Entropy (8bit):5.33928443875562
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:LQD9V+zMxqfIOHOirWyJJdsuzQnOcI4zPFaCLvcvtxRtHvAXShOyGheSoQuGXPJp:LLnrW8mucnOx4rFaCLUlMQOTkL7GXPJp
                                                                                                                                                                                                MD5:FAC5ACE3508163EA5A868C53C711304D
                                                                                                                                                                                                SHA1:C8E0B751AB041826E16944E777BA334E7117B29F
                                                                                                                                                                                                SHA-256:834F3197C0F110B3DC4E99A4227CEAEB075FAA92DB62F09407DF10F9E9AC5044
                                                                                                                                                                                                SHA-512:3DCD6CAD69060D65D4D5CB738ED0BC4CD609D43D0FCC2C2B27E1E57D0B8763202782B6D27756207ED8BE5269028E9F8750E6BC77B13C740339CE6B3509445317
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.f.....R.f.P...R.Rich..R.PE..d....e.........." .........P...............................................p............`.......................................................... .. M...........R..h(...........................................................................................rdata..p...........................@..@.rsrc... M... ...N..................@..@.....e........T........................rdata......T....rdata$zzzdbg.... .......rsrc$01........P>...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64502
                                                                                                                                                                                                Entropy (8bit):5.870848118629421
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:W8GzIC3vhYCFa3C5WQPLMcei5Ius7xOZh:W8G751Fa30WhtiKuO6
                                                                                                                                                                                                MD5:2071A691473D6BF74E6EE5AF0F50FC2E
                                                                                                                                                                                                SHA1:BB3B2C456706A44AEDB29B69F97869C797F88502
                                                                                                                                                                                                SHA-256:26DE1CFF6EFBAC44B67B7C5D8C613359D2D9F1035F40552A3506B66DB8B8795E
                                                                                                                                                                                                SHA-512:9A2EB0868436C9C7289811ED3DC8D8A1A2ADDB067893DFD244E35BAB2C4017E36053516EE3F213DAE52C8F0B11EA2808628664C80BEF8F68CDE96DAD50857B87
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Takashi Sawanaka <sawanaka@d1.dion.ne.jp>.#.# ID line follows -- this is updated by SVN.# $Id: ja.po 697 2009-06-10 11:30:30Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?"."group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2018-05-03 00:00+0900\n"."Last-Translator: Takashi Sawanaka <sawanaka@d1.dion.ne.jp>\n"."Language-Team: German <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."Language: ja\n"."X-Generator: Poedit 2.0.7\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_JAPANESE, SUBLANG_JAPANESE"..#. Codepage.#: heksedit.rc:6.#, c-format.m
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58943
                                                                                                                                                                                                Entropy (8bit):5.148573435822846
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:W4fx7ieHltnGjfQauI4YEFasjAqrR3umI7pEImm1S4flZLHll70Koa:W4fx7igp/FFasTF0ESfl1Hll06
                                                                                                                                                                                                MD5:4CFA0E952B2B8DAD6BF4DB1EABBC8A1D
                                                                                                                                                                                                SHA1:E83385D57C1A654F063D8AC7250B8192BB7A0ADF
                                                                                                                                                                                                SHA-256:35B15829919D760EA8F87D4726926A0818847A0DB9432BBA28261C470BE4659D
                                                                                                                                                                                                SHA-512:C3BF17DA6C65FA8FC647E982885DFD006719EBC085EB4192EE201B48BBBCF2D0AE2C1590C757FCFD8017E2B741C7ACBB25212CE476E37A3966D786F3C3654B91
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Tim Gerundt <tim at gerundt.de>.#.# ID line follows -- this is updated by SVN.# $Id: de.po 697 2009-06-10 11:30:30Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2020-08-21 00:20+0000\n"."Last-Translator: Mr. Update\n"."Language-Team: German <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-Language: German\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_GERMAN, SUBLANG_GERMAN"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "65001"..#: heksedit.rc:12.#, c-format.msgid "
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):57930
                                                                                                                                                                                                Entropy (8bit):5.071981644281668
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:WN/z4mcvm6DFa76oAgAEQ6ms6MevcKFZQRtneODcCE:WNcrNFa76dEIFZQiOK
                                                                                                                                                                                                MD5:DA8954AB979960689708F792430ECA76
                                                                                                                                                                                                SHA1:5230A24CAEE1467D2682FEAF4B974EF7F9687E29
                                                                                                                                                                                                SHA-256:35D8E9B7C38FDF70926CE41E3758C5596CD89638162F6482F7C1E033EDA3194C
                                                                                                                                                                                                SHA-512:B80429D0998A2A23A094E3CA0DC896359847744B6F959C6347699A29B7C376C7EF4ABCAD9CE28D1289F0F89C3D753F4F5DA539A866C13C53AC5C5FB2EB024513
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Thomas De Rocker <thomasderocker@yahoo.com>.#.# ID line follows -- this is updated by SVN.# $Id: nl.po 715 2009-06-14 18:12:29Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: 2009-06-10 14:28+0000\n"."PO-Revision-Date: \n"."Last-Translator: Thomas De Rocker <thomasderocker@yahoo.com>\n"."Language-Team: Dutch <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-Language: Dutch\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../\n"."X-Poedit-Country: BELGIUM\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_DUTCH, SUBLANG_DUTCH"..#. Codepage.#: heksedit.rc:6.#, c-format.msg
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text, with very long lines (302)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60483
                                                                                                                                                                                                Entropy (8bit):5.1267124843958785
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:WeYdzbITVazVyll0DhTZ+dL4emaQXa7WqhRLkuIOU:WeYhHzVyll09TZiL4e+MLkVl
                                                                                                                                                                                                MD5:A2E97FAE64E59DFC0847EBAB810E7FA0
                                                                                                                                                                                                SHA1:E8E8D67CD98322A95C75CBD6BACDEFA6A3A5E4C9
                                                                                                                                                                                                SHA-256:13A7373AF166E25AF5EF69824F6998B55AEAF527B374788627AC37FD382F31F9
                                                                                                                                                                                                SHA-512:85EB26CC9DFAC5A9A5E7F9D0A2CA0FD8247C88BE6CD2B31EDCB59922F2F5A3F0470C3FF8F02F94FBE0F379178843014ADE98C5582F5D551887FB95012D484F27
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * freddydelanuit <fred.dec@free.fr>.# * Lolo S. <slolo2000 at hotmail.com>.# * Need74 <need74 at free.fr>.#.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: 2022-11-06 12:47+0000\n"."PO-Revision-Date: 2023-12-18 19:57:19+0100\n"."Last-Translator: Lolo S. <slolo2000@hotmail.com>\n"."Language-Team: freddydelanuit <fred.dec@free.fr>\n"."Language: fr\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."X-Generator: Poedit 3.4.1\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_FRENCH, SUBLANG_FRENCH_FR"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "65001"..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58502
                                                                                                                                                                                                Entropy (8bit):5.1812314517893
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Wa1PT+/hKYoI7PxvGVyv5Nfq1JruBSnFV6Nm3xqIRYwH:Wa9a/ZvGVyvmVFVzhqIRYu
                                                                                                                                                                                                MD5:6C66B3054E13019D52007239D0516116
                                                                                                                                                                                                SHA1:E682AA270AD678F231331488BD48DCC80ABA5244
                                                                                                                                                                                                SHA-256:39C74F19BE477D7EF38AD8D9CB3AE6C3AD31715B485F37BEA6255C74BC54891C
                                                                                                                                                                                                SHA-512:AD5F3C08F160BB5A25A76B5158DFA4FCB97BC2041E170280E1AE9CC04B47A04B05F1E52BC800613DE0B2760C23FF5F6BA5119D4F02190A0FB76F6DA2C9668E24
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# ID line follows -- this is updated by SVN.# $Id: $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2022-03-20 22:23+0100\n"."Last-Translator: Jadran Rudec <jrudec@gmail.com>\n"."Language-Team: Slovenian <jrudec@gmail.com>\n"."Language: sl_SI\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100>=3 && n%100<=4 ? 2 : 3);\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."X-Generator: Poedit 3.0.1\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_SLOVENIAN, SUBLANG_SLOVENIAN"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "6500
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64502
                                                                                                                                                                                                Entropy (8bit):5.870848118629421
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:W8GzIC3vhYCFa3C5WQPLMcei5Ius7xOZh:W8G751Fa30WhtiKuO6
                                                                                                                                                                                                MD5:2071A691473D6BF74E6EE5AF0F50FC2E
                                                                                                                                                                                                SHA1:BB3B2C456706A44AEDB29B69F97869C797F88502
                                                                                                                                                                                                SHA-256:26DE1CFF6EFBAC44B67B7C5D8C613359D2D9F1035F40552A3506B66DB8B8795E
                                                                                                                                                                                                SHA-512:9A2EB0868436C9C7289811ED3DC8D8A1A2ADDB067893DFD244E35BAB2C4017E36053516EE3F213DAE52C8F0B11EA2808628664C80BEF8F68CDE96DAD50857B87
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Takashi Sawanaka <sawanaka@d1.dion.ne.jp>.#.# ID line follows -- this is updated by SVN.# $Id: ja.po 697 2009-06-10 11:30:30Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?"."group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2018-05-03 00:00+0900\n"."Last-Translator: Takashi Sawanaka <sawanaka@d1.dion.ne.jp>\n"."Language-Team: German <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."Language: ja\n"."X-Generator: Poedit 2.0.7\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_JAPANESE, SUBLANG_JAPANESE"..#. Codepage.#: heksedit.rc:6.#, c-format.m
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):57930
                                                                                                                                                                                                Entropy (8bit):5.071981644281668
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:WN/z4mcvm6DFa76oAgAEQ6ms6MevcKFZQRtneODcCE:WNcrNFa76dEIFZQiOK
                                                                                                                                                                                                MD5:DA8954AB979960689708F792430ECA76
                                                                                                                                                                                                SHA1:5230A24CAEE1467D2682FEAF4B974EF7F9687E29
                                                                                                                                                                                                SHA-256:35D8E9B7C38FDF70926CE41E3758C5596CD89638162F6482F7C1E033EDA3194C
                                                                                                                                                                                                SHA-512:B80429D0998A2A23A094E3CA0DC896359847744B6F959C6347699A29B7C376C7EF4ABCAD9CE28D1289F0F89C3D753F4F5DA539A866C13C53AC5C5FB2EB024513
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# Translators:.# * Thomas De Rocker <thomasderocker@yahoo.com>.#.# ID line follows -- this is updated by SVN.# $Id: nl.po 715 2009-06-14 18:12:29Z kimmov $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: 2009-06-10 14:28+0000\n"."PO-Revision-Date: \n"."Last-Translator: Thomas De Rocker <thomasderocker@yahoo.com>\n"."Language-Team: Dutch <frhed-devel@lists.sourceforge.net>\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."X-Poedit-Language: Dutch\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../\n"."X-Poedit-Country: BELGIUM\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_DUTCH, SUBLANG_DUTCH"..#. Codepage.#: heksedit.rc:6.#, c-format.msg
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58502
                                                                                                                                                                                                Entropy (8bit):5.1812314517893
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Wa1PT+/hKYoI7PxvGVyv5Nfq1JruBSnFV6Nm3xqIRYwH:Wa9a/ZvGVyvmVFVzhqIRYu
                                                                                                                                                                                                MD5:6C66B3054E13019D52007239D0516116
                                                                                                                                                                                                SHA1:E682AA270AD678F231331488BD48DCC80ABA5244
                                                                                                                                                                                                SHA-256:39C74F19BE477D7EF38AD8D9CB3AE6C3AD31715B485F37BEA6255C74BC54891C
                                                                                                                                                                                                SHA-512:AD5F3C08F160BB5A25A76B5158DFA4FCB97BC2041E170280E1AE9CC04B47A04B05F1E52BC800613DE0B2760C23FF5F6BA5119D4F02190A0FB76F6DA2C9668E24
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.# This file is part of Frhed <http://frhed.sourceforge.net/>.# Released under the "GNU General Public License".#.# ID line follows -- this is updated by SVN.# $Id: $.#.msgid "".msgstr ""."Project-Id-Version: Frhed\n"."Report-Msgid-Bugs-To: http://sourceforge.net/tracker/?group_id=13216&atid=113216\n"."POT-Creation-Date: \n"."PO-Revision-Date: 2022-03-20 22:23+0100\n"."Last-Translator: Jadran Rudec <jrudec@gmail.com>\n"."Language-Team: Slovenian <jrudec@gmail.com>\n"."Language: sl_SI\n"."MIME-Version: 1.0\n"."Content-Type: text/plain; charset=UTF-8\n"."Content-Transfer-Encoding: 8bit\n"."Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100>=3 && n%100<=4 ? 2 : 3);\n"."X-Poedit-SourceCharset: UTF-8\n"."X-Poedit-Basepath: ../../FRHED\n"."X-Generator: Poedit 3.0.1\n"..#. LANGUAGE, SUBLANGUAGE.#: heksedit.rc:5.#, c-format.msgid "LANG_ENGLISH, SUBLANG_ENGLISH_US".msgstr "LANG_SLOVENIAN, SUBLANG_SLOVENIAN"..#. Codepage.#: heksedit.rc:6.#, c-format.msgid "1252".msgstr "6500
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):425064
                                                                                                                                                                                                Entropy (8bit):6.213051440649337
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:x7m4rMSKTqiE8kaTL3x+Z4YrnwT377PghLECTsSsIhEoQ1keKUK2mZ28d+QU9NR0:eSKPkmxjvghICzsIhpekBUorsvRPc
                                                                                                                                                                                                MD5:A1A8DFCEC0AA980B88AD997B6ACEB2C4
                                                                                                                                                                                                SHA1:CFC8E6861A365B10EF8DF537CE6E008CC6317F85
                                                                                                                                                                                                SHA-256:8CF0E9F7D3B2C3B282752A23EEF25F787733DE6853A31A015043140C287AD4D1
                                                                                                                                                                                                SHA-512:2174F8C529B1A61D55D6F5BCED5560F85465877345205511C543C4A45326F4AFBF7318628C03C3184A3A49F24E6D83A4F90867F436BCA92CBC853963F1129EAA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......[8.i.Y.:.Y.:.Y.:..O:.Y.:..M:.Y.:..L:.Y.:M1.;;Y.:M1.;.Y.:M1.;.Y.:.!=:.Y.:.!9:.Y.:.!6:.Y.:.!-:.Y.:.Y.:]X.:.0.;$Y.:.0.;.Y.:.0A:.Y.:.0.;.Y.:Rich.Y.:........................PE..d....e.........." .....:...>............................................................`..........................................'......<(..................l0...T..h(......t.......T...........................0................P...............................text....9.......:.................. ..`.rdata.. ....P.......>..............@..@.data...d8...P.......8..............@....pdata..l0.......2...J..............@..@.rsrc................|..............@..@.reloc..t............L..............@..B........................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18327
                                                                                                                                                                                                Entropy (8bit):4.734251349778708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lq2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDT2:lzun1iYWrTXo0UDT2
                                                                                                                                                                                                MD5:537A8603E1EDA9DE80EE34F607C0CB09
                                                                                                                                                                                                SHA1:9871A6FC4895037B02AC04978AB4A21D9BA4030C
                                                                                                                                                                                                SHA-256:D3533C10B656BEC2782600B05B471ABE3AC916E228B27929CDA1F83C49D7E7A5
                                                                                                                                                                                                SHA-512:5DDFA15A89DCF147072A442C05AA16AF6A215FE8A3811E5A71007099D260687929A5505373F96B9F70EF21E101DC7042345CD358150367905C4CBA18E5DA32B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed........ Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free software, we are referring to freedom, not..price. Our General Publi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):425064
                                                                                                                                                                                                Entropy (8bit):6.213051440649337
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:x7m4rMSKTqiE8kaTL3x+Z4YrnwT377PghLECTsSsIhEoQ1keKUK2mZ28d+QU9NR0:eSKPkmxjvghICzsIhpekBUorsvRPc
                                                                                                                                                                                                MD5:A1A8DFCEC0AA980B88AD997B6ACEB2C4
                                                                                                                                                                                                SHA1:CFC8E6861A365B10EF8DF537CE6E008CC6317F85
                                                                                                                                                                                                SHA-256:8CF0E9F7D3B2C3B282752A23EEF25F787733DE6853A31A015043140C287AD4D1
                                                                                                                                                                                                SHA-512:2174F8C529B1A61D55D6F5BCED5560F85465877345205511C543C4A45326F4AFBF7318628C03C3184A3A49F24E6D83A4F90867F436BCA92CBC853963F1129EAA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......[8.i.Y.:.Y.:.Y.:..O:.Y.:..M:.Y.:..L:.Y.:M1.;;Y.:M1.;.Y.:M1.;.Y.:.!=:.Y.:.!9:.Y.:.!6:.Y.:.!-:.Y.:.Y.:]X.:.0.;$Y.:.0.;.Y.:.0A:.Y.:.0.;.Y.:Rich.Y.:........................PE..d....e.........." .....:...>............................................................`..........................................'......<(..................l0...T..h(......t.......T...........................0................P...............................text....9.......:.................. ..`.rdata.. ....P.......>..............@..@.data...d8...P.......8..............@....pdata..l0.......2...J..............@..@.rsrc................|..............@..@.reloc..t............L..............@..B........................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5720
                                                                                                                                                                                                Entropy (8bit):7.947394525856063
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:YkOCKIR48KSroaHR4c1VJlbB98L6/50xQDt06wIqHLOYz4syrt/eu6DJxFZ74pfQ:Tphfx6c1q6QQDt06wIsz40u4J5qfIr
                                                                                                                                                                                                MD5:21145408985267F224425F18CCDD96AE
                                                                                                                                                                                                SHA1:DF0FF01BBCA144309DBDC69CBF8DB1B907D511D8
                                                                                                                                                                                                SHA-256:79545A24803B150F573D37D9D497F91612384A5CDFB909CC82D8A12CAC50797B
                                                                                                                                                                                                SHA-512:BD2764BF6BBF056FF827BFD370380DF1E812C5A8571B65F37965712652D9C642BD2576247A448BFE4BBDE098F2A80B9318E62EB4667F3BE56E784FABA6C9A585
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.PNG........IHDR.............<.q.....IDATx..............eX....j.X..X .b!...X..b!.b.X..XpZ,......B,......h..t....s..3.....r.?f,?fffffffff*3.9)&m....{~{FZ3..M...vu.^k.#9./gK..|....&CbL...q....-.....U*km...R....p..Y...l\L.g.?../...O..EL.P..Xw..s....._.d:G#.X...m....0b..`|-.....b....>......k./....}.....).m$.Y...EK!T4..).).....kl...;M.......u)X.....R,........G.{....Gbo....=P.....mYW3.$Y..HjS...T.u...y..Gl}.2..p....=.r....f^z...\.y.c.x....+/....X......PU.E..TM.w..3.Vz..*....T...z..C..Y`X2=.5......<..9.Wo.....z.so.....X..S%..:..N.q.D.&...lW.kb..J.9...P..<..)..}....f..|../^.....4...u..&.d=.v..d.7..H.PUH'.s.0.Z...i.F.R=.....q.!.G.....c.+....9..;..~..~.....g?...].vOx..V.f..!..H..".QPHbOP.5J..3.J.1...5}.....V..cn24...,._.cF{..l=.........._....y.....k..?t.(.t..!.|..<...T..Nq.7.TWu.:.:.{jT...Fgl.hL~.(v..R(Y:...$..GX=.....Q.b......{.MO:.Q........P.@.....'.*|.<."c@.T.Up.Pp.s.x5S.j-G..L.....b....!.. ....1./..o..%.U..Bhy..f,..G>.'.]..7.t.P.D.\....K
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2931
                                                                                                                                                                                                Entropy (8bit):7.913972384188757
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:0lwit+d0ShTLH8siGM1I2oAF4GeJQulmwuj8nJMDWTirKXU3nPXD:0uit+2Spbix15rVnN7YJMoUb
                                                                                                                                                                                                MD5:175F96CDF159010C6CE1C67A7F58B144
                                                                                                                                                                                                SHA1:A5A4907906F14A8977049EE0FCDB67242B3CD25B
                                                                                                                                                                                                SHA-256:62B6CDF2A71F447561F9EF4D822225E802F863A68D7F3041700E33B0050218DC
                                                                                                                                                                                                SHA-512:49D008B22F97A462C1F3669A5EDDBBEA078B2A99479444D10EEECE58EF65E7F65B09B70C0FE31655C95904BBE2B2EEB14A226EA53AFD34EFF69FCE96780D677A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.PNG........IHDR...F...F.....q.....:IDATx...p.I.....#..;...Z.3/.1..2.........TaXf^;.X.L.s<..../.].W..=..0.|.mI..@'.a.D.L>:`:`:`:`:`:`:`:`:`:`:.....p.b.~box....P.....w1.....W8.../.x....x.9.q......z...m....K7_....x..;.x....yb.c..O.f.7.......s.b.Y'...5..s.m.............Ld.p]...X#..i_m....~.....z....l_>.'...S.t....uM.....u.dZ.qF.7..I.i....}jM:..W+...4..}{.....[....D../..-8...5B.{.IjA#........`U..0g.0.9....!.bc?....<W....}Ax..if.t9C.*3"K.J.M.7.U..&.C#...e...e|.7......w[.x.%.x.\......^.2g....z!VOs.b.4m.V...`..{FFbV..[.....0..{8.9....<.....{..~.....`$5.D..*>..[..g.....7.<8\..N..O...F..]`..}....<...`....W=.........z.6.\..F......WbQ.1..D.1xM.N.....p..5.J..N....;.9.........J.|..v........h-.S..qp.?..o..g_ume.8..b......@..SC.*.Z..I.e.....+U.nxdd...y./.8xo.......n.....?...........{.&.[...c...U.$..z.].|...?..9.P...k...{...'......:a\i*.<\..'._.1k.v..'v..?Y..g~}+..{......w....$....{c".q.g=..>.9..=.f.U...A?.8..=....Xc...TI.|...rD..0.o.;.:..Ix..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2931
                                                                                                                                                                                                Entropy (8bit):7.913972384188757
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:0lwit+d0ShTLH8siGM1I2oAF4GeJQulmwuj8nJMDWTirKXU3nPXD:0uit+2Spbix15rVnN7YJMoUb
                                                                                                                                                                                                MD5:175F96CDF159010C6CE1C67A7F58B144
                                                                                                                                                                                                SHA1:A5A4907906F14A8977049EE0FCDB67242B3CD25B
                                                                                                                                                                                                SHA-256:62B6CDF2A71F447561F9EF4D822225E802F863A68D7F3041700E33B0050218DC
                                                                                                                                                                                                SHA-512:49D008B22F97A462C1F3669A5EDDBBEA078B2A99479444D10EEECE58EF65E7F65B09B70C0FE31655C95904BBE2B2EEB14A226EA53AFD34EFF69FCE96780D677A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.PNG........IHDR...F...F.....q.....:IDATx...p.I.....#..;...Z.3/.1..2.........TaXf^;.X.L.s<..../.].W..=..0.|.mI..@'.a.D.L>:`:`:`:`:`:`:`:`:`:`:.....p.b.~box....P.....w1.....W8.../.x....x.9.q......z...m....K7_....x..;.x....yb.c..O.f.7.......s.b.Y'...5..s.m.............Ld.p]...X#..i_m....~.....z....l_>.'...S.t....uM.....u.dZ.qF.7..I.i....}jM:..W+...4..}{.....[....D../..-8...5B.{.IjA#........`U..0g.0.9....!.bc?....<W....}Ax..if.t9C.*3"K.J.M.7.U..&.C#...e...e|.7......w[.x.%.x.\......^.2g....z!VOs.b.4m.V...`..{FFbV..[.....0..{8.9....<.....{..~.....`$5.D..*>..[..g.....7.<8\..N..O...F..]`..}....<...`....W=.........z.6.\..F......WbQ.1..D.1xM.N.....p..5.J..N....;.9.........J.|..v........h-.S..qp.?..o..g_ume.8..b......@..SC.*.Z..I.e.....+U.nxdd...y./.8xo.......n.....?...........{.&.[...c...U.$..z.].|...?..9.P...k...{...'......:a\i*.<\..'._.1k.v..'v..?Y..g~}+..{......w....$....{c".q.g=..>.9..=.f.U...A?.8..=....Xc...TI.|...rD..0.o.;.:..Ix..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5720
                                                                                                                                                                                                Entropy (8bit):7.947394525856063
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:YkOCKIR48KSroaHR4c1VJlbB98L6/50xQDt06wIqHLOYz4syrt/eu6DJxFZ74pfQ:Tphfx6c1q6QQDt06wIsz40u4J5qfIr
                                                                                                                                                                                                MD5:21145408985267F224425F18CCDD96AE
                                                                                                                                                                                                SHA1:DF0FF01BBCA144309DBDC69CBF8DB1B907D511D8
                                                                                                                                                                                                SHA-256:79545A24803B150F573D37D9D497F91612384A5CDFB909CC82D8A12CAC50797B
                                                                                                                                                                                                SHA-512:BD2764BF6BBF056FF827BFD370380DF1E812C5A8571B65F37965712652D9C642BD2576247A448BFE4BBDE098F2A80B9318E62EB4667F3BE56E784FABA6C9A585
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.PNG........IHDR.............<.q.....IDATx..............eX....j.X..X .b!...X..b!.b.X..XpZ,......B,......h..t....s..3.....r.?f,?fffffffff*3.9)&m....{~{FZ3..M...vu.^k.#9./gK..|....&CbL...q....-.....U*km...R....p..Y...l\L.g.?../...O..EL.P..Xw..s....._.d:G#.X...m....0b..`|-.....b....>......k./....}.....).m$.Y...EK!T4..).).....kl...;M.......u)X.....R,........G.{....Gbo....=P.....mYW3.$Y..HjS...T.u...y..Gl}.2..p....=.r....f^z...\.y.c.x....+/....X......PU.E..TM.w..3.Vz..*....T...z..C..Y`X2=.5......<..9.Wo.....z.so.....X..S%..:..N.q.D.&...lW.kb..J.9...P..<..)..}....f..|../^.....4...u..&.d=.v..d.7..H.PUH'.s.0.Z...i.F.R=.....q.!.G.....c.+....9..;..~..~.....g?...].vOx..V.f..!..H..".QPHbOP.5J..3.J.1...5}.....V..cn24...,._.cF{..l=.........._....y.....k..?t.(.t..!.|..<...T..Nq.7.TWu.:.:.{jT...Fgl.hL~.(v..R(Y:...$..GX=.....Q.b......{.MO:.Q........P.@.....'.*|.<."c@.T.Up.Pp.s.x5S.j-G..L.....b....!.. ....1./..o..%.U..Bhy..f,..G>.'.]..7.t.P.D.\....K
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1891840
                                                                                                                                                                                                Entropy (8bit):6.29517110582479
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:CmnN6yAgaTr17cdftN0+ju1zzHiDefMyUz/uDIVAlan:BnN34Th7criCDeUyXDiua
                                                                                                                                                                                                MD5:0009BD5E13766D11A23289734B383CBE
                                                                                                                                                                                                SHA1:913784502BE52CE33078D75B97A1C1396414CF44
                                                                                                                                                                                                SHA-256:3691ADCEFC6DA67EEDD02A1B1FC7A21894AFD83ECF1B6216D303ED55A5F8D129
                                                                                                                                                                                                SHA-512:D92CD55FCEF5B15975C741F645F9C3CC53AE7CD5DFFD5D5745ADECF098B9957E8ED379E50F3D0855D54598E950B2DBF79094DA70D94DFD7FC40BDA7163A09B2B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..........................................l................h.............................Rich....................PE..d.....rf.........." .....8...z...... .....................................................`.....................................................x.......p........=..............."...................................................P...............................text....6.......8.................. ..`.rdata..Q....P.......<..............@..@.data...............................@....pdata...=.......>..................@..@.rsrc...p...........................@..@.reloc..\5.......6..................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6210
                                                                                                                                                                                                Entropy (8bit):4.906576204359403
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:JB/W8Ncd1ccFoYjOvyQn5Oo615C94ghyBmIJeuoCueabLBQNksrWgd1kB6b5WlIm:J55UScE5UToWWioSwhbULfTvm4/qxzfN
                                                                                                                                                                                                MD5:553A02739D516379833451440076F884
                                                                                                                                                                                                SHA1:27A428D5EB9F961D6461F94AA3E414F0E3697296
                                                                                                                                                                                                SHA-256:83B1AE6D3486C2653766A28806AC110C9A0AFDE17020CA6AA0B7550A2F10E147
                                                                                                                                                                                                SHA-512:BE3CFF1E392F4216310B455D73E86B485245EBD9C94BC370233C130E14FC97F92FA1C74567025F506D42EADFC21CC1D7F845D76607BB933A1C654FB7A493796F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:HISTORY of the 7-Zip..--------------------....This file contains information about changes for latest versions of 7-Zip...The full changelog file can be downloaded here:..https://7-zip.org/history.txt......24.07 2024-06-19..-------------------------..- The bug was fixed: 7-Zip could crash for some incorrect ZSTD archives.......24.06 2024-05-26..-------------------------..- The bug was fixed: 7-Zip could not unpack some ZSTD archives.......24.05 2024-05-14..-------------------------..- New switch -myv={MMNN} to set decoder compatibility version for 7z archive creating... {MMNN} is 4-digit number that represents the version of 7-Zip without a dot... If -myv={MMNN} switch is specified, 7-Zip will only use compression methods that can.. be decoded by the specified version {MMNN} of 7-Zip and newer versions... If -myv={MMNN} switch is not specified, -myv=2300 is used, and 7-Zip will only.. use compression methods that can be decoded by 7-Zip 23.00 and newer v
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4621
                                                                                                                                                                                                Entropy (8bit):4.969434576878072
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:bdDW+Wz9my7MIlXq2sQqpxjOsgEGh4YdVDpZfir99v7+bv:sfwy7XlXq2sfpxjOsRGhfVDpZfCji
                                                                                                                                                                                                MD5:DF216FAE5B13D3C3AFE87E405FD34B97
                                                                                                                                                                                                SHA1:787CCB4E18FC2F12A6528ADBB7D428397FC4678A
                                                                                                                                                                                                SHA-256:9CF684EA88EA5A479F510750E4089AEE60BBB2452AA85285312BAFCC02C10A34
                                                                                                                                                                                                SHA-512:A6EEE3D60B88F9676200B40CA9C44CC4E64CF555D9B8788D4FDE05E05B8CA5DA1D2C7A72114A18358829858D10F2BEFF094AFD3BC12B370460800040537CFF68
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Petri Jooste.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Afrikaans.Afrikaans.401.OK.Kanselleer....&Ja.&Nee.A&fsluit.Hulp..&Gaan voort.440.Ja vir &almal.Nee vir a&lmal.Stop.Herbegin.&Agtergrond.&Voorgrond.&Wag.Wagtend.Is u seker dat u wil kanselleer?.500.&L.er.R&edigeer.&Vertoon.G&unstelinge.&Gereedskap.&Hulp.540.&Open.Open &Binne.Open B&uite.&Wys.R&edigeer.Her&noem.&Kopieer na....&Verskuif na....Ve&rwyder.Ver&deel l.er....Kom&bineer l.ers....E&ienskappe.Komme&ntaar...Maak gids.Maak l.er.A&fsluit.600.Selekteer &alles.Deselekteer a&lles.Keer &seleksie om.Selekteer....Deselekteer....Selekteer op Soort.Deselekteer op Soort.700.&Groot ikone.&Klein ikone.&Lys.&Detail.730.Ongesorteer..&2 Panele.&Nutsbalke.Maak wortelgids oop.Een vlak ho.r.Gidse geskiedenis....&Verfris.750.Argiveernutsbalk.Standaardnutsbalk.Groot knoppies.Wys teks op knoppies.800.Voeg gids by gunstelinge &as.Boekmerk.900.&Opsies....&Normtoetsing.960.&Inhoud....&Aangaande 7-Zip....1003.Pad.Naam.Uitgang.Gids.G
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7372
                                                                                                                                                                                                Entropy (8bit):4.909894601165032
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:/iCx+nicrSC2WgvUZ8I/MbcGr74hjN8H7+UeT5xMWcZlFi6lCg6l+Rl2NIqpClH5:/OnVInvQ5kN74nK+febFi6Yg62I7bPFI
                                                                                                                                                                                                MD5:F16218139E027338A16C3199091D0600
                                                                                                                                                                                                SHA1:DA48140A4C033EEA217E97118F595394195A15D5
                                                                                                                                                                                                SHA-256:3AB9F7AACD38C4CDE814F86BC37EEC2B9DF8D0DDDB95FC1D09A5F5BCB11F0EEB
                                                                                                                                                                                                SHA-512:B2E99D70D1A7A2A1BFA2FFB61F3CA2D1B18591C4707E4C6C5EFB9BECDD205D646B3BAA0E8CBD28CE297D7830D3DFB8F737266C66E53A83BDBE58B117F8E3AE14
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Feliciano Mart.nez Tur.; 9.07 : Juan Pablo Mart.nez.;.;.;.;.;.;.;.;.;.0.7-Zip.Aragonese.Aragon.s.401.Acceptar.Cancelar....&S..&No.&Zarrar.Aduya..&Continar.440.S. a &tot.No a t&ot.Aturar.Tornar a empecipiar.Se&gundo plano.P&rimer plano.&Pausa.Aturau.Yes seguro que quiers cancelar?.500.&Fichero.&Editar.&Veyer.&Favoritos.&Ferramientas.Ad&uya.540.&Ubrir.Ubrir &adintro.Ubrir &difuera.&Veyer.&Editar.Re&nombrar.&Copiar en....&Mover ta....&Borrar.Di&vidir o fichero....C&ombinar os fichers....&Propiedatz.Comen&tario.Calcular a suma de comprebaci.n.Diff.Creyar carpeta.Creyar fichero.&Salir.600.Seleccionar-lo &tot.Deseleccionar-lo tot.&Invertir selecci.n.Seleccionar....Deseleccionar....Seleccionar por tipo.Deseleccionar por tipo.700.Iconos g&rans.&Iconos chicotz.&Lista.&Detalles.730.Desordenau.Anvista plana.&2 panels.&Barras de ferramientas.Ubrir a carpeta radiz.Carpeta mai.Historial de carpetas....&Esviellar.750.Barra de ferramientas d'archivo.Barras de ferr
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12299
                                                                                                                                                                                                Entropy (8bit):4.279828923149653
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Z/YybL3XSV+HYFBLRTRZgZCjWg6IvLDlaJQZmbghr0MhI05z:F3XIBLRMZCjWgfvLpGQZcghrvIC
                                                                                                                                                                                                MD5:5747381DC970306051432B18FB2236F2
                                                                                                                                                                                                SHA1:20C65850073308E498B63E5937AF68B2E21C66F3
                                                                                                                                                                                                SHA-256:85A26C7B59D6D9932F71518CCD03ECEEBA42043CB1707719B72BFC348C1C1D72
                                                                                                                                                                                                SHA-512:3306E15B2C9BB2751B626F6F726DE0BCAFDC41487BA11FABFCEF0A6A798572B29F2EE95384FF347B3B83B310444AAEEC23E12BB3DDD7567222A0DD275B0180FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 9.07 :............:... ..-.... ........; 9.07 : Awadh A Al-Ghaamdi.;.; 15.00 : 2016-08-28 : ..... ...... .......: ... .... .......; 15.00 : 2016-08-28 : Saif H Al-asadi (edited and corrected).; 20.00 : 2020-04-01 : Ammar Kurd (Edits and corrections).;.;.;.;.;.0.7-Zip.Arabic......401............ .........&....&...&................&........440.... ....... ................ .........&..........&.....&..... .......... ......... ... ..... .. .........500.&....&......&........&......&......&.......540.&....&.... .........&... .......&....&.........&.. ...........&.. .......&.. ....&....&..... ...........&. ..............&..........&..... .... ..........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4967
                                                                                                                                                                                                Entropy (8bit):5.026921958239907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:FlZTprnge/nJYeoPyWxx6aXaNpx4pRfOvFE5Z2k3z7DWdyy/kYZTsJ:FnZ/n2eoPlxxRqNpx4jfOvFE5Ykq/o
                                                                                                                                                                                                MD5:1CF6411FF9154A34AFB512901BA3EE02
                                                                                                                                                                                                SHA1:958F7FF322475F16CA44728349934BC2F7309423
                                                                                                                                                                                                SHA-256:F5F2174DAF36E65790C7F0E9A4496B12E14816DAD2EE5B1D48A52307076BE35F
                                                                                                                                                                                                SHA-512:B554C1AB165A6344982533CCEED316D7F73B5B94CE483B5DC6FB1F492C6B1914773027D31C35D60AB9408669520EA0785DC0D934D3B2EB4D78570FF7CCBFCF9C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Dinamiteru.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Asturian.Asturianu.401.Val.Torgar....&Si.&Non.&Zarrar.Axuda..&Siguir.440.Si a &Too.Non a T&oo.Parar.Reentamar.&De fondu.&En primer planu.&Posar.Posao..Tas fixu que quies paralo?.500.F&icheru.&Remanar.&Ver.F&avoritos.&Ferramientes.A&xuda.540.&Abrir.Abrir &Dientro.Abrir F&uera.&Ver.&Remanar.Reno&mar.&Copiar a....&Mover a....&Borrar.&Partir ficheru....Com&binar ficheros....P&ropiedaes.Come&ntariu...Crear carpeta.Crear ficheru.Co&lar.600.Seleicionar &Too.Deseleicionar too.&Invertir seleici.n.Seleicionar....Deseleicionar....Seleicionar por Tipu.Deseleicionar por Tipu.700.Miniatures &Grandes.&Miniatures Peque.es.&Llista.&Detalles.730.Ens.n Ordenar..&2 Paneles.&Barres de Ferramientes.Abrir Carpeta Raiz.Xubir Un Nivel.Hestorial de Carpetes....Actualiza&r.750.Barra Ferramientes d.Archivu.Barra Ferramientes Normal.Botones Grandes.Amosar Testu nos Botones.800.&A.edir carpeta a Favoritos como.Marca.900.&Opciones....&Bancu d
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9604
                                                                                                                                                                                                Entropy (8bit):5.370172151079095
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ze8r7alD8BavrdGWTTB6wSOzGYcf4j0GgbX8SvggPrPnt:6eAD8Born6pAGYcfvbXQgDPt
                                                                                                                                                                                                MD5:3C297FBE9B1ED5582BEABFC112B55523
                                                                                                                                                                                                SHA1:C605C20ACF399A90AC9937935B4DBDB64FAD9C9F
                                                                                                                                                                                                SHA-256:055EC86AED86ABBDBD52D8E99FEC6E868D073A6DF92C60225ADD16676994C314
                                                                                                                                                                                                SHA-512:417984A749471770157C44737EE76BFD3655EF855956BE797433DADC2A71E12359454CC817B5C31C6AF811067D658429A8706E15625BF4CA9F0DB7586F0AE183
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : F@rhad.; 15.02 : 2015-03-29 : .. ........; 23.01 : 2023-06-25 : Az.r.;.;.;.;.;.;.;.;.0.7-Zip.Azerbaijani.Az.rbaycanca.401.OLDU..mtina....&B.li.&Xeyr.&Ba.lamaq.K.m.k..&Davam.440.&Ham.s.na B.li.Ha&m.s.na Xeyr.Dayan.Yenid.n ba.lamaq.&Arxa planda..&nd..F&asil..Fasil.d..H.qiq.t.n .m.liyyat. dayand.rmaq ist.yirsiniz?.500.&Fayl.&D.z.li..&G.r.n...S&e.ilmi.l.r.&Vasit.l.r.&Aray...540.&A.maq.&Daxild. A.maq.B&ay.rda a.maq.&Bax...&D.z.li..Ye&nid.n Adland.rmaq.&N.sx.l.m.k....&K...rm.k....&Silm.k.Fayl. &B.lm.k....Fayllar. B&irl..dirm.k....X&.susiyy.tl.r...r&h....Yoxlama C.mi.M.qayis..Qovluq Yaratmaq.Fayl Yaratmaq..&.x....stinad.&.v.zedici Ax.nlar.600.&Ham.s.n. Se.m.k.Se.imin L..vi.&Se.imi .evirm.k.Se.m.k....Se.imin L..vi....N.v.n. G.r. Se.m.k.N.v.n. G.r. Se.imin L..vi.700.&B.y.k ..ar.l.r.K&i.ik ..ar.l.r.&Siyah..&C.dv.l.730..e.idsiz.M
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10837
                                                                                                                                                                                                Entropy (8bit):4.643195839265694
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:EG9NeKlSU9fV6kPtwusVom5DvB4UlBFXCsMu:EG9FlSU9fV6kPt+hvBPLFXCE
                                                                                                                                                                                                MD5:387FF78CF5F524FC44640F3025746145
                                                                                                                                                                                                SHA1:8480E549D00003DE262B54BC342AF66049C43D3B
                                                                                                                                                                                                SHA-256:8A85C3FCB5F81157490971EE4F5E6B9E4F80BE69A802EBED04E6724CE859713F
                                                                                                                                                                                                SHA-512:7851633EE62C00FA2C68F6F59220A836307E6DDE37EAE5E5DCA3CA254D167E305FE1EB342F93112032DADAFE9E9608C97036AC489761F7BDC776A98337152344
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20 : Haqmar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Bashkir...........401........... ......&....&...&..........&......440......... .. .&.....&...... .. ............... ......&..... ........&... .......&........ ............... .... ....... .. ...... ............?.500.&.......&.....&.........&...........&.......&........540.&.......&...... .......&..... .........&....&..............&...... ............&................&...........&............. &.............. ...&...............&.........&................ .....Diff.... ............ &.........&.......600.&....... .. ............&..... .... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11457
                                                                                                                                                                                                Entropy (8bit):4.3994562592493125
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:voiIwxssHdMMybRMIc++NBGC4ci/4f/iv1GBSHlzdRCU39ixod9t:voJ4s8SKs+NBDkA/m1GBSHlzdvMEX
                                                                                                                                                                                                MD5:B1DD654E9D8C8C1B001F7B3A15D7B5D3
                                                                                                                                                                                                SHA1:5A933AE8204163C90C00D97BA0C589F4D9F3F532
                                                                                                                                                                                                SHA-256:32071222AF04465A3D98BB30E253579AA4BECEAEB6B21AC7C15B25F46620BF30
                                                                                                                                                                                                SHA-512:0137900AEB21F53E4AF4027EA15EED7696ED0156577FE6194C2B2097F5FB9D201E7E9D52A51A26AE9A426F8137692154D80676F8705F335FED9AE7E0E1D0A10E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Kirill Gulyakevitch.; 9.07 : 2011-03-15 : Drive DRKA.;.;.;.;.;.;.;.;.;.0.7-Zip.Belarusian............401.OK...........&....&...&...................&...........440.... ... &....... ... .&....................&......&.. ....... .....&........ ........ ........ ....... .......... ........?.500.&.....&.......&.......&.........&......&........540.&............... &.................. .&..............&...............&........&......... .....&........... .....&...........&..... .........&.'...... ............&..........&................ .....Diff.&........ .........&..... ......&.....600......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17574
                                                                                                                                                                                                Entropy (8bit):4.148567429680087
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:MZ2tO2YSwozmsZ9mFL7AsbjftmxprJ4kgy0j7u4ybq:dCz7lbjaVgyCufq
                                                                                                                                                                                                MD5:2D0C8197D84A083EF904F8F5608AFE46
                                                                                                                                                                                                SHA1:5AE918D2BB3E9337538EF204342C5A1D690C7B02
                                                                                                                                                                                                SHA-256:62C6F410D011A109ABECB79CAA24D8AEB98B0046D329D611A4D07E66460EEF3F
                                                                                                                                                                                                SHA-512:3243D24BC9FDB59E1964E4BE353C10B6E9D4229EF903A5ACE9C0CB6E1689403173B11DB022CA2244C1EF0F568BE95F21915083A8C5B016F07752026D332878A4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : chavv.; : icobgr.; 4.65: Vassia Atanassova.; 23.01: Dimitar Mihaylov.;.;.;.;.;.;.;.0.7-Zip.Bulgarian...........401.OK..........&...&...&...................&.......440... .. &......... .. &.............. .......&..... ......&........ ......&........ .............. .. ....... .. ..........?.500.&.....&............&..........&.......&............&......540.&................. &.......... &......&..........&................&.........&........ ........&........ .......&.........&........ .. .........&.......... .. ...........&............&................. .. ......... ...................... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14633
                                                                                                                                                                                                Entropy (8bit):3.957046613501519
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:haD8h70Oi+7V+y+FJNgquLCnt/SD4mKYGn940nWXmJTQOdLrRMs:hKm5f7V+y+FJNgquIt/64tnSmJciLNMs
                                                                                                                                                                                                MD5:771C8B73A374CB30DF4DF682D9C40EDF
                                                                                                                                                                                                SHA1:46AA892C3553BDDC159A2C470BD317D1F7B8AF2A
                                                                                                                                                                                                SHA-256:3F55B2EC5033C39C159593C6F5ECE667B92F32938B38FCAF58B4B2A98176C1FC
                                                                                                                                                                                                SHA-512:8DCC9CC13322C4504EE49111E1F674809892900709290E58A4E219053B1F78747780E1266E1F4128C0C526C8C37B1A5D1A452EEFBA2890E3A5190EEBE30657BA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.46 : Team Oruddho (Fahad Mohammad Shaon, Mahmud Hassan).;.;.;.;.;.;.;.;.;.;.0.7-Zip.Bangla.......401.... .............&......&...&.... .............&...... ......440.&....... .... .......&...... .... ............ .....&.......& ......&............. .............. ..... .... ......?.500.&.....&.................&.&......&.......&.......540.&........ ....7-zip-. ........ .......... ........ ....&.........&............ .........&....... ...............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4953
                                                                                                                                                                                                Entropy (8bit):5.026642087390098
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:uyzeGsp9Qb9PzXHsRu2aPm68ZMvpZkul6Wg1AQQYBgJ0ZQBGBl6agPNH20qIvUkw:FzeGsbSu9y8WvpZR6W+AQQYG8LgFW01S
                                                                                                                                                                                                MD5:07504A4EDAB058C2F67C8BCB95C605DD
                                                                                                                                                                                                SHA1:3E2AE05865FB474F10B396BFEFD453C074F822FA
                                                                                                                                                                                                SHA-256:432BDB3EAA9953B084EE14EEE8FE0ABBC1B384CBDD984CCF35F0415D45AABBA8
                                                                                                                                                                                                SHA-512:B3F54D695C2A12E97C93AF4DF09CE1800B49E40302BEC7071A151F13866EDFDFAFC56F70DE07686650A46A8664608D8D3EA38C2939F2F1630CE0BF968D669CCC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : KAD-Korvigello. An Drouizig.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Breton.Brezhoneg.401.Mat eo.Nulla.....&Ya.&Ket.&Serri..Skoazell..&Kenderc'hel.440.Ya be&pred.Ket &bepred.Paouez.Adloc'ha..&Drekleur.&Rakleur.&Ehan.Ehanet.Ha fellout a ra deoc'h nulla. ?.500.&Restr.&Aoza..&Gwelout.Di&babo..&Ostilho..&Skoazell.540.&Digeri..Digeri. a-zia&barzh.Digeri. a-zia&vaez.&Gwelout.&Aoza..Adenv&el.&Kopia. diwar....&Dilec'hia. diwar....D&ilemel.&Troc'ha. restr....&Kendeuzi. restro.....P&erzhio..Evezhia&denn...Sevel un teul.Sevel ur restr.&Kuitaat.600.Diuz pep &tra.Diziuz pe tra.Lakaat an &diuzad war an tu gin.Diuz....Diziuz....Diuz diouzh ar rizh.Diziuz diouzh ar rizh.700.Arlunio. &bras.Arlunio. &bihan.&Roll.&Munudo..730.Dirummet..&2 brenestr.&Barrenno. ostilho..Digeri. an teul gwrizienn.Teul kerent.Roll istor an teul....Fresk&aat.750.Barrenn ziell.Barrenn skouerek.Meudellio. bras.Diskouez an destenn.800.&Ouzhpenna. ar c'havlec'h d'ar sinedo..Sined.900.&Di
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8803
                                                                                                                                                                                                Entropy (8bit):4.986977159662758
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3nw9pDahG/twoHcW5W3PpCPa5zRHKDBZ0EeKIl3d10aeKY8FDiM:yDGG/twoHJ5Wf9i0EpTAiM
                                                                                                                                                                                                MD5:264FB4B86BCFB77DE221E063BEEBD832
                                                                                                                                                                                                SHA1:A2EB0A43EA4002C2D8B5817A207EB24296336A20
                                                                                                                                                                                                SHA-256:07B5C0AC13D62882BF59DB528168B6F0FFDF921D5442FAE46319E84C90BE3203
                                                                                                                                                                                                SHA-512:8D1A73E902C50FD390B9372483EBD2EC58D588BACF0A3B8C8B9474657C67705B6A284BB16BBA4326D314C7A3CC11CAF320DA38D5ACB42E685ED2F8A8B6F411F4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Josep Casals, Marc Folch.;.17.01.: Benet..BennyBeat..R..i.Camps.;.;.;.;.;.;.;.;.;.0.7-Zip.Catalan.Catal..401.D'acord.Cancel.la....&S..&No.Tan&ca.Ajuda..&Continua.440.S. a &tot.No a t&ot.Atura.Re&inicia.Rere&fons.Prim&er pla.&Pausa.Pausat.Segur que voleu cancel.lar?.500.&Fitxer.&Edita.&Visualitza.&Preferits.E&ines.Aj&uda.540.&Obre.Obre d&ins.Obre &fora.&Visualitza.&Edita.Reanom&ena.&Copia a....&Mou a....&Suprimeix.&Divideix el fitxer....Com&bina el fitxer....P&ropietats.Come&ntari.Calcula la suma de verificaci..Compara.Crea una carpeta.Crea un fitxer.S&urt.Enlla&..Flux &alternatiu.600.Seleccion&a-ho tot.No seleccionis res.&Inverteix la selecci..Selecciona....Desselecciona....Selecciona per tipus.Desselecciona per tipus.700.Icones g&rans.Icones petites.&Llista.&Detalls.730.No ordenat.Vista plana.&2 Panells.&Barres d'eines.Obre la carpeta arrel.Carpeta pare.Historial de carpetes....&Actualitza.Actualitza autom.ticament.750.Barra d'eines afege
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11444
                                                                                                                                                                                                Entropy (8bit):4.995289206779897
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:arUs6wOYcVCr1oX7A18zsuX/Y0Nf+6X5gOiAKNWw9BfpN5uc7Fd5:arWwzTr1oM1fuPJNf+26ORwAYH
                                                                                                                                                                                                MD5:DE64842F09051E3AF6792930A0456B16
                                                                                                                                                                                                SHA1:498B92A35F2A14101183EBE8A22C381610794465
                                                                                                                                                                                                SHA-256:DCFB95B47A4435EB7504B804DA47302D8A62BBE450DADF1A34BAEA51C7F60C77
                                                                                                                                                                                                SHA-512:5DABEED739A753FD20807400DFC84F7BF1EB544704660A74AFCF4E0205B7C71F1DDCF9F79AC2F7B63579735A38E224685B0125C49568CBDE2D9D6ADD4C7D0ED8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-04-06 : Patriccollu di Santa Maria . Sich. (Latest Update).; 22.00 : 2022-06-21 : Patriccollu di Santa Maria . Sich. (Update).; 15.00 : 2015-04-26 : Patriccollu di Santa Maria . Sich. (Update).; 9.20 : 2010-12-12 : Patriccollu di Santa Maria . Sich. (Creation).;.;.;.;.;.;.;.0.7-Zip.Corsican.Corsu.401.Vai.Abbandun.....&S..&N..&Chjode.Aiutu..&Cuntinu..440.S. per &tutti.N. per t&utti.Piant..Rilanci..Tacca di &fondu.&Primu pianu.&Pausa.In pausa.Vulete veramente annull..?.500.&Schedariu.&Mudific..&Affiss..&Favuriti.A&ttrezzi.Ai&utu.540.&Apre.Apre in &7-Zip.Apre in l.espluratore Windows.&Fighj. (esad.).&Mudific..&Rinumin..&Cupi. versu..&Dispiazz. versu..S&quass..&Sparte u schedariu..&Unisce i schedarii..&Prupriet..Cumme&ntu..Calcul. a somma di cuntrollu.Paragun. e sfarenze (Diff).Cre. un cartulare.Cre. un schedariu.&Esce.Liame.Flussi a&lternativi.600.&Tuttu selezziun...n selezziun. &nunda.&Arritrus. a selezzi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9597
                                                                                                                                                                                                Entropy (8bit):5.372211824470281
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:iqJoMyxE8vGIrd+ic1OT1o+SXhbStCBJjSvcQKiw:iEXYBeIrQiEOT1o+SXotsJjmK7
                                                                                                                                                                                                MD5:DBDCFC996677513EA17C583511A5323B
                                                                                                                                                                                                SHA1:D655664BC98389ED916BED719203F286BAB79D3C
                                                                                                                                                                                                SHA-256:A6E329F37ACA346EF64F2C08CC36568D5383D5B325C0CAF758857ED3FF3953F2
                                                                                                                                                                                                SHA-512:DF495A8E8D50D7EC24ABB55CE66B7E9B8118AF63DB3EB2153A321792D809F7559E41DE3A9C16800347623AB10292AAC2E1761B716CB5080E99A5C8726F7CC113
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!..; 4.30 : Milan Hrub...; 4.33 : Michal Molhanec..; 9.07 : Ji.. Mal.k..; 15.00 : Kry.tof .ern...; 23.01 : 2023-06-20 : Patrik (Pa4k) .pa.o..;..;..;..;..;..;..;..0..7-Zip..Czech...e.tina..401..OK..Storno........&Ano..&Ne..Zav..&t..N.pov.da....Po&kra.ovat..440..Ano na &v.echno..N&e na v.echno..Zastavit..Spustit znovu..&Pozad...P&op.ed...Po&zastavit..Pozastaveno..Jste si jist., .e to chcete stornovat?..500..&Soubor...pr&avy..&Zobrazen...&Obl.ben...&N.stroje..N.po&v.da..540..&Otev..t..Otev..t u&vnit...Otev..t &mimo..&Zobrazit..&Upravit..&P.ejmenovat..Kop.rovat &do.....P.&esunout do.....Vymaza&t..&Rozd.lit soubor.....&Slou.it soubory.....Vlast&nosti..Pozn.mk&a..Vypo..tat kontroln. sou.et..Porovnat soubory..Vytvo.it slo.ku..Vytvo.it soubor..&Konec..Odk.zat..&Alternativn. toky..600..Vybrat &v.e..Zru.it v.b.r v.e..&Invertovat v.b.r..Vybrat.....Zru.it v.b.r.....Vybrat podle typu..Zru.it v.b.r podle typu..700.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4812
                                                                                                                                                                                                Entropy (8bit):5.061169016847165
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:8VTu+i2nCrWTXAwQGjC6IF5/uNXlziug14+UFxmeeqYgzf7Edm+8VR:8VTTCqTRC6Iv/uzg14+UFxJYgzTR
                                                                                                                                                                                                MD5:6BDF25354B531370754506223B146600
                                                                                                                                                                                                SHA1:C2487C59EEEAA5C0BDB19D826FB1E926D691358E
                                                                                                                                                                                                SHA-256:470EAF5E67F5EAD5B8C3ECC1B5B21B29D16C73591EB0047B681660346E25B3FB
                                                                                                                                                                                                SHA-512:C357B07C176175CC36A85C42D91B0CADA79DBFB584BDF57F22A6CB11898F88AECF4392037D5CEA3E1BC02DF7493BB27B9509226F810F1875105BBC33C6AE3F20
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Owain Lewis.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Welsh.Cymraeg.401.Iawn.Canslo....&Iawn.&Na.&Cau.Cymorth..P&arhau.440.Iawn i'r &Cwbwl.Na i'r C&wbwl.Stopio.Ailgychwyn.&Cefndir.&Blaendir.&Pwyllo.Pwyllo.Ydych chi am canslo?.500.&Ffeil.&Golygu.Gwe&ld.Ff&efrynnau.&Offer.&Cymorth.540.&Agor.Agor tu &Mewn.Agor tu &Fas.Gwe&ld.&Golygu.A&ilenwi.&Cop.o i....&Symud i....&Dileu.&Hollti ffeil....Cy&funo ffeilau....&Priodweddau.Syl&wad.Cyfrifo swm-gwirio..Creu Ffolder.Creu Ffeil.Alla&n.600.Dewis y C&yfan.Dad-ddewis y Cyfan.Gwrt&hdroi'r Dewis.Dewis....Dad-ddewis....Dewis trwy Math.Dad-ddewis trwy Math.700.Eiconau &Mawr.Eiconau &Bach.&Rhestr.Ma&nylion.730.Dad-dosbarthu.Golwg Flat.&2 Paneli.Bariau &Offer.Agor Ffolder Gwraidd.Lan Un Lefel.Hanes Ffolderi....&Adnewyddu.750.Bar Offer Archif.Bar Offer Arferol.Botwmau Fawr.Dangos Testun Botwmau.800.&Ychwanegu ffolder i Ffefrynnau fel.Llyfrnod.900.&Dewisiadau....&Meincnod.960.&Cynnwys....&Manylion 7-Zip....1003.Llwybr.Enw.Estyniad.Ffolder.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7870
                                                                                                                                                                                                Entropy (8bit):5.005099076386227
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3vn3kbZyZSXQVPLCXiG8gYnJYZDAHZE9xM7T9kur4Yc6Fw9KHl:3v3tSAVPG8gYnJYZk+g7T9kur4PUwG
                                                                                                                                                                                                MD5:C397E8AC4B966E1476ADBCE006BB49E4
                                                                                                                                                                                                SHA1:3E473E3BC11BD828A1E60225273D47C8121F3F2C
                                                                                                                                                                                                SHA-256:5CCD481367F7D8C544DE6177187AFF53F1143AE451AE755CE9ED9B52C5F5D478
                                                                                                                                                                                                SHA-512:CBBECE415D16B9984C82BD8FA4C03DBD1FEC58ED04E9EF0A860B74D451D03D1C7E07B23B3E652374A3B9128A7987414074C2A281087F24A77873CC45EC5AADD2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; : Jakob Schmidt.; 9.07 : Kian Andersen, J.rgen Rasmussen.; 15.00 : 2016-11-25 : scootergrisen.;.;.;.;.;.;.;.;.0.7-Zip.Danish.Dansk.401.OK.Annuller....&Ja.&Nej.&Luk.Hj.lp..&Forts.t.440.Ja til &alle.Nej til a&lle.Stop.Genstart.&Baggrund.&Forgrund.&Pause.Sat p. pause.Er du sikker p., at du vil annullere?.500.&Filer.R&ediger.&Vis.F&avoritter.Funk&tioner.&Hj.lp.540.&.bn..bn &inden i..bn &uden for.&Vis.&Rediger.O&md.b.&Kopier til....&Flyt til....S&let.&Opdel fil....Kom&biner filer....&Egenskaber.Komme&ntar....Udregn checksum.Sammenlign.Opret mappe.Opret fil.&Afslut.Opret/rediger henvisning.&Alternative str.mme.600.V.lg &alle.Frav.lg alle.&Omvendt markering.V.lg....Frav.lg....V.lg efter type.Frav.lg efter type.700.Sto&re ikoner.S&m. ikoner.&Liste.&Detaljer.730.Usorteret.Flad visning.&2 paneler.&V.rkt.jslinjer..bn rodmappe.Et niveau op.Mappehistorik....&Opdater.Opdater automatisk.750.Arkivlinje.Standardlinje.Store knapper.Vis knappernes tekst.800.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10040
                                                                                                                                                                                                Entropy (8bit):5.05587204070323
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:AOIdBgDuDCfSGltxkRtDgfglyLCoMUGfZsDZIXl7OuKtgAZOKY3gTFFGFe6muWxW:/GgD9Si+bDgfgly4vZ3l7OuKOTgbGFkg
                                                                                                                                                                                                MD5:1E30A705DA680AAECEAEC26DCF2981DE
                                                                                                                                                                                                SHA1:965C8ED225FB3A914F63164E0DF2D5A24255C3D0
                                                                                                                                                                                                SHA-256:895F76BFA4B1165E4C5A11BDAB70A774E7D05D4BBDAEC0230F29DCC85D5D3563
                                                                                                                                                                                                SHA-512:FF96E6578A1EE38DB309E72A33F5DE7960EDCC260CA1F5D899A822C78595CC761FEDBDCDD10050378C02D8A36718D76C18C6796498E2574501011F9D988DA701
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : Soeren Finster.; 4.07 : JAK-Software.DE.; 9.07 : Joachim Henke.; 23.01 : Ren. Gennes.; 24.04 : Sandro Giallella.;.;.;.;.;.;.0.7-Zip.German.Deutsch.401.OK.Abbrechen....&Ja.&Nein.&Schlie.en.Hilfe..&Fortsetzen.440.Ja f.r &alle.Nein f.r a&lle.Stopp.Neustart.&Hintergrund.&Vordergrund.&Pause.Pause.M.chten Sie wirklich abbrechen?.500.&Datei.&Bearbeiten.&Ansicht.&Favoriten.&Extras.&Hilfe.540..&ffnen.I&ntern .ffnen.E&xtern .ffnen.&Ansehen.&Bearbeiten.&Umbenennen.&Kopieren nach....&Verschieben nach....&L.schen.Datei auf&splitten....Dateien &zusammenf.gen....E&igenschaften.K&ommentieren.&Pr.fsumme berechnen.Ver&gleichen.Ordner erstellen.Datei erstellen.Be&enden.Verkn.pfung....&Alternative Datenstr.me.600.Alles &markieren.Alles abw.hlen.Markierung &umkehren.Ausw.hlen....Auswahl aufheben....Nach Typ ausw.hlen.Nach Typ abw.hlen.700.&Gro.e Symbole.&Kleine Symbole.&Liste.&Details.730.Unsortiert.Alles in einer &Ebene.&Zweigeteiltes Fenster.&Symbolleiste
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18214
                                                                                                                                                                                                Entropy (8bit):4.4284329818199835
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WkmihmxWquSsgldTiXtY5FxrbM/7uo6txGZ+r6GjuXxQlzHd:tmlwyidYnxrU7u/xk+r6GjuXxQdHd
                                                                                                                                                                                                MD5:5894A446DF1321FBDDA52A11FF402295
                                                                                                                                                                                                SHA1:A08BF21D20F8EC0FC305C87C71E2C94B98A075A4
                                                                                                                                                                                                SHA-256:2DD2130F94D31262B12680C080C96B38AD55C1007F9E610EC8473D4BB13D2908
                                                                                                                                                                                                SHA-512:0A2C3D24E7E9ADD3CA583C09A63BA130D0088ED36947B9F7B02BB48BE4D30EF8DC6B8D788535A941F74A7992566B969ADF3BD729665E61BFE22B67075766F8DE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Vasileios Karakoidas, Jacaranda Bill, Vasilis Kosmidis.; 9.07 : SkyHi [HDManiacs Team].; 15.00 : 2015-05-07: Pete D.; 24.04 : 2024-04-05: John Stamatakis.;.;.;.;.;.;.;.0.7-Zip.Greek..........401.OK..........&.....&...&..................&.........440.... .. &....... .. .&...&...................... &.............. &..........&................... ........ ... ...... .. .........;.500.&.......&.............&..........&...........&.....&........540...&............. ... &.... ................ .. &... ..........&..........&...........&..............&.............&................&...&.......... ...........&........ ...........&......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4848
                                                                                                                                                                                                Entropy (8bit):5.0398900363287105
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:lcIh395xVDLRNvtj7ZjuJowdlKoF+M/LMtYUQs0xM3Hj8bH8fC:eg3Px9zt+d5ohGs0sHj88C
                                                                                                                                                                                                MD5:29CAAD3B73F6557F0306F4F6C6338235
                                                                                                                                                                                                SHA1:D4B3147F23C75DE84287AD501E7403E0FCE69921
                                                                                                                                                                                                SHA-256:A6EF5A5A1E28D406FD78079D9CACF819B047A296ADC7083D34F2BFB3D071E5AF
                                                                                                                                                                                                SHA-512:77618995D9CF90603C5D4AD60262832D8AD64C91A5E6944EFD447A5CC082A381666D986BB294D7982C8721B0113F867B86490CA11BB3D46980132C9E4DF1BD92
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Dmitri Gabinski.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Esperanto.Esperanto.401.B&one.Nuligu....&Jes.&Ne.&Fermu.Helpo..&Da.rigu.440.Jes por .&iuj.Ne por .i&uj.&Haltu.Restartigu.&Fono.&Malfono.&Pa.zo.Pa.zita..u vi vere volas nuligi?.500.&Dosiero.&Redakto.&Vido.&Favoritaj.&Agordoj.&Helpo.540.&Malfermu.Malfermu &ene.Malfermu ek&stere.&Vidigu.&Redaktu..&an.u nomon.&Kopiu en....M&ovu en....&Forigu.&Erigu dosierojn....Komb&inu dosierojn....A&tributoj.Ko&mentu.Kalkulu kontrolsumon..Kreu &dosierujon.Kre&u dos&ieron.E&liru.600.M&arku .iun.Ma&lmarku .iun.&Inversigu markon.Marku....Malmarku....Marku la. tipo.Malmarku la. tipo.700.&Grandaj bildetoj.&Malgrandaj bildetoj.&Listo.&Detale.730.&Neordigite.Ununivela vido.&2 paneloj.&Ilobretoj.Malfermu radikan dosierujon.Supren je unu nivelo.Dosierujhistorio.....&isdatigu.750.Ar.ivo-ilobreto.Norma ilobreto.Grandaj bildetoj.Montru butontekston.800.&Aldonu dosierujon al favorataj kiel.Legosigno.900.&Agordoj....&Etalono.960.&E
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10597
                                                                                                                                                                                                Entropy (8bit):4.894357872419177
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:5JD5oUEhpto75qEisSDlmED/UJ8Wn3bFEmL4FHjwjdBZ2QvcGFpo2ZI3v:5JtvEzG75qcSDlmcDw+EJBZFchFv
                                                                                                                                                                                                MD5:ED230F9F52EF20A79C4BED8A9FEFDF21
                                                                                                                                                                                                SHA1:EC0153260B58438AD17FAF1A506B22AD0FEC1BDC
                                                                                                                                                                                                SHA-256:7199B362F43E9DCA2049C0EEB8B1BB443488CA87E12D7DDA0F717B2ADBDB7F95
                                                                                                                                                                                                SHA-512:32F0E954235420A535291CF58B823BAACF4A84723231A8636C093061A8C64FCD0952C414FC5BC7080FD8E93F050505D308E834FEA44B8AB84802D8449F076BC9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Pablo Rodriguez.; : Jbc25.; : 2007-09-05 : Guillermo Gabrielli.; 9.07 : 2010-06-10 : Purgossu.; 2010-10-23 : Sergi Medina (corrected).; 18.00 : 2018-01-10 : Agust.n Bou (updated).; 22.00 : 2023-05-13 : To.o Calo (updated and minor fixes).; 24.04 : 2024-04-25 : MELERIX (updated and various fixes).;.;.;.0.7-Zip.Spanish.Espa.ol.401.Aceptar.Cancelar....&S..&No.&Cerrar.Ayuda..&Continuar.440.S. a &todo.No a t&odo.Detener.Reiniciar.&Segundo plano.&Primer plano.&Pausar.Pausado..Est.s seguro de querer cancelar?.500.&Archivo.&Editar.&Ver.F&avoritos.&Herramientas.&Ayuda.540.&Abrir.Abrir &dentro.Abrir f&uera.&Ver.&Editar.Reno&mbrar.&Copiar a....&Mover a....&Borrar.&Dividir archivo....Com&binar archivos....P&ropiedades.Come&ntario.Calcular suma de verificaci.n.Diferencia.Crear carpeta.Crear archivo.S&alir.Enlazar.Flujos &alternativos.600.Seleccionar &todo.Deseleccionar todo.&Invertir selecci.n.Seleccionar....Desel
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6667
                                                                                                                                                                                                Entropy (8bit):4.975280640991647
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:P2ecDQC5HNYvLSjKJCNdnziL1xWKvjgeNH:uecb82ICNFWL1xWKvseNH
                                                                                                                                                                                                MD5:D6A50C4139D0973776FC294EE775C2AC
                                                                                                                                                                                                SHA1:1881D68AE10D7EB53291B80BD527A856304078A0
                                                                                                                                                                                                SHA-256:6B2718882BB47E905F1FDD7B75ECE5CC233904203C1407C6F0DCDC5E08E276DA
                                                                                                                                                                                                SHA-512:0FD14B4FD9B613D04EF8747DCD6A47F6F7777AC35C847387C0EA4B217F198AA8AC54EA1698419D4122B808F852E9110D1780EDCB61A4057C1E2774AA5382E727
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.09 : Kaupo Suviste.; 9.07 : Mihkel T.nnov.;.;.;.;.;.;.;.;.;.0.7-Zip.Estonian.eesti keel.401.OK.Loobu....&Jah.&Ei.&Sulge.Abi..&J.tka.440.K.igile j&ah.K.igile e&i.Seiska.Restardi.&Taustal.&Esiplaanile.&Paus.Pausiks peatatud.Kas soovite kindlasti loobuda?.500.&Fail.&Redigeeri.&Vaade.&Lemmikud.&T..riistad.&Abi.540.&Ava.Ava s&ees.Ava v.ljasp&ool.Vaat&ur.&Redigeeri.&Nimeta .mber.&Kopeeri asukohta....&Teisalda asukohta....Ku&stuta.T.kel&da fail.....&henda failid....Atri&buudid.Ko&mmentaar....Arvuta kontrollsumma.V.rdle.Loo kaust.Loo fail.&V.lju.600.V&ali k.ik.T.hista k.ik valikud.&P..ra valik.Vali....T.hista valik....Vali t..bi j.rgi.T.hista t..bi j.rgi valik.700.&Suured ikoonid.V.ik&esed ikoonid.&Loend..ksikasja&d.730.Sortimata.Lame vaade.&Kaks paani.&T..riistaribad.Ava juurkaust.Taseme v.rra .les.Kaustaajalugu....&V.rskenda.750.Arhiiviriistariba.Standardnupuriba.Suured nupud.Kuva nupusildid.800.&Lisa kaust lemmikute hulka j.rjehoidj
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8399
                                                                                                                                                                                                Entropy (8bit):4.743579226754701
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ChNzKhWj2NvAG/UkpyRFJHbskP/jZKMOdp6EAEPW:ChNXj2uG/Ukpe/DEMOdp6Em
                                                                                                                                                                                                MD5:C90CD9F1E3D05B80ABA527EB765CBF13
                                                                                                                                                                                                SHA1:66D1E1B250E2288F1E81322EDC3A272FC4D0FFFC
                                                                                                                                                                                                SHA-256:A1C9D46B0639878951538F531BBA69AEDDD61E6AD5229E3BF9C458196851C7D8
                                                                                                                                                                                                SHA-512:439375D01799DA3500DFA48C54EB46F7B971A299DFEBFF31492F39887D53ED83DF284EF196EB8BC07D99D0EC92BE08A1BF1A7DBF0CE9823C85449CC6F948F24C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.12 : 2015-12-04 : Xabier Aramendi.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Basque.Euskara.401.&Ongi.E&zeztatu....&Bai.&Ez.It&xi.&Laguntza..&Jarraitu.440.Bai &Guztiari.Ez G&uztiari.Gelditu.Berrabiarazi.Ba&rrenean.&Gainean.&Pausatu.Pausatuta.Zihur zaude ezeztatzea nahi duzula?.500.&Agiria.&Editatu.&Ikusi.&Gogokoenak.&Tresnak.&Laguntza.540.&Ireki.Ireki &Barnean.Ireki &Kanpoan.Ik&usi.&Editatu.Berrize&ndatu.Kopiatu &Hona....&Mugitu Hona....E&zabatu.Banan&du agiria....Nahas&tu agiriak....Ezau&garriak.&Aipamena....Ka&lkulatu egiaztapen-batura.Ezber.Sortu Agiritegia.S&ortu Agiria.I&rten.Lotura.&Aldikatu Jarioak.600.Hautatu &Guztiak.Deshatutau G&uztiak.&Alderantzizkatu Hautapena.&Hautatu....&Deshautatu....Hautatu &Motaz.Deshautatu M&otaz.700.Ikur &Handiak.Ikur Txi&kiak.&Zerrenda.&Xehetasunak.730.Ant&olatugabe.Ik&uspegi Laua.&2 Panel.&Tresnabarrak.Ireki &Erro Agiritegia.Maila Bat &Gora.Agiritegi &Historia....&Berritu.Be&rez Berritu.750.Artxibo Tresnabarra.Tresnabarra Estandarra.Boto
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7317
                                                                                                                                                                                                Entropy (8bit):4.9782970287172175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:OpSxVzpOmch2EFMaoK1ibQuXgmDjExNxI/kudt+0/aqppl6jiapd9jpp:P5OtMEFMRDHMuKeaqpAic
                                                                                                                                                                                                MD5:459B9C72A423304FFBC7901F81588337
                                                                                                                                                                                                SHA1:0BA0A0D9668C53F0184C99E9580B90FF308D79BE
                                                                                                                                                                                                SHA-256:8075FD31B4EBB54603F69ABB59D383DCEF2F5B66A9F63BB9554027FD2949671C
                                                                                                                                                                                                SHA-512:033CED457609563E0F98C66493F665B557DDD26FAB9A603E9DE97978D9F28465C5AC09E96F5F8E0ECD502D73DF29305A7E2B8A0AD4EE50777A75D6AB8D996D7F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Miguel Angel.; 9.07 : Purgossu.;.;.;.;.;.;.;.;.;.0.7-Zip.Extremaduran.Estreme.u.401.Acetal.Cancelal....&S..&Nu.&Fechal.Ayua..A&continal.440.S. &a t..Nu a &t..Paral.Reinicial.Se&gundu pranu.&Primel pranu.&Paral.Parau.De siguru que quieri cancelal la operaci.n?.500.&Archivu.&Eital.&Vel.A&tihus.&Herramientas.A&yua.540.&Abril.Abril &dentru.Abril &huera.&Vel.&Eital.Renom&bral.&Copial a....&Movel pa....&Eliminal.De&sapartal ficheru....Com&binal ficherus....P&ropieais.Come&ntariu.Calculal suma e verificaci.n.Diff.Creal diret.riu.Creal ficheru.&Salil.600.Selecional &t..Deselecional t..&Invertil seleci.n.Selecional....Deselecional....Selecional pol tipu.Deselecional pol tipu.700.Iconus g&randis.Iconus caquerus.&Listau.&Detallis.730.Nu soportau.Vista prana.&2 panelis.Barra e herramien&tas.Abril diret.riu ra..Subil un nivel.Estorial de diret.rius....&Atualizal.750.Barra e herramientas 'archivu'.Barra e herramientas est.ndal.Botonis grandis.Muestral te
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13282
                                                                                                                                                                                                Entropy (8bit):4.417819769318221
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WDvyYrnbU6Eyx9Vx8f1gJNOaSgIPukCC3NaxktY7:WD9px8f1gJss2CCsxkK7
                                                                                                                                                                                                MD5:741E0235C771E803C1B2A0B0549EAC9D
                                                                                                                                                                                                SHA1:7839AE307E2690721AD11143E076C77D3B699A3C
                                                                                                                                                                                                SHA-256:657F2ACEB60D557F907603568B0096F9D94143FF5A624262BBFEB019D45D06D7
                                                                                                                                                                                                SHA-512:F8662732464FA6A20F35EDCCE066048A6BA6811F5E56E9CA3D9AA0D198FC9517642B4F659A46D8CB8C87E890ADC055433FA71380FB50189BC103D7FBB87E0BE5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Edris Naderan.; 4.53 : Mehdi Farhadi.; 9.22 : Hessam Mohamadi.; 22.00: Mohammad Ali Sohrabi.;.;.;.;.;.;.;.0.7-Zip.Farsi.......401.................&.&.......................440.... ... ...... ... ................... ......... .................... ........ ...... .. ... ........500..................................................540................ .. ............ .. ............................... ............ ............... ............... .............................. ..... ...... ......... ........ .......... ..........&........&......... ........600....... ....... ....... ......... .... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8517
                                                                                                                                                                                                Entropy (8bit):4.822359737427984
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:2dUdnzkcjnQjB54SpQzLFA2WFYicDA1MiV2ehLHq2MQvQM03jgoBHpbYqMeMioHQ:cUtkcjnsZARHicM32UhMeWcoZpcYMivv
                                                                                                                                                                                                MD5:A04B6A55F112679C7004226B6298F885
                                                                                                                                                                                                SHA1:06C2377AC6A288FE9EDD42DF0C52F63DCE968312
                                                                                                                                                                                                SHA-256:12CC4A2CEF76045E07DAFC7AEC7CF6F16A646C0BB80873EC89A5AE0B4844443B
                                                                                                                                                                                                SHA-512:88C7ED08B35558D6D2CD8713B5D045FBA366010B8C7A4A7E315C0073CD510D3DA41B0438F277D2E0E9043B6FCB87E8417EB5698AB18B3C3D24BE7FF64B038E38
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.08 : Ari Ryynanen.; 4.30 : Jarko P..; 4.42 : Juhani Valtasalmi.; 9.35 : T.Sakkara.; 15.05 : 2015-08-07 : Lauri Kentt..; 19.00 : 2020-12-28 : Sampo Hippel.inen.;.;.;.;.;.0.7-Zip.Finnish.Suomi.401.OK.Peruuta....&Kyll..&Ei.&Sulje.Ohje..&Jatka.440.Kyll. k&aikkiin.E&i kaikkiin.Pys.yt..Aloita uudelleen.&Tausta.&Edusta.&Tauko.Tauolla.Peruutetaanko toiminto?.500.&Tiedosto.&Muokkaa.&N.yt..&Suosikit.Ty.&kalut.&Ohje.540.&Avaa.Avaa s&is.isesti.Avaa ulkoisesti.&N.yt..&Muokkaa.Nime. &uudelleen.&Kopioi....&Siirr.....&Poista.&Jaa osiin....&Yhdist. tiedostoja....&Ominaisuudet.Komme&nttti....Laske tarkiste.Ero.Luo kansio.Luo tiedosto.&Lopeta.Linkit..Vaihtoehtoiset virrat.600.V&alitse kaikki.Poista &valinnat.&K..nteinen valinta.Valitse....Poista valinta....Valitse tyypeitt.in.Poista valinta tyypeitt.in.700.Suu&ret kuvakkeet.&Pienet kuvakkeet.&Luettelo.&Tiedot.730.Alkuper.inen j.rjestys.Tasainen n.kym..&Kaksi paneelia.&Ty.kalupalkit.Avaa p..kansio.Yks
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10868
                                                                                                                                                                                                Entropy (8bit):4.914669990065981
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Uk/px4B42mykLxrIppKQoYEgHVxX39tJzo2NXIWdE4hNvuaVkP51EUt:L/462mykLxkpp3odgHVxdtd5da4nvuSy
                                                                                                                                                                                                MD5:A49801879184C9200B408375FC4408D7
                                                                                                                                                                                                SHA1:763231BD9B883692C0E5127207CBFC6A2A29BC7D
                                                                                                                                                                                                SHA-256:397A3AF716EB7F0084F3AA04AD36EAB82AAB881589A359E7D6D4BE673E1789A8
                                                                                                                                                                                                SHA-512:F408203907594AFA116A2003D0B65D77C9BCA47663F7F6B26E9158B91DAD40569E92851BF788A39105298561F854264A8DC57611637745E04E68585B837702F2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Nicolas Sierro.; 9.07 : Philippe Berthault.; 15.14 : Sylvain St-Amand (SSTSylvain).; 22.00 : 2022-06-09 : Lolo S..; 23.01 : 2023-12-20 : Denis G (Need74).; 24.04 : 2024-04-29 : Lolo S..;.;.;.;.;.0.7-Zip.French.Fran.ais.401.OK.Annuler....&Oui.&Non.&Fermer.Aide..&Continuer.440.Oui pour &tous.Non pour t&ous.Arr.ter.Red.marrer.&Arri.re-plan.P&remier plan.&Pause.En pause..tes-vous sur de vouloir annuler ?.500.&Fichier.&.dition.Affic&hage.Fa&voris.&Outils.&Aide.540.&Ouvrir.Ouvrir dans le gestionnaire &7-Zip.Ouvrir dans l'Explorateur Windows.&Voir (hexa).&.dition.Reno&mmer.&Copier vers....&D.placer vers....S&upprimer.Diviser le &fichier....&Fusionner les fichiers....P&ropri.t.s.Comme&ntaire....Somme de contr.le.Comparaison des diff.rences (Diff).Cr.er un dossier.Cr.er un fichier.&Quitter.Connexion.Flux &alternatif.600.S.lectionner &tout.D.s.lectionner to&ut.&Inverser la s.lection.S.lectionner....D.s.lectionner....S.lectionner par type.D.s.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7113
                                                                                                                                                                                                Entropy (8bit):4.969992127036655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:M7Bz8oq24hcsQzhPDu1FnweRCV2RnnfI9Mw2yzryIclVXPWMcg:M7Bz7wcse7uvFFnQMw2yzryIgXP3cg
                                                                                                                                                                                                MD5:06B08FE12C0F075D317CF9A2A1DD96BC
                                                                                                                                                                                                SHA1:0062BA87B9207536B9088E94505D765268069F63
                                                                                                                                                                                                SHA-256:6BA88938C468E7217BD300B607D7A730530E63D1F97562604EC0BB00D66A06C9
                                                                                                                                                                                                SHA-512:9F9FB1C045D92C1F8035D547554457E3466AE861A04F1CD3F57965E4A92F0FC433B2A7B3E9E1E71588E97F8C73D5914A750DEDED5D3056E327D7EFE19A220198
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.60 : Andrea Decorte (Klenje) : secont l'ortografie ufici.l de Provincie di Udin.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Friulian.Furlan.401.Va ben.Scancele....&S..&No.&Siare.&Jutori..&Continue.440.S. &a ducj.No a &ducj.Ferme.Torne a invi..&Sfont.P&rin plan.&Pause.In pause.S.stu sig.r di vol. scancel.?.500.&File.&Modifiche.&Viodude.&Prefer.ts.&Imprescj.&Jutori.540.&Viar..Viar. dentri 7-&Zip.V&iar. f.r di 7-Zip.&Mostre.M&odifiche.Gambie &non.&Copie in....M.&f in....&Elimine.&Div.t file....Torne a &un. files....P&ropiet.ts.Comen&t.Calcole so&me di control..Cree cartele.Cree file.V&a f.r.600.Selezione d&ut.&Deselezione dut.&Invert.s selezion.Selezione....Deselezione....Selezione par gjenar.Deselezione par gjenar.700.Iconis &grandis.Iconis &pi.ulis.&Liste.&Detais.730.Cence ordin.Viodude plane.&2 panei.Sbaris dai impresc&j.Viar. cartele princip.l.Parsore di un nivel.Storic des cartelis....&Atualize.750.Sbare dai imprescj par l'archivi.Sbare dai imprescj sta
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6029
                                                                                                                                                                                                Entropy (8bit):4.993685353064603
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:TqjTBrLVXTzyIu8alVMSv5FbPtnG5kSksLzJ94KoD0vL0L5nsseiF3F3NPYrAE6g:Y1HyOmX5pPtnMzkYJ9HoD00xNPEAErS8
                                                                                                                                                                                                MD5:03D38F09189799A0D927727D071C54B6
                                                                                                                                                                                                SHA1:17FF3A2C83E6A0B0733F2A9A8CE6B83AF4F1B137
                                                                                                                                                                                                SHA-256:C1C050ED6FE2F8FBC048FD7D82944B8ADA784415B6E62316D590C3C7AA45E112
                                                                                                                                                                                                SHA-512:E511C1A271A3D78CB7F6111759EEC4D7CFC2D46F71F87AA3C4AC1BB11CD4E55E7D4DBE54F9C5107025FFE8C5FCADAD4359DC673BC802B82388E74A8F2FA60FF7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : Berend Ytsma.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Frisian.Frysk.401.Okee.Ofbrekke....&Jawis.&Nee.&Slute.Help..&Ferfetsje.440.Jawis foar &Alles.Nee foar A&lles.Stopje.Opnij begjinne.&Eftergr.n.&Foargr.n.&Skoftsje.Skoft.Binne jo wis dat jo .fbrekke wolle?.500.&Triem.&Bewurkje.&Byld.B&l.dwizers.&Ark.&Help.540.&Iepenje.Iepenje &yn.Iepenje b.&ten.&Byld.&Bewurkje.Omne&ame.&Kopiearje nei....&Ferpleats nei....&Wiskje.Triemmen &spjalte....Triemmen Kom&binearje....E&igenskippen.Komme&ntaar.Kontr.lesom berekenje..Map meitsje.Triem meitsje.U&tgong.600.&Alles selektearje.Alles net selektearje.&Seleksje omdraaien.Selektearje....Net selektearje....Selektearje neffens type.Net selektearje neffens type.700.Gru&tte Ikoanen.L&ytse Ikoanen.&List.&Details.730.Net Sortearre.Platte werjefte.&2 Panielen.&Arkbalke.Haadmap iepenje.Ien nivo omheech.Maphistoarje....&Ferfarskje.750.Argyf arkbalke.Standert arkbalke.Grutte knoppen.Knoptekst sjen litte.800.Map oan bl.dwizers &taheakje as.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7906
                                                                                                                                                                                                Entropy (8bit):4.861128874829787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ggtTHAKaGSwSssr6JRiCJHAnJVsNO1vjGlXl58jmFsjGJZv:gM0j56fuXjol
                                                                                                                                                                                                MD5:236CFC435288002763C68C4BBEE7B39D
                                                                                                                                                                                                SHA1:E74A2402C2CB744DBED8AC1C2154FB1DE38148F9
                                                                                                                                                                                                SHA-256:B18730124208D26E5E88B76BB99985BF61938D7A994B626B2DE5230557D2D8DD
                                                                                                                                                                                                SHA-512:FA6941594454CDA55E081F15F367F430559849D218895B0B157A2204E8B30AE95DB99C62981A9C30A152A63D1BDB8EDD975BF06EE5ADF1F31B42A2C10CF11580
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Sean.n . Coist.n.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Irish.Gaeilge.401.T. go maith.Cealaigh....&T..&N.l.&D.n.Cabhair..&Lean ar aghaidh.440.T. do gach ceann.N.l go gach ceann.Stad.Atosaigh.&C.lra.&Tulra.&Cuir ar sos.Ar sos.An bhfuil t. cinnte gur mian leat . a cheal.?.500.&Comhad.&Leagan.Am&harc.Cean.in.&Uirlis..&Cabhair.540.&Oscail.Oscail &istigh.Oscail &lasamuigh.&Amharc.&Eagar.Athainmnigh.&Macasamhlaigh go....&Bog go....S&crios.Scar an comhad....Cumascaigh na comhaid....Air.onna.N.ta tr.chta.R.omh an tsuim sheice.la.Diff.Cruthaigh fillte.n.Cruthaigh comhad.&Scoir.600.Roghnaigh &uile.D.roghnaigh uile.&Aisiompaigh an roghn.ch.n.Roghnaigh....D.roghnaigh....Roghnaigh de r.ir cine.l.D.roghnaigh de r.ir cine.l.700.&Deilbh.n. m.ra.&Deilbh.n. beaga.&Liosta.&Sonra..730.Neamhaicmithe.Gach rud in aon chiseal.&2 fhuinneog.&Barra. na n-uirlis..Oscail an fr.amhfhillte.n.Suas fillte.n amh.in.Oireas na bhfillte.n....Athnuaigh.750.Barra
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9099
                                                                                                                                                                                                Entropy (8bit):4.918696837936453
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:1W7Uw+zTCaVpRBbpgoeCb4wdHSYz2NufjbJTQewnpy:14N+zNpbbpgw4wdHxtXlipy
                                                                                                                                                                                                MD5:6CD7C2B4D6BBA163B1623035FEB4297D
                                                                                                                                                                                                SHA1:5DF07BCFD1EDBD448B566AEA5789EF251303DE69
                                                                                                                                                                                                SHA-256:9280AB90261B0C8F206EEF7196D7531E4E4932C9174AB899CEE4F8ED97CC87C6
                                                                                                                                                                                                SHA-512:7ED13085EBC2545B434F5671F958F7A5FAA1BC29F7C10721A972AFD2C886FC39F0A6E290E70F1F8EA798199CA26974257EAF9B8445652C9B02C789E198191A3E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : 2007-11-22 : Xos. Calvo.; 9.20 : 2014-11-26 : enfeitizador.; 15.00 : 2016-02-01 : enfeitizador.; 22.00 : 2023-05-13 : enfeitizador.;.;.;.;.;.;.;.0.7-Zip.Galician.Galego.401.De acordo.Cancelar....&Si.&Non.Pe&char.Axuda..&Continuar.440.Si &a todo.Non a &todo.Parar.Reiniciar.Po.er por de&baixo.Traer ao &fronte.&Pausa.Pausado.Queres cancelar?.500.&Ficheiro.&Editar.&Ver.F&avoritos.Ferramen&tas.A&xuda.540.&Abrir.Abr&ir dentro.Abrir &f.ra.&Ver.&Editar.Cambiar no&me.&Copiar a....&Mover a....&Eliminar.&Dividir ficheiro....Com&binar ficheiros....P&ropiedades.Come&ntario....Calcular suma de verificaci.n.Diferenzas.Crear cartafol.Crear ficheiro.Sa&.r.Ligaz.n.&Alternar fluxos.600.Seleccion&ar todo.Desmarcar todo.&Inverter selecci.n.Seleccionar....Desmarcar....Seleccionar por tipo.Desmarcar por tipo.700.Iconas lon&gas.Iconas &mi.das.&Lista.&Detalles.730.Sen orde.Vista plana.&2 paneis.Barras de ferramen&tas.Abrir cartafol ra.z.Subir un nivel.Hist.rico de carta
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17365
                                                                                                                                                                                                Entropy (8bit):3.8616190133381947
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:OOt7VWp6MKgd259LNca7DK2Br5Pyl2/2Z/2oVXBH1K2xSGK/v2eHOv2E2lgJVOqc:OQ15KZeGK/nJ
                                                                                                                                                                                                MD5:93CDC8832328A22E198920630D597268
                                                                                                                                                                                                SHA1:315E5B1C77FB4E2D0C3CC1F48B6DB4C79CE9488A
                                                                                                                                                                                                SHA-256:C6E54E2A93B821BC974209CD7E2D10E9FBC4FF07D238AE84F552E4ADE271702C
                                                                                                                                                                                                SHA-512:E8355A42F3A3B5F21D5D4C7A21324433C997AD39412B3BCDCF26EDBD5EF882179168B2B5618F9FE631B88407608AB1A83BF139DB05C09B608FDDF01694B710DF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma : .... ..... ...... .........;.;.;.;.;.;.;.;.;.;.0.7-Zip.Gujarati, Indian, ....................401...............&....&...&... .........&.... .....440.&... .... ....&... .... ............ .... ....&...........&........(.........).&.................... .... .... .... ... ... .... .... ..?.500.&......&.......&......&.......&.....&....540.&.....&.... .....&.... .....&......&.......&...: .......&... ... .........&... .. ...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10909
                                                                                                                                                                                                Entropy (8bit):3.91308688355158
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:v4MfocCqKNXU9shxj5fLniD65MfiZNUsQWzrSt3v+YGqzCoy8aMN:vzo5qK1U9sZfLiD65Mfip8vJzCoGu
                                                                                                                                                                                                MD5:0771F160D56B1890A1CDC2CA040D2616
                                                                                                                                                                                                SHA1:36E69202682BF6993273B521424EC082998F6CA9
                                                                                                                                                                                                SHA-256:03B4EA89CCE3AA4193A7E3E1E6180DAB8359388DF3B574379935EA39D7B8D723
                                                                                                                                                                                                SHA-512:B452C75292C7D365AA5759FB3F49DE674255E839CAA687436474B782F615B2AD86A11A58809A5BB60115B070C9B738A461DB24E70502598A3BFECCF373220DBB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : peterg.; : Gal Brill.; 9.13 : 2010-04-30 : Jonathan Lahav.; 19.00 : 2020-05-01 : ION.;.;.;.;.;.;.;.0.7-Zip.Hebrew.......401............&...&...&...........&.....440... .&..... &............. .....&....&......&...........?.. ... .... .... .... .....500.&.....&......&......&........&......&....540..&...... .&........ .&....&....&.....&... .......&. ......&.. ...&.......&. ......&... ......&............&...... ..... ................. .......... .....&..........&..... ........600.... &....... ..... ....&.... ............... ......... ... ....... ..... ... ....700........ &.............. &....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17467
                                                                                                                                                                                                Entropy (8bit):3.84721481389097
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:wNAsf6IflsHX7q4IqKz+QCzaRDuAlTz8tw2+xE3ZAXsF:wjDGGeF
                                                                                                                                                                                                MD5:18D9C82F12E07B71E03D6086DEBA0DC3
                                                                                                                                                                                                SHA1:C6C11C6F1FC00A25DD53E1C78F207F6C8C8B8B13
                                                                                                                                                                                                SHA-256:5F79AE167A917860F95F73E5ED007FE250F30AF794BCFCE17941F9EF87D22A05
                                                                                                                                                                                                SHA-512:196A859D52A1A742B98460EAF113552DCE2CFC63378B19D2902BEABC1E66CBD9E26BF37FC26453832AA10929AAF0196ED9211332E63C830B0E5946013C82BDC1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma : ...... .... ......;.;.;.;.;.;.;.;.;.;.0.7-Zip.Hindi, Indian, ...................401.... ...........&....&.....&... .........&.... ....440.&... .. .... ....&... .. .... .............. .... .....&...........&........(.........).&..................... .... .... ..... ... ....... .... .. ....?.500.&.....&.......&......&.......&.....&....540.&.....&.... .....&.... .....&......&.......&...: .......&... ... .........&... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8122
                                                                                                                                                                                                Entropy (8bit):5.01235026127091
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rhhdCkj7itccEuzIS1xTXiV8JBLRsusqrKhI:Vh/jfLupi+l1sqrKhI
                                                                                                                                                                                                MD5:9D8216183493AC2190A4D6E142ECAB9A
                                                                                                                                                                                                SHA1:E534EBB714DBAE2A9E12ACCBE96C6F2568B814C4
                                                                                                                                                                                                SHA-256:210AF273246D30CFDE87295CD5F4FF135B0BDFB04FE7173BB60F935E685B8E10
                                                                                                                                                                                                SHA-512:5B56560AD70652C9C6287F939B25676D8149C000C2388365197354DBE38C5CBA5C25F0A3A529F0601A5B5D964B7278AB3A668E8469CF0EC718821FDABCF044BC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Alan .imek.; 4.53 : Hasan Osmanagi..; 9.07 :.; 15.05 : 2015-06-15 : Stjepan Treger.;.;.;.;.;.;.;.0.7-Zip.Croatian.Hrvatski.401.U redu.Odustani....&Da.&Ne.&Zatvori.Pomo...Nastavi.440.Da za &Sve.Ne za Sv&e.&Stani.Ponovi.U pozadini.U prvom planu.&Pauza.Pauzirano.Poni.titi?.500.&Datoteke.&Ure.ivanje.&Izgled.Omiljene mape.&Alati.&Pomo..540.&Otvori.Ot&vori mapu.Otvori u &sustavu.Iz&gled.&Ure.ivanje.Prei&menuj.&Kopiraj u....Premje&sti u....O&bri.i.Podije&li datoteku....Spo&ji datoteke....Svojs&tva.Komentar.Izra.un kontrolnog zbroja.Uspore.ivanje.Stvo&ri mapu.Stvori &datoteku.&Izlaz.Poveznica.&Alternativni tokovi.600.Odaberi &sve.Poni.ti odabir.&Obrni odabir.Odaberi....Poni.ti odabir....Odabir po tipu.Poni.ti odabir tipa.700.&Velike ikone.&Male ikone.&Popis.&Detalji.730.Neso&rtirano.Sadr.aj mapa.&2 okna.Alatne &trake.&Korijen.&Nadmapa.Pro.&le mape....O&svje.i.Automatski osvje.i.750.Alatna traka arhiva.Standardna alatna traka.Velike tipke.Prika.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10373
                                                                                                                                                                                                Entropy (8bit):5.237599190210729
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:KnufEtXpRc/oaLZ8VK8Am3+JHSacVeRU6i1M2YqpXn6StxERV/NIlLPNJxv:+VXpbavxJHSaqeRUd1vYqpXnxtSRV/2b
                                                                                                                                                                                                MD5:A41E4D16C3B29603832FFD1BBB82283E
                                                                                                                                                                                                SHA1:15695A0BD98D429E9AB191CECB185B70CC492668
                                                                                                                                                                                                SHA-256:486A382483096E9A86CCF6CA02123E48025DE5055F1880AF7F001C5C3FA25114
                                                                                                                                                                                                SHA-512:413DD8C87015EDE7868F992C25D568DE66E1BD765C7A43066D8DA8CF350F3620C77091F075020862FF6BF7C980C6091E92C5C843B3D57957C7516F5B0F51BCA0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Jozsef Tamas Herczeg.; 9.16 : Nyilas MISY.; 15.00 : 2021-11-09 : Barnabas Kovacs.; 22.01 : 2022-07-15 : John Fowler.; 24.05 : 2024-05-16 : John Fowler.;.;.;.;.;.;.0.7-Zip.Hungarian.Magyar.401.OK.M.gsem....&Igen.&Nem.&Bez.r.s.S.g...&Folytat.s.440.I&gen, mindre.N&em, mindre.Le.ll.t.s..jraind.t.s.&H.tt.rben.&El.t.rben.&Sz.net.Sz.neteltetve.Biztos, hogy megszak.tja a folyamatot?.500.&F.jl.S&zerkeszt.s.&N.zet.Ked&vencek.&Eszk.z.k.&S.g..540.M&egnyit.s.Megnyit.s &bel.l.Megnyit.s k.&v.l.&F.jl megtekint.se.S&zerkeszt.s..tn&evez.s.M.s&ol.s mapp.ba.....t&helyez.s mapp.ba....&T.rl.s.F.jl&darabol.s....F.jl&egyes.t.s....T&ulajdons.gok.&Megjegyz.s.Checksum sz.mol.sa.K.l.nbs.g.Mappa l.trehoz.sa.F.jl l.trehoz.sa.&Kil.p.s.Link.Alternat.v adatfolyam.600.Min&d kijel.l.se.Kijel.l.s megsz.ntet.se.Kijel.l.s &megford.t.sa.Kijel.l.s....Megsz.ntet.s....Kijel.l.s t.pus alapj.n.Megsz.ntet.s t.pus a
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13636
                                                                                                                                                                                                Entropy (8bit):4.268145853042887
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:jdJl7z7sBsCD6dowOkSMVBVm6WymLJaOQjKOMI:jdJl/7NC2oofVmGoJBQjiI
                                                                                                                                                                                                MD5:FE73C2AACF07D5120AEDD08792CB8268
                                                                                                                                                                                                SHA1:2C6E7D2FF42C5F65EF5F4C27600819354CAA03B0
                                                                                                                                                                                                SHA-256:91AAC9368BD116AB11FDA0B70EE4D75911A65713A272A3BA55D1435C33250F5A
                                                                                                                                                                                                SHA-512:79DBD84FE71888B7C9FDBCD23F2D4735F731E3C2C7724FBD531C3CA531B1992E756B13B66889AF30EC46770D350FCFAEF2D7ABE607594A2B4B92F60ED326D537
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Gevorg Papikyan.; 15.00 : Hrant Ohanyan.;.;.;.;.;.;.;.;.;.0.7-Zip.Armenian.........401.................&....&...&..................&...........440.... ...... &........ ...... &..........................&..............&........&............ ... ............500.&.....&.........&.....&............&.........&...........540.&........... &............. ...&...........&............&........&............&.............&............& ..........&....... ...............&................&..................................&....... ..............&... ........&.........&.............. ......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8739
                                                                                                                                                                                                Entropy (8bit):4.85314782964051
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oO2E+zHrES/JnUR4TZnN627GyZbrstpaX+XTCsn:T2E+zHrESxURKZnNh91stpaPsn
                                                                                                                                                                                                MD5:BA3591CCF26438CBE93E9C1D56BD1818
                                                                                                                                                                                                SHA1:758619A702D5A0794E4412AA6AE93FC46EA3DFB9
                                                                                                                                                                                                SHA-256:90308689870AD079E1206A877157F7389BC4351A6B104FFA2BD9311409D6D92D
                                                                                                                                                                                                SHA-512:2E9066BD733CAAA9CEDDE2346BE543D4360BD796E01BCB669602C9E6450CA5A2718CB67613469C11A4D2AA8C458D7FE9C59AB8EB9BDE39846C195CE2CC22686B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-05-13 : FranZo.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Indonesian.Bahasa Indonesia.401.Oke.Batal....&Ya.&Tidak.&Tutup.Bantuan..&Lanjut.440.Ya untuk Semu&anya.Tidak untuk S&emuanya.Stop.Start Ulang.Latar &Belakang.Latar &Depan.&Jeda.Dijeda.Anda yakin ingin membatalkan?.500.&Berkas.&Edit.&Tilik.&Favorit.&Peralatan.Bant&uan.540.B&uka.Buka di &Dalam.Buka di &Luar.&Tilik.&Edit.&Nama Ulang.&Salin Ke....&Pindah Ke....&Hapus.Be&lah Berkas....&Gabung Berkas....P&roperti.K&omentar....Hitung checksum.Beda.Buat Folder.Buat Berkas.&Keluar.Tautan.Aliran Alternati&f Aliran.600.Pilih Semu&a.Batal Pilih Semua.P&ilih Sebaliknya.Pilih....Batal Pilih....Pilih berdasarkan Tipe.Batal Pilih berdasarkan Tipe.700.Ikon &Besar.Ikon &Kecil.Da&ftar.&Detail.730.Tidak Diurutkan.Tilik Datar.&2 Panel.Bilah Perala&tan.Buka Folder Akar.Naik Satu Tingkat.Riwayat Folder....&Segarkan.Segarkan Otomatis.750.Bilah Alat Arsip.Bilah Alat Standar.Tombol Besar.Perlihatkan Teks Tombol.800.&Tambah folder ke F
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4604
                                                                                                                                                                                                Entropy (8bit):4.906610885989285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:PkmgliBaKNUnQpg1uw7okwiPJ3npCW+71SwHel5Lt/8QNjyaKfO:PzBaF/1ukoMPZwn7gwHelNt/8QNjya+O
                                                                                                                                                                                                MD5:0861AE63DA2D00590369BB11B3857551
                                                                                                                                                                                                SHA1:8272F4761A3F2ACA2BFAEC6FCF08C82A9F36A65A
                                                                                                                                                                                                SHA-256:B87A4FCA8A0024A915AE86E36951CB7CEA442948D9982D4247E49492445BA664
                                                                                                                                                                                                SHA-512:70997D6775E1C91D021FDA2143C831FE8396094E50337DA3C4897DA70636B7F10B363F35B997213A462B467FE6754D2C33E009E84363063ECED871A2591CCE88
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.08 : iZoom.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Ido.Ido.401.B&one.Abandonar....&Yes.&No.&Klozez.Helpo..&Durez.440.Yes por &omni.No por o&mni.Haltez.Ristartez.&Fono.&Avanajo.&Pauzo.Pauzita.Kad vu ya volas abortar?.500.&Dosiero.&Redakto.&Aspekto.&Favoraji.&Utensili.&Helpo.540.&Apertigar.Apertigar int&erne.Apertigar e&xter.&Vidigar.&Redaktar.Ch&anjar nomo.Ko&piar aden....Transp&ozar aden....E&facar.F&endar dosiero....Komb&inar dosieri....In&heraji.Ko&mentar...Krear &dosieruyo.Krear dos&iero.E&kirar.600.Merk&ar omno.Des&merkar omno.&Inversigar merko.Merkar....Desmerkar....Merkar segun tipo.Desmerkar segun tipo.700.&Granda ikoneti.&Mikra ikoneti.&Listo.&Tabelo.730.&Nearanjite..&2 paneli.Utens&ila paneli.Apertigar radika dosieruyo.Ad-supre ye un nivelo.Dosieruya historio....R&inovigar.750.Utensila panelo di arkivo.Norma utensila panelo.Granda ikoneti.Videbla butontexto.800.&Adjuntar dosieruyo ad la favorata quale.Lektomerkajo.900.&Ajusti....&Experienco dil rapideso.960.&Konte
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5579
                                                                                                                                                                                                Entropy (8bit):5.039812534553965
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:P/3mbERgiJQCLlUBwpMBf4WV49vXJQX2Egzqlg+5RK6uxy4rcRQKktwlm80DCDHB:P/3sue8MOWyBXyX2tyj9RpGgigi6KwJ
                                                                                                                                                                                                MD5:69720A6D09230D9747BB2AA3C0EF650D
                                                                                                                                                                                                SHA1:4750E61EC19BA905D6F2BC5828510FD08D915AF8
                                                                                                                                                                                                SHA-256:B6EE3C8A14230AA7D1A17C5493E0A410C5C5C638BA7A9D81681FFED4A8DE6884
                                                                                                                                                                                                SHA-512:92230FEE3E5BC4B57013E359E43BF5F921DCFD9CAD4522E09B11EF8BF2F21F96555FC3AF72618A06D953F8D68050629358A8A7312A649489D6CA82780B793C88
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Mikel Hasko.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Albanian.Shqip.401.N. rregull.Anulim....&Po.&Jo.&Mbyll.Ndihm...&Vazhdim.440.Po p.r t. gjith&a.Jo p.r t. gjit&ha.Ndalo.Rinis.N. &sfond.N. pla&n t. par..&Pushim.N. pushim.Jeni t. sigurt se d.shironi ta anuloni?.500.&Skedari.&Redaktimi.&Pamja.&T. parap.lqyerit.&Veglat.&Ndihma.540.&Hap.Hap p.rbre&nda.Hap p.rjas&hta.&Pamja.&Redakto.Ri&em.rto.&Kopjo tek....&Zhvendos tek....&Fshi.N&daj skedarin....Kom&bino skedar.t....&Vetit..Ko&menti.Llogarit shum.n e verifikimit..Krijo nj. dosje.Krijo nj. skedar.&Dil.600.S&elekto t. gjith...se&lekto t. gjith..Anasill selekti&min.Selekto.....selekto....Selekto sipas tipit..selekto sipas tipit.700.Ikona t. &m.dha.Ikona t. &vogla.&List..&Detaje.730.&T. parenditur.Pamje e rrafsht..&2 panele.&Shiritat e veglave.Hap dosjen rr.nj..Nj. nivel m. lart..Historiku i dosjes....&Rifresko.750.Shiriti i veglave i arkivit.Shiriti standard i veglave.Butona t. m.dh
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12387
                                                                                                                                                                                                Entropy (8bit):5.313192066737636
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:n4fuupdoCXs+8WFml8HKp2yj99UfdECKU/Gh6o:n4fuofsjrW5KmGh6o
                                                                                                                                                                                                MD5:A0C7EB5D5A5DD7AB6F4C1E4FEF092256
                                                                                                                                                                                                SHA1:F121129211DBEDBA3C440267FD9BD1C636E263C2
                                                                                                                                                                                                SHA-256:9F70F1943A8E0A9B9040D1F769CA2494C2B83CEB8DC55B08DB1FC3E6973AD835
                                                                                                                                                                                                SHA-512:F864C9AC99EDC97968FECA96919A412E87C27457F5E0A8956DCECF37351CE7AEAF0E745343A649743D665B46BE108B3CC5BAFD92029D25D5A5D9BF6C390E5149
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : : Komuro.; : : Mick.; : : 2chBBS-software.; : : Crus Mitsuaki.; 9.23 : 2011-06-22 : nabeshin.; 22.00 : 2022-06-20 : Rukoto Luther.; 24.06 : 2024-06-15 : Stepanushkin Dmitry.;.;.;.;.0.7-Zip.Japanese.....401.OK............(&Y)....(&N)....(&C)........(&C).440......(&A).......(&L)................(&B).........(&F).....(&P)....................?.500.....(&F)...(&E)...(&V)......(&A)....(&T)....(&H).540...(&O).7-Zip ...(&I)........(&U)...(&V)...(&E)......(&M)....(&C)......(&M)......(&D).......(&S)..........(&B).........(&R).....(&N)..................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8739
                                                                                                                                                                                                Entropy (8bit):4.85314782964051
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oO2E+zHrES/JnUR4TZnN627GyZbrstpaX+XTCsn:T2E+zHrESxURKZnNh91stpaPsn
                                                                                                                                                                                                MD5:BA3591CCF26438CBE93E9C1D56BD1818
                                                                                                                                                                                                SHA1:758619A702D5A0794E4412AA6AE93FC46EA3DFB9
                                                                                                                                                                                                SHA-256:90308689870AD079E1206A877157F7389BC4351A6B104FFA2BD9311409D6D92D
                                                                                                                                                                                                SHA-512:2E9066BD733CAAA9CEDDE2346BE543D4360BD796E01BCB669602C9E6450CA5A2718CB67613469C11A4D2AA8C458D7FE9C59AB8EB9BDE39846C195CE2CC22686B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-05-13 : FranZo.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Indonesian.Bahasa Indonesia.401.Oke.Batal....&Ya.&Tidak.&Tutup.Bantuan..&Lanjut.440.Ya untuk Semu&anya.Tidak untuk S&emuanya.Stop.Start Ulang.Latar &Belakang.Latar &Depan.&Jeda.Dijeda.Anda yakin ingin membatalkan?.500.&Berkas.&Edit.&Tilik.&Favorit.&Peralatan.Bant&uan.540.B&uka.Buka di &Dalam.Buka di &Luar.&Tilik.&Edit.&Nama Ulang.&Salin Ke....&Pindah Ke....&Hapus.Be&lah Berkas....&Gabung Berkas....P&roperti.K&omentar....Hitung checksum.Beda.Buat Folder.Buat Berkas.&Keluar.Tautan.Aliran Alternati&f Aliran.600.Pilih Semu&a.Batal Pilih Semua.P&ilih Sebaliknya.Pilih....Batal Pilih....Pilih berdasarkan Tipe.Batal Pilih berdasarkan Tipe.700.Ikon &Besar.Ikon &Kecil.Da&ftar.&Detail.730.Tidak Diurutkan.Tilik Datar.&2 Panel.Bilah Perala&tan.Buka Folder Akar.Naik Satu Tingkat.Riwayat Folder....&Segarkan.Segarkan Otomatis.750.Bilah Alat Arsip.Bilah Alat Standar.Tombol Besar.Perlihatkan Teks Tombol.800.&Tambah folder ke F
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10469
                                                                                                                                                                                                Entropy (8bit):5.284564106594488
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:8F6LuxAINK+9IPpdcigPDojX4MmlmYplGPvxtdogal+7opiQRDev/4Fq/+ePRRtG:wxAELigPDoHITPjk6b9Fq/+1z
                                                                                                                                                                                                MD5:5D90F9C7771022E43C15A4393A0670CE
                                                                                                                                                                                                SHA1:689269A4B3AED23CDF59ED395732C592B515AC83
                                                                                                                                                                                                SHA-256:DE2497946932D806F822082C3CF9F2F26A18752D9973F9D09E0889A94CE4C28A
                                                                                                                                                                                                SHA-512:7A8BD040989CF66DD0F15BE68DFCF2799C34C491FDF900315AB82619938C79BE9F18C6A5B1A4AC7DF6BBA951B3B309DDAF4F5ED628A69B8B893406F68FBC9510
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 15.00 : 2015-03-29 : Ibrahim Oyekan.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Yoruba.Yoruba.401.O DAA.Pa re....&B..ni.&B..k..&P.d...r.nl.w...&T..-s.w.j..440.B..ni fun &gbogbo ..B..k. fun &gbogbo ..D.r....t.nb..r...&...h.n-.gb.h.n.&Oj.-.gb.h.n.&D.d.r...d.r...e . d.j. pe .nyin f.. paar..500.&Fa.li.&Tunk..&.w..&A.y..&Irin....&.r.nl.w..540.&.i..i &si .n...i &si .ta.&.w..&Tunk..&Tun oruk. k..&...d. si....&Gb. si....&Paar..&P.n fa.li...... .w.n fa.li k.p......&.b.d..&.r. .w.ye.....e i.iro checksum..y.t...D. .p. fa.li sil...D. fa.li sil...&P.d...t..kas..&Yiyan agbara d.t..600....y.n &gbogbo fa.li.Paa ...y.n gbogbo fa.li.&Yi ...y.n Pad.....y.n....Paa ...y.n.......y.n bi ir. fa.li.Paa ...y.n bi ir. fa.li.700.&.mi .l..&.mi K.ker..&Ak.j...&Aw.n alaye.730.Lai t. l.s.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11457
                                                                                                                                                                                                Entropy (8bit):4.3994562592493125
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:voiIwxssHdMMybRMIc++NBGC4ci/4f/iv1GBSHlzdRCU39ixod9t:voJ4s8SKs+NBDkA/m1GBSHlzdvMEX
                                                                                                                                                                                                MD5:B1DD654E9D8C8C1B001F7B3A15D7B5D3
                                                                                                                                                                                                SHA1:5A933AE8204163C90C00D97BA0C589F4D9F3F532
                                                                                                                                                                                                SHA-256:32071222AF04465A3D98BB30E253579AA4BECEAEB6B21AC7C15B25F46620BF30
                                                                                                                                                                                                SHA-512:0137900AEB21F53E4AF4027EA15EED7696ED0156577FE6194C2B2097F5FB9D201E7E9D52A51A26AE9A426F8137692154D80676F8705F335FED9AE7E0E1D0A10E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Kirill Gulyakevitch.; 9.07 : 2011-03-15 : Drive DRKA.;.;.;.;.;.;.;.;.;.0.7-Zip.Belarusian............401.OK...........&....&...&...................&...........440.... ... &....... ... .&....................&......&.. ....... .....&........ ........ ........ ....... .......... ........?.500.&.....&.......&.......&.........&......&........540.&............... &.................. .&..............&...............&........&......... .....&........... .....&...........&..... .........&.'...... ............&..........&................ .....Diff.&........ .........&..... ......&.....600......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10040
                                                                                                                                                                                                Entropy (8bit):5.033364801945333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bBLhu312JnrmZ80+hs6MKaZy5HH9+jieCn6abdXdg9R49:bbhJnro80+X1HQT6fg9G9
                                                                                                                                                                                                MD5:9A2FC6431192E6FC18871DA5D4ADC467
                                                                                                                                                                                                SHA1:EEA02FAF56E746DFADF67C5FE4E12A79EA2FB089
                                                                                                                                                                                                SHA-256:4FD993DBAE9606C062DC3511292274631335956A016B74B3061BAB55F7D9C736
                                                                                                                                                                                                SHA-512:A4945CD1522FD2A57960959C4937C55920520BE615F3CB84CBE74842479D426AFF28F3E041FA61A338B121CA3BE64EFC4C128CA94A48B4D994EEA79A42AAB7F9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 4.59 : Lucian Nan.; 23.00 : 2023-07-22 : Marius Hudea.; 24.05 : 2024-05-19 : Miloiu Andrei-Valentin.;.;.;.;.;.;.;.;.0.7-Zip.Romanian.Rom.n..401.Bine.Anulare....&Da.&Nu..n&chide.Ajutor..&Continu..440.Da, pentru &toate.Nu, pentru t&oate.Opre.te.Restarteaz...n &fundal.La &suprafa...&Pauz...n pauz..E.ti sigur c. vrei s. anulezi?.500.&Fi.ier.&Editeaz..&Vizualizeaz..Fav&orite.&Unelte.&Ajutor.540.&Deschide.Deschide .&n.Deschide .n &afar..&Vizualizez..&Editeaz..&Redenume.te.&Copiaz. la....&Mut. la.....ter&ge.Segmenteaz. &fi.ierul....Com&bin. segmente....&Propriet..i.Comen&tariu.Calculeaz. cod verificare.Diferen...Creaz. director.Creaz. fi.ier.&Ie.ire.Scurt.tur..Fluxuri de date &alternative.600.&Selecteaz. toate.&Deselecteaz. toate.&Inverseaz. selec.ia.Selecteaz.....Deselecteaz.....Selecteaz. dup. tip.Deselecteaz. dup. tip.700.PIctograme m&ari.Pictograme m&ici.&List..&Detalii.730.Nesortat.Vedere &plan..&2 panouri.Bare de &
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10142
                                                                                                                                                                                                Entropy (8bit):5.350645745471363
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:xPc6gARXHeJlbbciOeh3rykpqMmEIN5U91n8:N3gARX+Jlbbfh3ryvTEIN5Un8
                                                                                                                                                                                                MD5:3FDECAE1FF188894295759380B0378DA
                                                                                                                                                                                                SHA1:935A4797540CE26828569C50924BAAE230F2D41E
                                                                                                                                                                                                SHA-256:B53FE26795B01F3347B614EAA499D28770D94EB5B51005C842386E97D8344CB6
                                                                                                                                                                                                SHA-512:F5B87DEFB1837E98EA46E1E37E13180976C5910F13E18A178397C530E6F15C585CF55E54048206D1A343C298BFE136E0CCF259657B29D7A8C5A9EE2537288AED
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Tomas Tomasek.; 9.07 : Pavel Deve.ka.; 9.38 beta : 2015-01-11 : Roman Horv.th.; 24.02 : Milan .alka.;.;.;.;.;.;.;.0.7-Zip.Slovak.Sloven.ina.401.OK.Zru.i.....&.no.&Nie.&Zavrie..Pomocn.k..Po&kra.ova..440..no na &v.etko.Nie na v.&etko.Zastavi..Re.tartova..&Pozadie.P&opredie.Po&zastavi..Pozastaven..Ste si ist., .e chcete akciu zru.i.?.500.&S.bor.&Upravi..&Zobrazi..&Ob..ben..&N.stroje.&Pomocn.k.540.&Otvori..O&tvori. vn.tri.Ot&vori. externe.&Zobrazi..&Upravi..&Premenova..&Kop.rova. do....P&resun.. do....O&dstr.ni..Ro&zdeli. s.bor....Zl..&i. s.bory....V&lastnosti.Ko&ment.r.Vypo..ta. kontroln. s..et.Rozdiel (Diff).Vytvori. prie.inok.Vytvori. s.bor.Uko&n.i..Odkaz....&Alternat.vne streamy.600.Ozna.i. v.etko.Odzna.i. v.etko.Invertova. ozna.enie.Ozna.i.....Odzna.i.....Ozna.i. pod.a typu.Odzna.i. pod.a typu.700.&Ve.k. ikony.&Mal. ikony.&Zoznam.&Podrobnosti.730.Netriedi..Ploch. vzh
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7372
                                                                                                                                                                                                Entropy (8bit):4.909894601165032
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:/iCx+nicrSC2WgvUZ8I/MbcGr74hjN8H7+UeT5xMWcZlFi6lCg6l+Rl2NIqpClH5:/OnVInvQ5kN74nK+febFi6Yg62I7bPFI
                                                                                                                                                                                                MD5:F16218139E027338A16C3199091D0600
                                                                                                                                                                                                SHA1:DA48140A4C033EEA217E97118F595394195A15D5
                                                                                                                                                                                                SHA-256:3AB9F7AACD38C4CDE814F86BC37EEC2B9DF8D0DDDB95FC1D09A5F5BCB11F0EEB
                                                                                                                                                                                                SHA-512:B2E99D70D1A7A2A1BFA2FFB61F3CA2D1B18591C4707E4C6C5EFB9BECDD205D646B3BAA0E8CBD28CE297D7830D3DFB8F737266C66E53A83BDBE58B117F8E3AE14
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Feliciano Mart.nez Tur.; 9.07 : Juan Pablo Mart.nez.;.;.;.;.;.;.;.;.;.0.7-Zip.Aragonese.Aragon.s.401.Acceptar.Cancelar....&S..&No.&Zarrar.Aduya..&Continar.440.S. a &tot.No a t&ot.Aturar.Tornar a empecipiar.Se&gundo plano.P&rimer plano.&Pausa.Aturau.Yes seguro que quiers cancelar?.500.&Fichero.&Editar.&Veyer.&Favoritos.&Ferramientas.Ad&uya.540.&Ubrir.Ubrir &adintro.Ubrir &difuera.&Veyer.&Editar.Re&nombrar.&Copiar en....&Mover ta....&Borrar.Di&vidir o fichero....C&ombinar os fichers....&Propiedatz.Comen&tario.Calcular a suma de comprebaci.n.Diff.Creyar carpeta.Creyar fichero.&Salir.600.Seleccionar-lo &tot.Deseleccionar-lo tot.&Invertir selecci.n.Seleccionar....Deseleccionar....Seleccionar por tipo.Deseleccionar por tipo.700.Iconos g&rans.&Iconos chicotz.&Lista.&Detalles.730.Desordenau.Anvista plana.&2 panels.&Barras de ferramientas.Ubrir a carpeta radiz.Carpeta mai.Historial de carpetas....&Esviellar.750.Barra de ferramientas d'archivo.Barras de ferr
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21169
                                                                                                                                                                                                Entropy (8bit):3.6500180773175783
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:NSzhkx60rKSu1t5tO2lV6rxhA/1bRRsMQSJNg4T4H84zQ9gZGvlLk2+ZuYbzw:Kkx6MqVUSJNVCw
                                                                                                                                                                                                MD5:2BE2F9C77556CA413B590B8477DF5499
                                                                                                                                                                                                SHA1:DD5CE617642C977470AA20C6DC6815728C779245
                                                                                                                                                                                                SHA-256:5A85CC532F802DA683374C3F4C98E3F37425CF304D6772BA554D2C49BAC7BE0B
                                                                                                                                                                                                SHA-512:3BA82549752E6BFE6C1F1706B205747D70F2F3106C49EA08D35E82047166C3D5B26457D6BF00FBBD0E9CAC4AE8EC38123F533DE3F68ED466F219C551B5417C40
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20:.; Saqirilatu Mongolqileb.; last updated: 2013-12-11.; Update and Spelling corrected Bayarsaikhan.;.;.;.;.;.;.;.0.7-Zip.Mongolian (MenkCode)......... .....401............................ (&Y)..... (&N)......... (&C)........................ (&C).440........ ..... (&A)........ .... (&L)................... ............ .... (&B)...... ... (&F).......... (&P)........ ............ ........ ............ .. ..500...... (&F).............. (&E)........ (&V)............. (&A)........ (&T)........... (&H).540..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13050
                                                                                                                                                                                                Entropy (8bit):3.8543519831557473
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dNvZCtxUT2PoIhbW7dxmmWkcU0rwSdCsbW3UcSru1:d1vT2PoIRWMBwSY3Sr6
                                                                                                                                                                                                MD5:04CFC22F9293329C5EA7EC5C4A14D3BC
                                                                                                                                                                                                SHA1:57AA51DEC6BED50703054060F46918AA26AE0E4A
                                                                                                                                                                                                SHA-256:E016E8872F2DE7CBC1F4FC786C747CC26B2E250E6C1B8F1C46040B72C523D90F
                                                                                                                                                                                                SHA-512:5099E2A8B6BE04E2124280711AF1BF5807DCA5DF93DD33CCA416D56337ADAD19903AACEF3872F550D16A82F8F1471EC5D821D6E4E096E817A8C4D8340291D402
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Shiva Pokharel, Mahesh Subedi.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Nepali........401.... ...... .............&...&.....&.... .................&.... ...........440.&...... ...&...... ...................: .... ..........&..........&.........&.. ............ ............ .... .... .... ......... ?.500.&.....&....... ..........&...........&.........&......&......540.&..................... ..................... ...........&.........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10982
                                                                                                                                                                                                Entropy (8bit):4.662514332505228
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Ca+X3gDVs7FuvI9w83Dce6oF3DSiskkSx6NGhu1c9:XAwpe53uUkSWlc9
                                                                                                                                                                                                MD5:47C628C679FF488DDF4E14C457D2FCA0
                                                                                                                                                                                                SHA1:E8DA632E677A92224B5095271087A68C60504B9C
                                                                                                                                                                                                SHA-256:7FD494130F9B96DFCA492D495EF3FD7B4EAACF59F075172898ECE5AEBD1F6FCE
                                                                                                                                                                                                SHA-512:A4A22D6FE3C01A3E3D93C6D555B840EEECD72F396F0BCB5AFD871292BCA5B86F2CA76E3CF44FA71DD6C1B08D6672C50D16D0FBA679A4AF4AA677993A9900E497
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : Sahran.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uyghur..........401........... .......(&Y)........(&N)....(&C)....................(&C).440........ ....(&A)........ ...(&L)............ ........... ....(&B)...... ....(&F)......... .....(&P)......... ................... ... ..........500.......(&F).......(&E)........(&V).......(&A)......(&T).......(&H).540....(&O).......... ........ ...(&I)..... ........ ...(&U)........(&V).......(&E).... .......(&M)........ .....(&C)........ .....(&M).......(&D)....... .......(&S)........ .........(&B)........(&R)........(&N)....... ............. ........... ............(&X).600..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8251
                                                                                                                                                                                                Entropy (8bit):5.19488137916907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:IHrcQOp6UkYC3kMQVtxXYrqYlMtiMeQIFTYENLlr7mAzNtcjpuqd/WWQse:IH3OpXBUMeQIFTYGr9NtycmW
                                                                                                                                                                                                MD5:C8F31D6ADEE368CA0AA00350DF0D82DF
                                                                                                                                                                                                SHA1:4146C7C62DD46B2C43C92CDF33E45FA7E2272D04
                                                                                                                                                                                                SHA-256:DC61090369E1269A68C75E472D863AAF42207F702B3D3E12CA48D2852E1478E3
                                                                                                                                                                                                SHA-512:758AF54A33DC243992324974F01707C8027BE7BDC7D07187A28038F4C9D8F7681D989B66F56A13B86E99C8BC74D80A70FA44BD5DD9532C99B78DF7985B397ED8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 19.02 : 2019-11-12 : Stef.n .rvar Sigmundsson.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Icelandic..slenska.401.. lagi.H.tta vi.....&J..&Nei.&Loka.Hj.lp..&Halda .fram.440.&J. vi. .llu.&Nei vi. .llu.St..va.Endurr.sa.&Bakgrunnur.&Forgrunnur.&Gera hl... hl.i.Ert .. viss um a. .. viljir h.tta vi.?.500.&Skr..&Breyta.&Sko.a.&Upp.hald.&Verkf.ri.&Hj.lp.540.&Opna.&Opna a. innanver.u.&Opna a. utanver.u.&Sko.a.&Breyta.&Endurnefna.&Afrita .....&F.ra .....&Ey.a.&Klj.fa skr.....&Sameina skr.r....&Eiginleikar.&Gera athugasemd....Reikna samt.lu.Mismunur.Skapa m.ppu.Skapa skr..&H.tta.Tengill.&V.xlstraumar.600.&Velja allt.&Afvelja allt.&Umsn.a vali.Velja....Afvelja....Velja eftir tegund.Afvelja eftir tegund.700.&St.rar t.knmyndir.&Sm.ar t.knmyndir.&Listi.&Sm.atri.i.730..flokka..Flats.n.&2 spj.ld.&Verkf.rastikur.Opna r.tarm.ppu.Upp um eitt stig.M.ppusaga....&Endurgl..a.Sj.lfendurgl..un.750.Safnverkf.rastika.St..lu. verkf.rastik
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5016
                                                                                                                                                                                                Entropy (8bit):5.202718875099834
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:UnbIMLOcn+2YYrzNOw/tglixPmncrwQMpp7urX:5MBQs9encsQCps
                                                                                                                                                                                                MD5:056327042B9CFD5FCB5F788F22112D62
                                                                                                                                                                                                SHA1:FAE6324417DC88E9A9BB0FBAC9B4D4CE61C1980E
                                                                                                                                                                                                SHA-256:533F9FF016E7BB36216665CCA1065139A35D8DA71651678814415FF457A9BE7D
                                                                                                                                                                                                SHA-512:FE853C2042251B3987C169F8241E0B3B0F1C3AE039DC7786B07E0DB07E8A6B0F89E1D478F27D3C8DFD69473E6C6118CE13A39D7DE84A22A3C2A660652B852660
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.10 : Armands Radzu.ka.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Latvian.Latvie.u.401.&Labi.&Atcelt....&J..&N..Aiz&v.rt.&Rokasgr.mata..&Turpin.t.440.J. &visiem.N. v&isiem.Stop.P.rstart.t.&Fon..&Priek.pl.n..Pa&uze.Pauz.ts.Vai piekr.tat p.rtraukt .o darb.bu?.500.&Fails.&Labo.ana.&Izskats.Ie&cien.t.s.&R.ki.&Pal.dz.ba.540.&Atv.rt.Atv.rt &iek.pus..Atv.rt .rp&us..Ap&skate.&Labot.P.&rd.v.t.&Kop.t uz....P.r&vietot uz....&Dz.st.&Sadal.t failu....Ap&vienot failus.....pa..&bas.&Piez.mes...Izveidot &mapi.Izveidot &failu.&Beigt.600.Iez.m.t &visu.Atcelt vis&u.I&nvert.t iez.m.jumu.Ie&z.m.t....&Atcelt....I&ez.m.t p.c tipa.A&tcelt p.c tipa.700.&Lielas ikonas.&Mazas ikonas.&Saraksts.S.&k.k.730.&Ne..irot..&2 pane.i.&R.ku joslas.&Atv.rt saknes mapi.L.meni &uz aug.u.Mapju &v.sture....&P.rlas.t.750.Arh.va r.ku josla.Standarta r.ku josla.Lielas pogas.Par.d.t pogu tekstu.800.&Pievienot mapi iecien.taj.m k..Iecien.t.s.900.&U
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8383
                                                                                                                                                                                                Entropy (8bit):6.039482945933355
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dIEm/UwNgrNf35q4H0PPTo0CCKL9xlDCrBYwlW/A2flOEBV:dxmMwN5LTo/CKJuBdMtNV
                                                                                                                                                                                                MD5:E6C38C199079BE58EE81E8DA55E783AC
                                                                                                                                                                                                SHA1:1AD09B0146F317786AFB0A09C7907E6CCB5C207E
                                                                                                                                                                                                SHA-256:76A17B0A97925E5D6DEB1EBE8AE14F83BD49957C492C3733A0EA178E28B0D74B
                                                                                                                                                                                                SHA-512:014D3FB64B22DA94D5AC7626B3E4BF9321FB05647BDB1BE3EEF79ADD3EFB06EF6B0FC1590031D4E781489AFC96BA4B7E4A86590BCE98C901812E890A4680ED02
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : Leon Tseng, sec2, ...; 9.07 - 24.04 : Jack Pang.;.;.;.;.;.;.;.;.;.0.7-Zip.Chinese Traditional......401...........(&Y)..(&N)...(&C).......(&C).440.....(&A).....(&L).............(&B).....(&F)...(&P)...........?.500...(&F)...(&E)...(&V).....(&A)...(&T)...(&H).540...(&O)......(&I)......(&U)...(&V)...(&E).....(&M)....(&C).......(&M)......(&D).....(&S)........(&B)......(&R)...(&N).........................(&X).........(&A).600...(&A).........(&I)............................700....(&G)....(&M)...(&L).....(&D).730.............(&2)....(&T)...........................(
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10868
                                                                                                                                                                                                Entropy (8bit):4.914669990065981
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Uk/px4B42mykLxrIppKQoYEgHVxX39tJzo2NXIWdE4hNvuaVkP51EUt:L/462mykLxkpp3odgHVxdtd5da4nvuSy
                                                                                                                                                                                                MD5:A49801879184C9200B408375FC4408D7
                                                                                                                                                                                                SHA1:763231BD9B883692C0E5127207CBFC6A2A29BC7D
                                                                                                                                                                                                SHA-256:397A3AF716EB7F0084F3AA04AD36EAB82AAB881589A359E7D6D4BE673E1789A8
                                                                                                                                                                                                SHA-512:F408203907594AFA116A2003D0B65D77C9BCA47663F7F6B26E9158B91DAD40569E92851BF788A39105298561F854264A8DC57611637745E04E68585B837702F2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Nicolas Sierro.; 9.07 : Philippe Berthault.; 15.14 : Sylvain St-Amand (SSTSylvain).; 22.00 : 2022-06-09 : Lolo S..; 23.01 : 2023-12-20 : Denis G (Need74).; 24.04 : 2024-04-29 : Lolo S..;.;.;.;.;.0.7-Zip.French.Fran.ais.401.OK.Annuler....&Oui.&Non.&Fermer.Aide..&Continuer.440.Oui pour &tous.Non pour t&ous.Arr.ter.Red.marrer.&Arri.re-plan.P&remier plan.&Pause.En pause..tes-vous sur de vouloir annuler ?.500.&Fichier.&.dition.Affic&hage.Fa&voris.&Outils.&Aide.540.&Ouvrir.Ouvrir dans le gestionnaire &7-Zip.Ouvrir dans l'Explorateur Windows.&Voir (hexa).&.dition.Reno&mmer.&Copier vers....&D.placer vers....S&upprimer.Diviser le &fichier....&Fusionner les fichiers....P&ropri.t.s.Comme&ntaire....Somme de contr.le.Comparaison des diff.rences (Diff).Cr.er un dossier.Cr.er un fichier.&Quitter.Connexion.Flux &alternatif.600.S.lectionner &tout.D.s.lectionner to&ut.&Inverser la s.lection.S.lectionner....D.s.lectionner....S.lectionner par type.D.s.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9508
                                                                                                                                                                                                Entropy (8bit):4.956382401228677
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bFIzlmWIGz4txB2GnYESx8EvawZP7/uHCkU331:5bUzwxB2GfJwZP7/uHCkO31
                                                                                                                                                                                                MD5:1651078BE7CE617922904CA7941FAE20
                                                                                                                                                                                                SHA1:1FE33F74AAA6AF59B5055B968EF6424107544538
                                                                                                                                                                                                SHA-256:C0D985DEA02778276BA3D3DF96B50B33F7BA0C1EC7C62761F0DCD67A05B62270
                                                                                                                                                                                                SHA-512:E1721EE191E1BA24212E85C013497C66D35DB0E48DF464D2E86762B4A0855AC04FFEC59AF8C259F91DFF0924D977FFEB1FBA92A7C9A951D5F8FDDFD0B02BB67E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.26 : Tomas Miralles.; 4.44 : Fernando Verd..; 24.05 : 2024-05-23 : David Chova.;.;.;.;.;.;.;.;.0.7-Zip.Valencian.Valenci..401.Accepta.Cancel.la....&Si.&No.Tan&ca.Ajuda..&Continua.440.Si a &tot.No a t&ot.Atura.Reinicia.Segon pla.Primer pla.&Pausa.Parat.Esteu segur que voleu cancel.lar?.500.&Fitxer.&Edita.&Mostra.Favorits.Eines.Ajuda.540.&Obri.Obri d&ins.Obri fora.&Mostra.&Edita.Canvia &nom.&Copia a....&Despla.a a....&Suprimeix.&Separa fitxer....Com&bina fitxers....P&ropietats.Come&ntari.Calcula checksum.Difer.ncia.Nova carpeta.Nou fitxer.Ix.Vincula.Fluxos &alternatius.600.Seleccion&a-ho tot.Deselecciona-ho tot.&Inverteix selecci..Selecciona....No selecciones....Selecciona per tipus.No selecciones per tipus.700.Icones g&rans.Icones menudes.&Llista.&Detall.730.No ordenat.Vista plana.&2 Taules.&Barres d'eines.Obri directori arrel.Directori pare.Historial de carpetes....Actualit&za.Actualitza autom.ticament.750.Barra d'eines de Fitxer.Barra d'eines Est.nda
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13706
                                                                                                                                                                                                Entropy (8bit):4.512938543489413
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:4sAaGWnyUCvYb6klPJFdljLNCZXg54yd+yACOFFytAQm:maG39YeklPJFLjLN+g5h+MtAd
                                                                                                                                                                                                MD5:730C16345E2A2366C2221D5F22980666
                                                                                                                                                                                                SHA1:41E92F0B3AEE2436183E1263AAD85787ECBABF34
                                                                                                                                                                                                SHA-256:813B5264F3F2D2B632B346E800E738E04DC098C7B3A1A2AF64BCF3A6ACBCA037
                                                                                                                                                                                                SHA-512:339A9B6E5788B6B2D627C16B6DCA5A942133B2F113ADC21225C693951D87EE5C476A684565C2A38510A23C42E1DFA0689A62450CB2D741D4AC43A53B9B691606
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.10 : 2017-02-12 : Bulat Ibrahim.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tatar.........401.OK.... .........&....&...&..............&..... .......440.... &........ ....... .&....... .................&......&.... .......&.................... .. ....... ............?.500.&.....&........&......&..........&........&........540.&........... &............ ..&...........&................. &...........&................&.............&................ &.................... &...................&.............&.............. ...................&..... .........&.. ........&............&........... ........60
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4848
                                                                                                                                                                                                Entropy (8bit):5.0398900363287105
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:lcIh395xVDLRNvtj7ZjuJowdlKoF+M/LMtYUQs0xM3Hj8bH8fC:eg3Px9zt+d5ohGs0sHj88C
                                                                                                                                                                                                MD5:29CAAD3B73F6557F0306F4F6C6338235
                                                                                                                                                                                                SHA1:D4B3147F23C75DE84287AD501E7403E0FCE69921
                                                                                                                                                                                                SHA-256:A6EF5A5A1E28D406FD78079D9CACF819B047A296ADC7083D34F2BFB3D071E5AF
                                                                                                                                                                                                SHA-512:77618995D9CF90603C5D4AD60262832D8AD64C91A5E6944EFD447A5CC082A381666D986BB294D7982C8721B0113F867B86490CA11BB3D46980132C9E4DF1BD92
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Dmitri Gabinski.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Esperanto.Esperanto.401.B&one.Nuligu....&Jes.&Ne.&Fermu.Helpo..&Da.rigu.440.Jes por .&iuj.Ne por .i&uj.&Haltu.Restartigu.&Fono.&Malfono.&Pa.zo.Pa.zita..u vi vere volas nuligi?.500.&Dosiero.&Redakto.&Vido.&Favoritaj.&Agordoj.&Helpo.540.&Malfermu.Malfermu &ene.Malfermu ek&stere.&Vidigu.&Redaktu..&an.u nomon.&Kopiu en....M&ovu en....&Forigu.&Erigu dosierojn....Komb&inu dosierojn....A&tributoj.Ko&mentu.Kalkulu kontrolsumon..Kreu &dosierujon.Kre&u dos&ieron.E&liru.600.M&arku .iun.Ma&lmarku .iun.&Inversigu markon.Marku....Malmarku....Marku la. tipo.Malmarku la. tipo.700.&Grandaj bildetoj.&Malgrandaj bildetoj.&Listo.&Detale.730.&Neordigite.Ununivela vido.&2 paneloj.&Ilobretoj.Malfermu radikan dosierujon.Supren je unu nivelo.Dosierujhistorio.....&isdatigu.750.Ar.ivo-ilobreto.Norma ilobreto.Grandaj bildetoj.Montru butontekston.800.&Aldonu dosierujon al favorataj kiel.Legosigno.900.&Agordoj....&Etalono.960.&E
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4953
                                                                                                                                                                                                Entropy (8bit):5.026642087390098
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:uyzeGsp9Qb9PzXHsRu2aPm68ZMvpZkul6Wg1AQQYBgJ0ZQBGBl6agPNH20qIvUkw:FzeGsbSu9y8WvpZR6W+AQQYG8LgFW01S
                                                                                                                                                                                                MD5:07504A4EDAB058C2F67C8BCB95C605DD
                                                                                                                                                                                                SHA1:3E2AE05865FB474F10B396BFEFD453C074F822FA
                                                                                                                                                                                                SHA-256:432BDB3EAA9953B084EE14EEE8FE0ABBC1B384CBDD984CCF35F0415D45AABBA8
                                                                                                                                                                                                SHA-512:B3F54D695C2A12E97C93AF4DF09CE1800B49E40302BEC7071A151F13866EDFDFAFC56F70DE07686650A46A8664608D8D3EA38C2939F2F1630CE0BF968D669CCC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : KAD-Korvigello. An Drouizig.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Breton.Brezhoneg.401.Mat eo.Nulla.....&Ya.&Ket.&Serri..Skoazell..&Kenderc'hel.440.Ya be&pred.Ket &bepred.Paouez.Adloc'ha..&Drekleur.&Rakleur.&Ehan.Ehanet.Ha fellout a ra deoc'h nulla. ?.500.&Restr.&Aoza..&Gwelout.Di&babo..&Ostilho..&Skoazell.540.&Digeri..Digeri. a-zia&barzh.Digeri. a-zia&vaez.&Gwelout.&Aoza..Adenv&el.&Kopia. diwar....&Dilec'hia. diwar....D&ilemel.&Troc'ha. restr....&Kendeuzi. restro.....P&erzhio..Evezhia&denn...Sevel un teul.Sevel ur restr.&Kuitaat.600.Diuz pep &tra.Diziuz pe tra.Lakaat an &diuzad war an tu gin.Diuz....Diziuz....Diuz diouzh ar rizh.Diziuz diouzh ar rizh.700.Arlunio. &bras.Arlunio. &bihan.&Roll.&Munudo..730.Dirummet..&2 brenestr.&Barrenno. ostilho..Digeri. an teul gwrizienn.Teul kerent.Roll istor an teul....Fresk&aat.750.Barrenn ziell.Barrenn skouerek.Meudellio. bras.Diskouez an destenn.800.&Ouzhpenna. ar c'havlec'h d'ar sinedo..Sined.900.&Di
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9906
                                                                                                                                                                                                Entropy (8bit):4.823682778375202
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:0uk7PN270x4ndKLWwjJ8Y1+rUtOGj10KRuNnoyYe4Y8nEkglgSgZDaOIgmHqJ4V:GIwyeWtY1+AtOGRZyYe98EkglgSgZDaZ
                                                                                                                                                                                                MD5:AA7B46B6DDD673BC06BD90187E552743
                                                                                                                                                                                                SHA1:2C11A1E5F97AC1415073C2C953CD92018CF3EB93
                                                                                                                                                                                                SHA-256:EFB1AED5C52AF731A733C720B6F5479898C9DE28367A5DE4C80F697FB745546A
                                                                                                                                                                                                SHA-512:10C262122417B081D0403F9C917A4BEBA34078CA52E88478EBD2C0B6956AA6B61B34511FAC71E87578D56AE1F5ACDC265CDDAC8C92B9F14757DAA75042DFC7AA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Leandro Spagnol.; : Vincenzo Reale (some corrections).; 15.05 : 2015-06-17 : TJL73.; 17.00 : 2017-02-01 : Massimo Castiglia.; 18.03 : 2018-01-15 : POLAR.; 24.04 : 2024-04-05 : TJL73.;.;.;.;.;.0.7-Zip.Italian.Italiano.401.OK.Annulla....&S..&No.&Chiudi.Aiuto..&Continua.440.S. per &tutti.No per t&utti.Arresta.Riavvia.&In background.&In primo piano.&Pausa.In pausa.Sei sicuro di voler annullare?.500.&File.&Modifica.&Visualizza.&Preferiti.&Strumenti.&Aiuto.540.&Apri.Apri in &7-Zip File Manager.Apri in E&xplorer.&Visualizza.Modifica con l'&editor predefinito.Rino&mina.&Copia in....&Sposta in....&Elimina.Sud&dividi il file....&Unisci i file....&Propriet..Comme&nto....Calcola chec&ksum.Comparazione differenze (Diff).Crea cartella.Crea file.E&sci.Collegamento.&Alternate Data Streams.600.&Seleziona tutto.&Deseleziona tutto.In&verti selezione.Seleziona....Deseleziona....Seleziona per tipo.Deseleziona per tipo.700.Icone &grandi.Icone &piccole.&Elenco.&Dettagli
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16420
                                                                                                                                                                                                Entropy (8bit):4.346958198063598
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:IyFxzaETT1SP58Hs+5tgxe3+edU74njAMcpsN0RxRgxExJx2B6LZExRlRYhT:ZvTf/eJT
                                                                                                                                                                                                MD5:14C60B55D5400607C7B6443D10B0A37C
                                                                                                                                                                                                SHA1:B92D556FF934F83AC3BEEC3DE20FBB909D0E1AFB
                                                                                                                                                                                                SHA-256:262BCC4EBAE464D1C96FBFCCDCA7813E6F6CC8FDFD78FBB933DE72A2B7AC8367
                                                                                                                                                                                                SHA-512:BC5951287DBAE1BC775293B1CCC3FCE37C2776905FBCF9EC47E49E9A28E6F54B1349B49EBF65631D04617666EED483A91870E255FEDAAAF9A4269B985310EFE1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Andrij Ilechko.; : Mokiy Mazaylo.; : Sergiy Gontaruk.; : Misha Padalka.; 23.01 : 2023-06-20 : Yurii Petrashko.; 24.04 : 2024-04-17 : MrIkso.;.;.;.;.;.0.7-Zip.Ukrainian............401.OK..............&....&...&.................&...........440.... ... &....... ... ..&..........................&.. ........ ......&.. .......... ......&.................... ........, .. ....... ......... ........?.500.&.....&............&.......&...........&............&.........540.&................. .&................. &......&............&...............&..........&......... ..........&....... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8094
                                                                                                                                                                                                Entropy (8bit):5.214957275203997
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:C0DkhCKSxkMAluUHPTe9Dt2cVM9sefce+gELJvocyn01m6ptYMk0iLEkei2EW8pR:Ceod1y9DtX+9xVUJy05zk3f31D
                                                                                                                                                                                                MD5:5AF10C5616E0487D236C8CBE2F23A7A4
                                                                                                                                                                                                SHA1:2049E1A82A0AF13A8ED2CF9E4EB51F1DFD377480
                                                                                                                                                                                                SHA-256:F249930089C374EAB59078CF16B8652D443CF2A47485D737AE5A9FCA2957D6B9
                                                                                                                                                                                                SHA-512:8E2DB2769D8C9D4AF435986BC58F66F570C4D85BF7C8A2B9369F546CF45C0848A07986582E8E7F76A9AED569DA2774E5B19706EC77BFD41BB6B4AF86ABCFCEFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.00 : 2018-02-27 : Belkacem Mohammed.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kabyle.Taqbaylit.401.IH.Sefsex....&Ih.&Uhu.&Mdel.Tallelt..&Kemmel.440.Ih i &Me..a.Uhu i M&e..a.Se.bes.Ales tanekra.&Agilal.&A.awas Amezwaru.&R.u.I.bes.Teb.i. ad tsefsxe.?.500.A&faylu.&.reg.&Sken.I&nurifen.&Ifecka.&Tallelt.540.&Ldi.Ldi deg &ugensu.Ldi di B&erra.&Sken.&..eg.Snif&el Isem.&N.el .er....&Senkez .er....&Kkes.&B.u Afaylu....Sdu&kkel ifuyla....A&ylan.Awenn&it....Timernit n Usenqed.Ice..iq.Snulfu-d Akaram.Snulfu-d Afaylu.F&fe..Ase.wen.&Alternate Streams.600.Fren &Me..a.Kkes Afran i Me..a.&Tti Afran.Fren....Kkes Afran....Fren s Tawsit.Kkes Afran s Tawsit.700.Tig&nitin Timeqranin.T&ignitin Time.yanin.&Tabdart.&Talqayt.730.Ur Yettwafren ara.Askan Imlebbe..&2 Igalisen.&Ifeggagen n Ifecka.Ldi Akaram Agejdan.Yiwen Uswir d Asawen.Amazray n Ikaramen....&Smiren.Asmiren Awurman.750.Afeggag n Ifecka U.ba..Afeggag n Ifecka Alugen.Tiqeffalin Tihrawanin.S
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7698
                                                                                                                                                                                                Entropy (8bit):5.071278892240066
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:KoAZ/jQKbqhsAdNrd6FBf9vQqiQw9aBhbHTYJsVOxTSv:KoANnYsgLqi+BBHMJssxWv
                                                                                                                                                                                                MD5:FFC17520FB68FE464650B2F78E15AB5D
                                                                                                                                                                                                SHA1:2B83034AC04640160DDAA8E797FAA5D8C80F956B
                                                                                                                                                                                                SHA-256:24F7325271DD7AD2B63E977841D2F06ED0194BD9257F0DB460DF32BAEEEC4746
                                                                                                                                                                                                SHA-512:4F1483796A8EF95B2BE61811A6566EA2E19564F37733647B6EB4E1C82A8DA8FA927AFDF024A247FC7E70088F63133A7843FE6129B77B2ADA01E39A1E814429C7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Atabek Murtazaev.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Karakalpak - Latin.Qaraqalpaqsha - Lat.n.401.OK.Biykar etiw....&Awa.&Yaq.&Jab.w.Ja'rdem..&Dawam etiw.440.&Barl.g'.na awa.Ba&rl.g'.na yaq.Toqtat.w.Qaytadan baslaw.&Artq. fong'a.Ald.ng'. &fong'a.&Pauza.Pauza q.l.ng'an.An.q biykar etiwdi qa'leysizbe?.500.&Fayl.&Du'zetiw.&Ko'rinis.&Sayland.lar.A's&baplar.&Ja'rdem.540.&Ash.w.&.shinde ash.w.&S.rt.nda ash.w.&Ko'riw.&Du'zetiw.At.n o'&zgertiw.Bul jerge &nusqas.n al.w....Bul jerge ko'shiriw....O'shiriw.&Fayld. bo'liw....Fayllard. &biriktiriw....Sazlawla&r.Kom&mentariy....Qadag'alaw summas..Diff.Papka jarat.w.Fayl jarat.w.Sh&.g'.w.600.Barl.g'.n &saylaw.Saylawd. al.p taslaw.Saylawd. &teris awdar.w.Saylaw....Saylawd. al.p taslaw....Tu'ri boy.nsha saylaw.Tu'ri boy.nsha saylawd. al.p taslaw.700.U'&lken ikonalar.Kishi &ikonalar.&Dizim.&Keste.730.Ta'rtipsiz.Tegis ko'rinis.&2 panel.&A'sbaplar paneli.Derek papkas.n ash.w.Bir da'reje joqa
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8111
                                                                                                                                                                                                Entropy (8bit):5.364411458818708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:EpyG/WRw/t50jb9+lrFwm9HIb4He0Wtd2iYNo+rRkRLTEMqbfMu9854Il2cqXK:Ekhw/tmlScwlni8CSku9bW
                                                                                                                                                                                                MD5:A0612FA9EB8196659D15C67AC965A5E6
                                                                                                                                                                                                SHA1:AE733BBAEF962F3A10C5855ED30B6D084C8C5D5F
                                                                                                                                                                                                SHA-256:C73634402C3EFFDB2750AB5CF6F1083ABD8771529BFF6F7E513D646E0FCDAE23
                                                                                                                                                                                                SHA-512:74991149573FBC7B5D9BEF36B0F8CB00951BEBE959F2D9058C227F3E75A874E22C8AA6219BBD643E483E0D969674A9CA9004E33F116BC923A30C872FC3F7909C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : : Tran Hong Ha.; 4.42 : : Le Vu Hoang.; 4.48 : : Nguyen Hong Quan.; 9.07 : 2011-04-12 : Vietnamize Team.;.;.;.;.;.;.;.0.7-Zip.Vietnamese.Ti.ng Vi.t.401...ng ..H.y b.....C..Kh.ng...ng.Gi.p ....Ti.p t.c.440.C. t.t c..Kh.ng t.t c..D.ng.L.m l.i.Ch.y n.n.Ch. .. .u ti.n.D.ng... d.ng.B.n ch.c ch.n mu.n h.y b.?.500.T.p tin.Bi.n t.p.Xem..a th.ch.C.ng c..Gi.p ...540.M..M. t.i ..y.M. trong c.a s. kh.c.Xem.Bi.n t.p...i t.n.Sao ch.p ..n....Di chuy.n ..n....Xo..Chia c.t t.p n.n....N.i t.p n.n....Thu.c t.nh.Ch. th.ch.T.nh checksum (md5).So s.nh.T.o th. m.c.T.o t.p n.n.Tho.t.600.Ch.n t.t c..B. ch.n t.t c....o l.a ch.n.Ch.n....B. ch.n....Ch.n theo lo.i.B. ch.n theo lo.i.700.Bi.u t..ng l.n.Bi.u t..ng nh..Danh s.ch.Chi ti.t.730.Kh.ng s.p x.p.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10373
                                                                                                                                                                                                Entropy (8bit):5.237599190210729
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:KnufEtXpRc/oaLZ8VK8Am3+JHSacVeRU6i1M2YqpXn6StxERV/NIlLPNJxv:+VXpbavxJHSaqeRUd1vYqpXnxtSRV/2b
                                                                                                                                                                                                MD5:A41E4D16C3B29603832FFD1BBB82283E
                                                                                                                                                                                                SHA1:15695A0BD98D429E9AB191CECB185B70CC492668
                                                                                                                                                                                                SHA-256:486A382483096E9A86CCF6CA02123E48025DE5055F1880AF7F001C5C3FA25114
                                                                                                                                                                                                SHA-512:413DD8C87015EDE7868F992C25D568DE66E1BD765C7A43066D8DA8CF350F3620C77091F075020862FF6BF7C980C6091E92C5C843B3D57957C7516F5B0F51BCA0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Jozsef Tamas Herczeg.; 9.16 : Nyilas MISY.; 15.00 : 2021-11-09 : Barnabas Kovacs.; 22.01 : 2022-07-15 : John Fowler.; 24.05 : 2024-05-16 : John Fowler.;.;.;.;.;.;.0.7-Zip.Hungarian.Magyar.401.OK.M.gsem....&Igen.&Nem.&Bez.r.s.S.g...&Folytat.s.440.I&gen, mindre.N&em, mindre.Le.ll.t.s..jraind.t.s.&H.tt.rben.&El.t.rben.&Sz.net.Sz.neteltetve.Biztos, hogy megszak.tja a folyamatot?.500.&F.jl.S&zerkeszt.s.&N.zet.Ked&vencek.&Eszk.z.k.&S.g..540.M&egnyit.s.Megnyit.s &bel.l.Megnyit.s k.&v.l.&F.jl megtekint.se.S&zerkeszt.s..tn&evez.s.M.s&ol.s mapp.ba.....t&helyez.s mapp.ba....&T.rl.s.F.jl&darabol.s....F.jl&egyes.t.s....T&ulajdons.gok.&Megjegyz.s.Checksum sz.mol.sa.K.l.nbs.g.Mappa l.trehoz.sa.F.jl l.trehoz.sa.&Kil.p.s.Link.Alternat.v adatfolyam.600.Min&d kijel.l.se.Kijel.l.s megsz.ntet.se.Kijel.l.s &megford.t.sa.Kijel.l.s....Megsz.ntet.s....Kijel.l.s t.pus alapj.n.Megsz.ntet.s t.pus a
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6765
                                                                                                                                                                                                Entropy (8bit):4.998761539106251
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ebQDPq3odT/FQ66mJpo46+z6Khowcwz+/ODBs+sO+krfRZ:eqPq4N/FKmJ2N2FWmNdrfX
                                                                                                                                                                                                MD5:9E08D57D48B4D8CB16F98736C5C0511B
                                                                                                                                                                                                SHA1:85A597B74BCB1CBF918D6366705F0B0C0727DE31
                                                                                                                                                                                                SHA-256:D8C5223FE423129145C5B55A756E499D4680B1DF0A7115D72736F09E51C89C1F
                                                                                                                                                                                                SHA-512:13E431E00F5EC0373DE201897C68A55C91962BD3DF6CD693448D3D5D6EBB478B51A1834ECD37B456761DCE94DBC4E5214FD421FA7BAD3B5B8A51051D0D8D6964
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Lazar.; 9.07 : Ozzii.;.;.;.;.;.;.;.;.;.0.7-Zip.Serbian - Latin.Srpski - latinica.401.U redu.Otka.i....Da.Ne.Zatvori.Pomo...Nastavi.440.Da za sve.Ne za sve.Stani.Ponovo.Pozadina.Na vrhu.Pauza.Pauza.Da li ste sigurni da .elite da prekinete?.500.Datoteka.Ure.ivanje.Pregled.Omiljeno.Alati.Pomo..540.Pogledaj.Otvori sa 7-Zip-om.Otvori sa pridru.enom programom.Pregledaj.Promeni.Preimenuj.Kopiraj u....Premesti u....Obri.i.Podeli fajl....Spoj delove....Svojstva.Komentar.Izra.unajte provernu veli.inu.razlika.Nova fascikla.Nova datoteka.Izlaz.600.Izaberi sve.Poni.ti izbor svega.Obrnuti izbor.Izaberi....Poni.ti izbor....Izaberi po tipu.Poni.ti izbor po tipu.700.Ikone.Naporedno slaganje.Spisak.Detalji.730.Bez sortiranja.Ravan pregled.2 Prozora.Trake sa alatkama.Otvori po.etnu fasciklu.Gore za jedan nivo.Hronologija....Osve.avanje.750.Rad sa arhivama.Rad sa datotekama.Velika dugmad.Prika.i tekst ispod dugmadi.800.Dodaj.Izaberi.900.Opcije....Benchmark.960
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10040
                                                                                                                                                                                                Entropy (8bit):5.05587204070323
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:AOIdBgDuDCfSGltxkRtDgfglyLCoMUGfZsDZIXl7OuKtgAZOKY3gTFFGFe6muWxW:/GgD9Si+bDgfgly4vZ3l7OuKOTgbGFkg
                                                                                                                                                                                                MD5:1E30A705DA680AAECEAEC26DCF2981DE
                                                                                                                                                                                                SHA1:965C8ED225FB3A914F63164E0DF2D5A24255C3D0
                                                                                                                                                                                                SHA-256:895F76BFA4B1165E4C5A11BDAB70A774E7D05D4BBDAEC0230F29DCC85D5D3563
                                                                                                                                                                                                SHA-512:FF96E6578A1EE38DB309E72A33F5DE7960EDCC260CA1F5D899A822C78595CC761FEDBDCDD10050378C02D8A36718D76C18C6796498E2574501011F9D988DA701
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : Soeren Finster.; 4.07 : JAK-Software.DE.; 9.07 : Joachim Henke.; 23.01 : Ren. Gennes.; 24.04 : Sandro Giallella.;.;.;.;.;.;.0.7-Zip.German.Deutsch.401.OK.Abbrechen....&Ja.&Nein.&Schlie.en.Hilfe..&Fortsetzen.440.Ja f.r &alle.Nein f.r a&lle.Stopp.Neustart.&Hintergrund.&Vordergrund.&Pause.Pause.M.chten Sie wirklich abbrechen?.500.&Datei.&Bearbeiten.&Ansicht.&Favoriten.&Extras.&Hilfe.540..&ffnen.I&ntern .ffnen.E&xtern .ffnen.&Ansehen.&Bearbeiten.&Umbenennen.&Kopieren nach....&Verschieben nach....&L.schen.Datei auf&splitten....Dateien &zusammenf.gen....E&igenschaften.K&ommentieren.&Pr.fsumme berechnen.Ver&gleichen.Ordner erstellen.Datei erstellen.Be&enden.Verkn.pfung....&Alternative Datenstr.me.600.Alles &markieren.Alles abw.hlen.Markierung &umkehren.Ausw.hlen....Auswahl aufheben....Nach Typ ausw.hlen.Nach Typ abw.hlen.700.&Gro.e Symbole.&Kleine Symbole.&Liste.&Details.730.Unsortiert.Alles in einer &Ebene.&Zweigeteiltes Fenster.&Symbolleiste
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17365
                                                                                                                                                                                                Entropy (8bit):3.8616190133381947
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:OOt7VWp6MKgd259LNca7DK2Br5Pyl2/2Z/2oVXBH1K2xSGK/v2eHOv2E2lgJVOqc:OQ15KZeGK/nJ
                                                                                                                                                                                                MD5:93CDC8832328A22E198920630D597268
                                                                                                                                                                                                SHA1:315E5B1C77FB4E2D0C3CC1F48B6DB4C79CE9488A
                                                                                                                                                                                                SHA-256:C6E54E2A93B821BC974209CD7E2D10E9FBC4FF07D238AE84F552E4ADE271702C
                                                                                                                                                                                                SHA-512:E8355A42F3A3B5F21D5D4C7A21324433C997AD39412B3BCDCF26EDBD5EF882179168B2B5618F9FE631B88407608AB1A83BF139DB05C09B608FDDF01694B710DF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma : .... ..... ...... .........;.;.;.;.;.;.;.;.;.;.0.7-Zip.Gujarati, Indian, ....................401...............&....&...&... .........&.... .....440.&... .... ....&... .... ............ .... ....&...........&........(.........).&.................... .... .... .... ... ... .... .... ..?.500.&......&.......&......&.......&.....&....540.&.....&.... .....&.... .....&......&.......&...: .......&... ... .........&... .. ...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17574
                                                                                                                                                                                                Entropy (8bit):4.148567429680087
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:MZ2tO2YSwozmsZ9mFL7AsbjftmxprJ4kgy0j7u4ybq:dCz7lbjaVgyCufq
                                                                                                                                                                                                MD5:2D0C8197D84A083EF904F8F5608AFE46
                                                                                                                                                                                                SHA1:5AE918D2BB3E9337538EF204342C5A1D690C7B02
                                                                                                                                                                                                SHA-256:62C6F410D011A109ABECB79CAA24D8AEB98B0046D329D611A4D07E66460EEF3F
                                                                                                                                                                                                SHA-512:3243D24BC9FDB59E1964E4BE353C10B6E9D4229EF903A5ACE9C0CB6E1689403173B11DB022CA2244C1EF0F568BE95F21915083A8C5B016F07752026D332878A4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : chavv.; : icobgr.; 4.65: Vassia Atanassova.; 23.01: Dimitar Mihaylov.;.;.;.;.;.;.;.0.7-Zip.Bulgarian...........401.OK..........&...&...&...................&.......440... .. &......... .. &.............. .......&..... ......&........ ......&........ .............. .. ....... .. ..........?.500.&.....&............&..........&.......&............&......540.&................. &.......... &......&..........&................&.........&........ ........&........ .......&.........&........ .. .........&.......... .. ...........&............&................. .. ......... ...................... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7317
                                                                                                                                                                                                Entropy (8bit):4.9782970287172175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:OpSxVzpOmch2EFMaoK1ibQuXgmDjExNxI/kudt+0/aqppl6jiapd9jpp:P5OtMEFMRDHMuKeaqpAic
                                                                                                                                                                                                MD5:459B9C72A423304FFBC7901F81588337
                                                                                                                                                                                                SHA1:0BA0A0D9668C53F0184C99E9580B90FF308D79BE
                                                                                                                                                                                                SHA-256:8075FD31B4EBB54603F69ABB59D383DCEF2F5B66A9F63BB9554027FD2949671C
                                                                                                                                                                                                SHA-512:033CED457609563E0F98C66493F665B557DDD26FAB9A603E9DE97978D9F28465C5AC09E96F5F8E0ECD502D73DF29305A7E2B8A0AD4EE50777A75D6AB8D996D7F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Miguel Angel.; 9.07 : Purgossu.;.;.;.;.;.;.;.;.;.0.7-Zip.Extremaduran.Estreme.u.401.Acetal.Cancelal....&S..&Nu.&Fechal.Ayua..A&continal.440.S. &a t..Nu a &t..Paral.Reinicial.Se&gundu pranu.&Primel pranu.&Paral.Parau.De siguru que quieri cancelal la operaci.n?.500.&Archivu.&Eital.&Vel.A&tihus.&Herramientas.A&yua.540.&Abril.Abril &dentru.Abril &huera.&Vel.&Eital.Renom&bral.&Copial a....&Movel pa....&Eliminal.De&sapartal ficheru....Com&binal ficherus....P&ropieais.Come&ntariu.Calculal suma e verificaci.n.Diff.Creal diret.riu.Creal ficheru.&Salil.600.Selecional &t..Deselecional t..&Invertil seleci.n.Selecional....Deselecional....Selecional pol tipu.Deselecional pol tipu.700.Iconus g&randis.Iconus caquerus.&Listau.&Detallis.730.Nu soportau.Vista prana.&2 panelis.Barra e herramien&tas.Abril diret.riu ra..Subil un nivel.Estorial de diret.rius....&Atualizal.750.Barra e herramientas 'archivu'.Barra e herramientas est.ndal.Botonis grandis.Muestral te
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13636
                                                                                                                                                                                                Entropy (8bit):4.268145853042887
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:jdJl7z7sBsCD6dowOkSMVBVm6WymLJaOQjKOMI:jdJl/7NC2oofVmGoJBQjiI
                                                                                                                                                                                                MD5:FE73C2AACF07D5120AEDD08792CB8268
                                                                                                                                                                                                SHA1:2C6E7D2FF42C5F65EF5F4C27600819354CAA03B0
                                                                                                                                                                                                SHA-256:91AAC9368BD116AB11FDA0B70EE4D75911A65713A272A3BA55D1435C33250F5A
                                                                                                                                                                                                SHA-512:79DBD84FE71888B7C9FDBCD23F2D4735F731E3C2C7724FBD531C3CA531B1992E756B13B66889AF30EC46770D350FCFAEF2D7ABE607594A2B4B92F60ED326D537
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Gevorg Papikyan.; 15.00 : Hrant Ohanyan.;.;.;.;.;.;.;.;.;.0.7-Zip.Armenian.........401.................&....&...&..................&...........440.... ...... &........ ...... &..........................&..............&........&............ ... ............500.&.....&.........&.....&............&.........&...........540.&........... &............. ...&...........&............&........&............&.............&............& ..........&....... ...............&................&..................................&....... ..............&... ........&.........&.............. ......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4621
                                                                                                                                                                                                Entropy (8bit):4.969434576878072
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:bdDW+Wz9my7MIlXq2sQqpxjOsgEGh4YdVDpZfir99v7+bv:sfwy7XlXq2sfpxjOsRGhfVDpZfCji
                                                                                                                                                                                                MD5:DF216FAE5B13D3C3AFE87E405FD34B97
                                                                                                                                                                                                SHA1:787CCB4E18FC2F12A6528ADBB7D428397FC4678A
                                                                                                                                                                                                SHA-256:9CF684EA88EA5A479F510750E4089AEE60BBB2452AA85285312BAFCC02C10A34
                                                                                                                                                                                                SHA-512:A6EEE3D60B88F9676200B40CA9C44CC4E64CF555D9B8788D4FDE05E05B8CA5DA1D2C7A72114A18358829858D10F2BEFF094AFD3BC12B370460800040537CFF68
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Petri Jooste.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Afrikaans.Afrikaans.401.OK.Kanselleer....&Ja.&Nee.A&fsluit.Hulp..&Gaan voort.440.Ja vir &almal.Nee vir a&lmal.Stop.Herbegin.&Agtergrond.&Voorgrond.&Wag.Wagtend.Is u seker dat u wil kanselleer?.500.&L.er.R&edigeer.&Vertoon.G&unstelinge.&Gereedskap.&Hulp.540.&Open.Open &Binne.Open B&uite.&Wys.R&edigeer.Her&noem.&Kopieer na....&Verskuif na....Ve&rwyder.Ver&deel l.er....Kom&bineer l.ers....E&ienskappe.Komme&ntaar...Maak gids.Maak l.er.A&fsluit.600.Selekteer &alles.Deselekteer a&lles.Keer &seleksie om.Selekteer....Deselekteer....Selekteer op Soort.Deselekteer op Soort.700.&Groot ikone.&Klein ikone.&Lys.&Detail.730.Ongesorteer..&2 Panele.&Nutsbalke.Maak wortelgids oop.Een vlak ho.r.Gidse geskiedenis....&Verfris.750.Argiveernutsbalk.Standaardnutsbalk.Groot knoppies.Wys teks op knoppies.800.Voeg gids by gunstelinge &as.Boekmerk.900.&Opsies....&Normtoetsing.960.&Inhoud....&Aangaande 7-Zip....1003.Pad.Naam.Uitgang.Gids.G
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8122
                                                                                                                                                                                                Entropy (8bit):5.01235026127091
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:rhhdCkj7itccEuzIS1xTXiV8JBLRsusqrKhI:Vh/jfLupi+l1sqrKhI
                                                                                                                                                                                                MD5:9D8216183493AC2190A4D6E142ECAB9A
                                                                                                                                                                                                SHA1:E534EBB714DBAE2A9E12ACCBE96C6F2568B814C4
                                                                                                                                                                                                SHA-256:210AF273246D30CFDE87295CD5F4FF135B0BDFB04FE7173BB60F935E685B8E10
                                                                                                                                                                                                SHA-512:5B56560AD70652C9C6287F939B25676D8149C000C2388365197354DBE38C5CBA5C25F0A3A529F0601A5B5D964B7278AB3A668E8469CF0EC718821FDABCF044BC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Alan .imek.; 4.53 : Hasan Osmanagi..; 9.07 :.; 15.05 : 2015-06-15 : Stjepan Treger.;.;.;.;.;.;.;.0.7-Zip.Croatian.Hrvatski.401.U redu.Odustani....&Da.&Ne.&Zatvori.Pomo...Nastavi.440.Da za &Sve.Ne za Sv&e.&Stani.Ponovi.U pozadini.U prvom planu.&Pauza.Pauzirano.Poni.titi?.500.&Datoteke.&Ure.ivanje.&Izgled.Omiljene mape.&Alati.&Pomo..540.&Otvori.Ot&vori mapu.Otvori u &sustavu.Iz&gled.&Ure.ivanje.Prei&menuj.&Kopiraj u....Premje&sti u....O&bri.i.Podije&li datoteku....Spo&ji datoteke....Svojs&tva.Komentar.Izra.un kontrolnog zbroja.Uspore.ivanje.Stvo&ri mapu.Stvori &datoteku.&Izlaz.Poveznica.&Alternativni tokovi.600.Odaberi &sve.Poni.ti odabir.&Obrni odabir.Odaberi....Poni.ti odabir....Odabir po tipu.Poni.ti odabir tipa.700.&Velike ikone.&Male ikone.&Popis.&Detalji.730.Neso&rtirano.Sadr.aj mapa.&2 okna.Alatne &trake.&Korijen.&Nadmapa.Pro.&le mape....O&svje.i.Automatski osvje.i.750.Alatna traka arhiva.Standardna alatna traka.Velike tipke.Prika.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9911
                                                                                                                                                                                                Entropy (8bit):5.3108412818364545
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ovp0mydAiVui6B3+6hX+S5YELolHgMKJas99KWGmU/DbU0E1nUv3b:Ip0mydAq6A6hOS5pLoQzd0snUT
                                                                                                                                                                                                MD5:F8821C75507199F4EF041EEBA8B82281
                                                                                                                                                                                                SHA1:96759A3B826BB5DBC18730378D0F8BA08C1DF7E1
                                                                                                                                                                                                SHA-256:B4B96FDAA023A3988D514C1CB1E2914817CD538D3BB7F062778360338B73BA67
                                                                                                                                                                                                SHA-512:173D6F0437A4E315F4F890F67EF93936E53205F950A9B718B8B232F6FAF0ED7E33E6C72531E0C2613611F4B02F5FD1ED7CDE8CBD05F2256A68FE577DAE4D3A90
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : cienislaw.; : pixel.; 9.07 : F1xat.; 9.33 : .ukasz Maria P. Pastuszczak.; 22.00 : Micha. L..; 24.04 : Piter, Micha. L..;.;.;.;.;.0.7-Zip.Polish.Polski.401.OK.Anuluj....&Tak.&Nie.&Zamknij.Pomoc..&Kontynuuj.440.Ta&k na wszystkie.Ni&e na wszystkie.Zatrzymaj.Pon.w.&T.o.&Pierwszy plan.&Wstrzymaj.Wstrzymano.Czy na pewno chcesz anulowa.?.500.&Plik.&Edycja.&Widok.&Ulubione.&Narz.dzia.Pomo&c.540.&Otw.rz.Otw.rz &wewn.trz.Otw.rz na &zewn.trz.Pod&gl.d.&Edytuj.Zmie. &nazw..Kopiuj &do....&Przenie. do....&Usu..Podzie&l plik....Z..&cz pliki....W.&a.ciwo.ci.Ko&mentarz.Oblicz sum. kontroln..R..nice pomi.dzy plikami.Utw.rz &folder.U&tw.rz plik.Za&ko.cz.Dow&i.zanie.&Alternatywne strumienie.600.Z&aznacz wszystko.&Odznacz wszystko.Odwr.. &zaznaczenie.Zaznacz....Odznacz....Zaznacz wed.ug typu.Odznacz wed.ug typu.700.&Du.e ikony.&Ma.e ikony.&Lista.&Szczeg..y.730.Nieposortowane.Widok p.aski.&2 panele.&Paski narz.dzi.Otw.rz folder g
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7870
                                                                                                                                                                                                Entropy (8bit):5.005099076386227
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3vn3kbZyZSXQVPLCXiG8gYnJYZDAHZE9xM7T9kur4Yc6Fw9KHl:3v3tSAVPG8gYnJYZk+g7T9kur4PUwG
                                                                                                                                                                                                MD5:C397E8AC4B966E1476ADBCE006BB49E4
                                                                                                                                                                                                SHA1:3E473E3BC11BD828A1E60225273D47C8121F3F2C
                                                                                                                                                                                                SHA-256:5CCD481367F7D8C544DE6177187AFF53F1143AE451AE755CE9ED9B52C5F5D478
                                                                                                                                                                                                SHA-512:CBBECE415D16B9984C82BD8FA4C03DBD1FEC58ED04E9EF0A860B74D451D03D1C7E07B23B3E652374A3B9128A7987414074C2A281087F24A77873CC45EC5AADD2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; : Jakob Schmidt.; 9.07 : Kian Andersen, J.rgen Rasmussen.; 15.00 : 2016-11-25 : scootergrisen.;.;.;.;.;.;.;.;.0.7-Zip.Danish.Dansk.401.OK.Annuller....&Ja.&Nej.&Luk.Hj.lp..&Forts.t.440.Ja til &alle.Nej til a&lle.Stop.Genstart.&Baggrund.&Forgrund.&Pause.Sat p. pause.Er du sikker p., at du vil annullere?.500.&Filer.R&ediger.&Vis.F&avoritter.Funk&tioner.&Hj.lp.540.&.bn..bn &inden i..bn &uden for.&Vis.&Rediger.O&md.b.&Kopier til....&Flyt til....S&let.&Opdel fil....Kom&biner filer....&Egenskaber.Komme&ntar....Udregn checksum.Sammenlign.Opret mappe.Opret fil.&Afslut.Opret/rediger henvisning.&Alternative str.mme.600.V.lg &alle.Frav.lg alle.&Omvendt markering.V.lg....Frav.lg....V.lg efter type.Frav.lg efter type.700.Sto&re ikoner.S&m. ikoner.&Liste.&Detaljer.730.Usorteret.Flad visning.&2 paneler.&V.rkt.jslinjer..bn rodmappe.Et niveau op.Mappehistorik....&Opdater.Opdater automatisk.750.Arkivlinje.Standardlinje.Store knapper.Vis knappernes tekst.800.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11933
                                                                                                                                                                                                Entropy (8bit):4.4743589010781175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:FxV9LYmQ441Ye2LFuoWSD8T+srvk2VWpfLEwAcADwoA2FwP8PCsucC6LvS4tKs4f:Qml14LThvcpf+A2Fpg7Gip
                                                                                                                                                                                                MD5:8C3F9AD9C824DCF74A09C9D406DB22E7
                                                                                                                                                                                                SHA1:0C683BB56A13C3FBCA664F1E4C6C98D0F7AEC8BC
                                                                                                                                                                                                SHA-256:B8B7DB8C139B19D414CEF35AE96D854D5A8364C32B0C3FDC4CAC331B5AF44C16
                                                                                                                                                                                                SHA-512:DA33D4098679A14D2F434221EF968951407727126B12404C8B6C3E2AD6FA346D9D515DEA940F9109D5D196E648583124F31A1D27CF518AB19E3DCAD673C027CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Ara Bakhtiar.; 4.66 : Ara Qadir.;.;.;.;.;.;.;.;.;.0.7-Zip.Kurdish - Sorani.......401.......................&.....&......&................&.............440..... .. &........... .. ..&...........................&...........&.........&....................... .. ...............500.&.....&.........&.......&..........&...........&........540.&............... ..&... ............ .. &.......&......&.........&.........&............ ......&......... ......&........&........ .........&...... ....... ............&..................&............. checksum............ ................ .......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4604
                                                                                                                                                                                                Entropy (8bit):4.906610885989285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:PkmgliBaKNUnQpg1uw7okwiPJ3npCW+71SwHel5Lt/8QNjyaKfO:PzBaF/1ukoMPZwn7gwHelNt/8QNjya+O
                                                                                                                                                                                                MD5:0861AE63DA2D00590369BB11B3857551
                                                                                                                                                                                                SHA1:8272F4761A3F2ACA2BFAEC6FCF08C82A9F36A65A
                                                                                                                                                                                                SHA-256:B87A4FCA8A0024A915AE86E36951CB7CEA442948D9982D4247E49492445BA664
                                                                                                                                                                                                SHA-512:70997D6775E1C91D021FDA2143C831FE8396094E50337DA3C4897DA70636B7F10B363F35B997213A462B467FE6754D2C33E009E84363063ECED871A2591CCE88
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.08 : iZoom.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Ido.Ido.401.B&one.Abandonar....&Yes.&No.&Klozez.Helpo..&Durez.440.Yes por &omni.No por o&mni.Haltez.Ristartez.&Fono.&Avanajo.&Pauzo.Pauzita.Kad vu ya volas abortar?.500.&Dosiero.&Redakto.&Aspekto.&Favoraji.&Utensili.&Helpo.540.&Apertigar.Apertigar int&erne.Apertigar e&xter.&Vidigar.&Redaktar.Ch&anjar nomo.Ko&piar aden....Transp&ozar aden....E&facar.F&endar dosiero....Komb&inar dosieri....In&heraji.Ko&mentar...Krear &dosieruyo.Krear dos&iero.E&kirar.600.Merk&ar omno.Des&merkar omno.&Inversigar merko.Merkar....Desmerkar....Merkar segun tipo.Desmerkar segun tipo.700.&Granda ikoneti.&Mikra ikoneti.&Listo.&Tabelo.730.&Nearanjite..&2 paneli.Utens&ila paneli.Apertigar radika dosieruyo.Ad-supre ye un nivelo.Dosieruya historio....R&inovigar.750.Utensila panelo di arkivo.Norma utensila panelo.Granda ikoneti.Videbla butontexto.800.&Adjuntar dosieruyo ad la favorata quale.Lektomerkajo.900.&Ajusti....&Experienco dil rapideso.960.&Konte
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8736
                                                                                                                                                                                                Entropy (8bit):5.243048507979006
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:K9LGWUpW9ui2eHMMfj0RIC/2Naq49K5ztPYIzvPMdQpJzPq:859uigRr/2Yq4uJPYIzvPMZ
                                                                                                                                                                                                MD5:1F610DF86538A3ED788D6A8024C1982E
                                                                                                                                                                                                SHA1:3180F829602B83148C73A47EF4DAF841BB379A14
                                                                                                                                                                                                SHA-256:A0F485755CBC6356CFA4BEF5CB6134653DC6743F4BFCA89CED92D43EC31C5649
                                                                                                                                                                                                SHA-512:C184E3898944B2C0A12806E0B0592FD19BE05A75E7F3B2F9A69B8D39FA847E90AEBE93E1E96588AAA38DCDBB9FF89C1667BCA1B5A5FDFDB7F77E37A574981309
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 19.00 : 2019-03-04 : Merdan NURIYEV Hazar-Balkan H.K..;.;.;.;.;.;.;.;.;.;.0.7-Zip.Turkmen.T.rkmen.e.401.Howwa.Go.bolsun et....&Howwa.&.ok..a&p.K.mek al..&Dowam et.440.Hemmesine howw&a.Hemmesine &.ok.Dur.Ga.tadan ba.la.&G.r.nme.&..e .yksyn.&S.gindir.S.gindi.Go.bolsun etjekmi?.500.&Dos.a.&D.zelt.&G.r.F&aworitler.G&urallar.&K.mek.540.&A..&I.inde A..Da.&ynda A..&G.r.&D.zelt.Adyn&y ..tget..u .ere &kop.ala.....u .ere &g...r....&...r.Fa.ly &b.l....Fa.llary &birle.dir....&D.zg.nlemeler.Tes&wir....Barlag jemini hasapla.Tapawutlanma.Bukja d.ret.Fa.l d.ret.&.yk.Bag.Akymlary .&aly..600.Hemmesini Se..Hemmesini Se.me.Se.im&i tersine .w.r.Se.....Se.me....Tiplerine g.r. se..Tiplerine g.ra se.me.700.U&ly Ikon.Ki.i Ikon.Tablissa.Jikme-jikleri.730.Sortlanmadyk.D.z G.rn...&2 Paneller.&Esbaplar.D..p Bukjany A..Bir Tekje .okary...ki Bukjalar....T.zele.Awtomatiki T.zele.750.Arhiw Esbaplary.Standart Esbaplar.Uly K
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):4.288162718572465
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:TmGK+SCI5WUrVarSC0sgvy995DoVdhpWQl9y5pwVt1tX8aEFPGH0IU4smVxa:fSJHBqS7/69HSdHWaZsaEFP6nm
                                                                                                                                                                                                MD5:447E681A030C82C3832DBA0B51CC790D
                                                                                                                                                                                                SHA1:401BF38C2122AE2493470820C92D069F3F6C7606
                                                                                                                                                                                                SHA-256:3E76BC88DB5CB108CF8750B01BDABBB3772DBF2BF14592C6AB18B7339817D6EE
                                                                                                                                                                                                SHA-512:D17EF32A1DE17EC1C9D6CAE6199E6623DB700B18E43B3B85EF403A60EC11B9EFC0AC0BB188B03D13F7895DFCF4ED37D1F40C1BFC4BEE469742B712ED5DE70722
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-04-05 : Igor Pavlov.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Russian.........401.OK...........&...&....&................&...........440... ... &........ ... .&....................&......&.. ........ .....&........ ........ ............. ...... ........ ........?.500.&.....&.......&....&...........&......&........540.&............... &.............. .....&............&...................&.........&.......... .....&........... .....&..........&..... .........&......... ............&...........&..................... ...............&....... ..........&... ......&............&...........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6667
                                                                                                                                                                                                Entropy (8bit):4.975280640991647
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:P2ecDQC5HNYvLSjKJCNdnziL1xWKvjgeNH:uecb82ICNFWL1xWKvseNH
                                                                                                                                                                                                MD5:D6A50C4139D0973776FC294EE775C2AC
                                                                                                                                                                                                SHA1:1881D68AE10D7EB53291B80BD527A856304078A0
                                                                                                                                                                                                SHA-256:6B2718882BB47E905F1FDD7B75ECE5CC233904203C1407C6F0DCDC5E08E276DA
                                                                                                                                                                                                SHA-512:0FD14B4FD9B613D04EF8747DCD6A47F6F7777AC35C847387C0EA4B217F198AA8AC54EA1698419D4122B808F852E9110D1780EDCB61A4057C1E2774AA5382E727
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.09 : Kaupo Suviste.; 9.07 : Mihkel T.nnov.;.;.;.;.;.;.;.;.;.0.7-Zip.Estonian.eesti keel.401.OK.Loobu....&Jah.&Ei.&Sulge.Abi..&J.tka.440.K.igile j&ah.K.igile e&i.Seiska.Restardi.&Taustal.&Esiplaanile.&Paus.Pausiks peatatud.Kas soovite kindlasti loobuda?.500.&Fail.&Redigeeri.&Vaade.&Lemmikud.&T..riistad.&Abi.540.&Ava.Ava s&ees.Ava v.ljasp&ool.Vaat&ur.&Redigeeri.&Nimeta .mber.&Kopeeri asukohta....&Teisalda asukohta....Ku&stuta.T.kel&da fail.....&henda failid....Atri&buudid.Ko&mmentaar....Arvuta kontrollsumma.V.rdle.Loo kaust.Loo fail.&V.lju.600.V&ali k.ik.T.hista k.ik valikud.&P..ra valik.Vali....T.hista valik....Vali t..bi j.rgi.T.hista t..bi j.rgi valik.700.&Suured ikoonid.V.ik&esed ikoonid.&Loend..ksikasja&d.730.Sortimata.Lame vaade.&Kaks paani.&T..riistaribad.Ava juurkaust.Taseme v.rra .les.Kaustaajalugu....&V.rskenda.750.Arhiiviriistariba.Standardnupuriba.Suured nupud.Kuva nupusildid.800.&Lisa kaust lemmikute hulka j.rjehoidj
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9608
                                                                                                                                                                                                Entropy (8bit):4.880635467905247
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:XRVV/VctnsLlc+zMZUnYel4yj7FBjYAifM3k8i1sFB2ytqPbtY+0zonViwswzdUF:Xrk+IZ2YeigFReNgB2k2btgtl
                                                                                                                                                                                                MD5:E888911310C0B6D7A1932DE36AD27250
                                                                                                                                                                                                SHA1:928D9FBDB0C0C83042CAC9059FFDDE48EA4E9F71
                                                                                                                                                                                                SHA-256:4CB5F08449B5E22ED15F8A8CC038D021CDBCF56548587023D1AB31AB6CFC232D
                                                                                                                                                                                                SHA-512:56308E46914FD3B0EF62B33331F815FE95CA4A3CF122934DD0C506A041898D94A9ED6F3E1BAEF386EFB9AA949CD47002FA859B4843F2E32C186ECDB6055FF85F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Bert van Velsen.; 4.26 : Jeroen van der Weijde..; : Harm Hilvers.; 9.07 : Jeroen Tulp.; 15.00 : Jeroen Tulp.; 21.03 : Quinten Althues.; 21.05 : Jeroen Tulp.; 24.04 : Jeroen Tulp : 2024-05-13.;.;.;.0.7-Zip.Dutch.Nederlands.401.OK.Annuleren....&Ja.&Nee.A&fsluiten.Help..&Hervatten.440.Ja op &alles.Nee op a&lles.Stoppen.Herstarten.&Achtergrond.&Voorgrond.&Pauzeren.Gepauzeerd.Weet u zeker dat u wilt annuleren?.500.&Bestand.Be&werken.Bee&ld.&Favorieten.E&xtra.&Help.540.&Openen.Open b&innen.Open b&uiten.Be&kijken.&Bewerken.&Hernoemen.&Kopi.ren naar....&Verplaatsen naar....Verwij&deren.Bestand &opsplitsen....Bestanden &samenvoegen....&Eigenschappen.O&pmerking plaatsen....Controlegetal berekenen.Delta.Nieuwe map.Nieuw bestand.&Sluiten.Koppeling.&Alternatieve streams.600.&Alles selecteren.Alles deselecteren.Selectie &omkeren.&Selecteren....&Deselecteren....Selecteren op &type.Deselecteren op t&ype.700.&Grote pictogrammen.Kleine pictogra&mmen.&Lijst.&Details
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7471
                                                                                                                                                                                                Entropy (8bit):4.976709314177123
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:21Oo14rh/0lXjPqDp2h+O0k2r/2T7tQpl:21OoqUDureT7tQpl
                                                                                                                                                                                                MD5:58FF044FE195453F797DD1AC6903ABF9
                                                                                                                                                                                                SHA1:4B8DAE21DD14AC6DAA1DECF804336A1AAE169AA9
                                                                                                                                                                                                SHA-256:D9BB6BFC127938C47B43290241378887085314AD1326095934A362CD9836B560
                                                                                                                                                                                                SHA-512:861300FE39FF0DACA00B4CB56C4075AFBA2BB3A1654BCF35713251237630206F06BC63D7F339ECFF040C9EA1F5B7094A11FE57C5848E91DB9000F48D166AB1BE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : GENOVES.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Ligurian.Zeneize.401.D'ac.rdio.Anulla....&Sci.&No.S.&ra.Agiutto..&Continoa.440.Sci pe &Tutti.No pe T&utti.Ferma.Inandia torna.Into &sfondo.&In primmo cian.&Paoza.In paoza.Ti . seguo de voei anul.?.500.&Archivio.&Modifica.&Vixoalizza.&Preferii.&Strumenti.A&giutto.540.&Arvi.Arvi into Manezat. d'archivi 7-Zip.Arvi inte Explorer.&Vixoalizza.&Modifica.Ri&nomina.&C.pia inte....&Sp.sta inte....Scancel&la.&Dividi l'archivio....&Unisci i archivi....P&ropiet..Comen&ta....Calcola somma de contr.llo.Dif.Crea cartella.Crea archivio.Sc&i.rti.600.Sele.ionn-a &tutto.Desele.ionn-a tutto.In&verti sele.ion.Sele.ionn-a....Desele.ionn-a....Sele.ionn-a pe tipo.Desele.ionn-a pe tipo.700.Figue &grende.Figue picinn-e.&Listin.&D.ti.730.Nisciun ordine.Vista ciatta.&2 barco.n.Bare di &Strumenti.Arvi cartella prin.ip..Livello supei..Cronologia....&Agiorna.750.Bara di strumenti Archivio.Bara di strumenti Normali.Figue grende.Mos
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9597
                                                                                                                                                                                                Entropy (8bit):5.372211824470281
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:iqJoMyxE8vGIrd+ic1OT1o+SXhbStCBJjSvcQKiw:iEXYBeIrQiEOT1o+SXotsJjmK7
                                                                                                                                                                                                MD5:DBDCFC996677513EA17C583511A5323B
                                                                                                                                                                                                SHA1:D655664BC98389ED916BED719203F286BAB79D3C
                                                                                                                                                                                                SHA-256:A6E329F37ACA346EF64F2C08CC36568D5383D5B325C0CAF758857ED3FF3953F2
                                                                                                                                                                                                SHA-512:DF495A8E8D50D7EC24ABB55CE66B7E9B8118AF63DB3EB2153A321792D809F7559E41DE3A9C16800347623AB10292AAC2E1761B716CB5080E99A5C8726F7CC113
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!..; 4.30 : Milan Hrub...; 4.33 : Michal Molhanec..; 9.07 : Ji.. Mal.k..; 15.00 : Kry.tof .ern...; 23.01 : 2023-06-20 : Patrik (Pa4k) .pa.o..;..;..;..;..;..;..;..0..7-Zip..Czech...e.tina..401..OK..Storno........&Ano..&Ne..Zav..&t..N.pov.da....Po&kra.ovat..440..Ano na &v.echno..N&e na v.echno..Zastavit..Spustit znovu..&Pozad...P&op.ed...Po&zastavit..Pozastaveno..Jste si jist., .e to chcete stornovat?..500..&Soubor...pr&avy..&Zobrazen...&Obl.ben...&N.stroje..N.po&v.da..540..&Otev..t..Otev..t u&vnit...Otev..t &mimo..&Zobrazit..&Upravit..&P.ejmenovat..Kop.rovat &do.....P.&esunout do.....Vymaza&t..&Rozd.lit soubor.....&Slou.it soubory.....Vlast&nosti..Pozn.mk&a..Vypo..tat kontroln. sou.et..Porovnat soubory..Vytvo.it slo.ku..Vytvo.it soubor..&Konec..Odk.zat..&Alternativn. toky..600..Vybrat &v.e..Zru.it v.b.r v.e..&Invertovat v.b.r..Vybrat.....Zru.it v.b.r.....Vybrat podle typu..Zru.it v.b.r podle typu..700.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8517
                                                                                                                                                                                                Entropy (8bit):4.822359737427984
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:2dUdnzkcjnQjB54SpQzLFA2WFYicDA1MiV2ehLHq2MQvQM03jgoBHpbYqMeMioHQ:cUtkcjnsZARHicM32UhMeWcoZpcYMivv
                                                                                                                                                                                                MD5:A04B6A55F112679C7004226B6298F885
                                                                                                                                                                                                SHA1:06C2377AC6A288FE9EDD42DF0C52F63DCE968312
                                                                                                                                                                                                SHA-256:12CC4A2CEF76045E07DAFC7AEC7CF6F16A646C0BB80873EC89A5AE0B4844443B
                                                                                                                                                                                                SHA-512:88C7ED08B35558D6D2CD8713B5D045FBA366010B8C7A4A7E315C0073CD510D3DA41B0438F277D2E0E9043B6FCB87E8417EB5698AB18B3C3D24BE7FF64B038E38
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.08 : Ari Ryynanen.; 4.30 : Jarko P..; 4.42 : Juhani Valtasalmi.; 9.35 : T.Sakkara.; 15.05 : 2015-08-07 : Lauri Kentt..; 19.00 : 2020-12-28 : Sampo Hippel.inen.;.;.;.;.;.0.7-Zip.Finnish.Suomi.401.OK.Peruuta....&Kyll..&Ei.&Sulje.Ohje..&Jatka.440.Kyll. k&aikkiin.E&i kaikkiin.Pys.yt..Aloita uudelleen.&Tausta.&Edusta.&Tauko.Tauolla.Peruutetaanko toiminto?.500.&Tiedosto.&Muokkaa.&N.yt..&Suosikit.Ty.&kalut.&Ohje.540.&Avaa.Avaa s&is.isesti.Avaa ulkoisesti.&N.yt..&Muokkaa.Nime. &uudelleen.&Kopioi....&Siirr.....&Poista.&Jaa osiin....&Yhdist. tiedostoja....&Ominaisuudet.Komme&nttti....Laske tarkiste.Ero.Luo kansio.Luo tiedosto.&Lopeta.Linkit..Vaihtoehtoiset virrat.600.V&alitse kaikki.Poista &valinnat.&K..nteinen valinta.Valitse....Poista valinta....Valitse tyypeitt.in.Poista valinta tyypeitt.in.700.Suu&ret kuvakkeet.&Pienet kuvakkeet.&Luettelo.&Tiedot.730.Alkuper.inen j.rjestys.Tasainen n.kym..&Kaksi paneelia.&Ty.kalupalkit.Avaa p..kansio.Yks
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18834
                                                                                                                                                                                                Entropy (8bit):3.802411708886365
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:TtnNoVvuZp1uKx4IshqMehIANlXgZC0Mzat2Irn0rInzY3TPYXtr:T/u/JBr
                                                                                                                                                                                                MD5:FD1B984BAEA0E5A905F756E9FDC54E86
                                                                                                                                                                                                SHA1:4DA8DA9154115F6BF0962FD02DB9D7E166285C8E
                                                                                                                                                                                                SHA-256:02CC9032C117A7818865AF3DCADBDD3C7B348BE3507681CD0032DD9BD15B76FC
                                                                                                                                                                                                SHA-512:1595742CCCFFF001C7BE0A7809F2E700460AD4CBD684D5A0CC53C5CCF615046E2E94EFD96CEEACA3D6FB20AAA5249D7677AB1F6FAF8DAB0A1B559A0C0951913E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma, ....... .... ......;.;.;.;.;.;.;.;.;.;.0.7-Zip.Sanskrit, Indian, .....................401.... ..............&....&...&... ...........&.... ....440.&....... ....&....... ............ .... .....&...........&........(.........).&....................... .... .... ..... ... ....... .... ..... ....?.500.&.......&.........&........&.........&.......&......540.&........&.... ........&.... ........&........&........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7906
                                                                                                                                                                                                Entropy (8bit):4.861128874829787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ggtTHAKaGSwSssr6JRiCJHAnJVsNO1vjGlXl58jmFsjGJZv:gM0j56fuXjol
                                                                                                                                                                                                MD5:236CFC435288002763C68C4BBEE7B39D
                                                                                                                                                                                                SHA1:E74A2402C2CB744DBED8AC1C2154FB1DE38148F9
                                                                                                                                                                                                SHA-256:B18730124208D26E5E88B76BB99985BF61938D7A994B626B2DE5230557D2D8DD
                                                                                                                                                                                                SHA-512:FA6941594454CDA55E081F15F367F430559849D218895B0B157A2204E8B30AE95DB99C62981A9C30A152A63D1BDB8EDD975BF06EE5ADF1F31B42A2C10CF11580
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Sean.n . Coist.n.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Irish.Gaeilge.401.T. go maith.Cealaigh....&T..&N.l.&D.n.Cabhair..&Lean ar aghaidh.440.T. do gach ceann.N.l go gach ceann.Stad.Atosaigh.&C.lra.&Tulra.&Cuir ar sos.Ar sos.An bhfuil t. cinnte gur mian leat . a cheal.?.500.&Comhad.&Leagan.Am&harc.Cean.in.&Uirlis..&Cabhair.540.&Oscail.Oscail &istigh.Oscail &lasamuigh.&Amharc.&Eagar.Athainmnigh.&Macasamhlaigh go....&Bog go....S&crios.Scar an comhad....Cumascaigh na comhaid....Air.onna.N.ta tr.chta.R.omh an tsuim sheice.la.Diff.Cruthaigh fillte.n.Cruthaigh comhad.&Scoir.600.Roghnaigh &uile.D.roghnaigh uile.&Aisiompaigh an roghn.ch.n.Roghnaigh....D.roghnaigh....Roghnaigh de r.ir cine.l.D.roghnaigh de r.ir cine.l.700.&Deilbh.n. m.ra.&Deilbh.n. beaga.&Liosta.&Sonra..730.Neamhaicmithe.Gach rud in aon chiseal.&2 fhuinneog.&Barra. na n-uirlis..Oscail an fr.amhfhillte.n.Suas fillte.n amh.in.Oireas na bhfillte.n....Athnuaigh.750.Barra
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13282
                                                                                                                                                                                                Entropy (8bit):4.417819769318221
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WDvyYrnbU6Eyx9Vx8f1gJNOaSgIPukCC3NaxktY7:WD9px8f1gJss2CCsxkK7
                                                                                                                                                                                                MD5:741E0235C771E803C1B2A0B0549EAC9D
                                                                                                                                                                                                SHA1:7839AE307E2690721AD11143E076C77D3B699A3C
                                                                                                                                                                                                SHA-256:657F2ACEB60D557F907603568B0096F9D94143FF5A624262BBFEB019D45D06D7
                                                                                                                                                                                                SHA-512:F8662732464FA6A20F35EDCCE066048A6BA6811F5E56E9CA3D9AA0D198FC9517642B4F659A46D8CB8C87E890ADC055433FA71380FB50189BC103D7FBB87E0BE5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Edris Naderan.; 4.53 : Mehdi Farhadi.; 9.22 : Hessam Mohamadi.; 22.00: Mohammad Ali Sohrabi.;.;.;.;.;.;.;.0.7-Zip.Farsi.......401.................&.&.......................440.... ... ...... ... ................... ......... .................... ........ ...... .. ... ........500..................................................540................ .. ............ .. ............................... ............ ............... ............... .............................. ..... ...... ......... ........ .......... ..........&........&......... ........600....... ....... ....... ......... .... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14632
                                                                                                                                                                                                Entropy (8bit):4.341973950530399
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:LzDXSHvMCtcY7SbE1BgUmOTfhEUDgkoSa4pTG++3slxxgYbgDfvCPKpTWO4z+dWE:uMC2YubdUmsKEAcb+3QbgDEK9KyQ2f
                                                                                                                                                                                                MD5:EA08A1D73A4A150D7EC590B094D4E0D5
                                                                                                                                                                                                SHA1:E4F3172CF52DB8DA27F7D95CFBA2EACFAB12D533
                                                                                                                                                                                                SHA-256:E029F34DDEA8B1358E1F519526EF643D79BE37CFCE55BB5EA21B4BD0D026F9D3
                                                                                                                                                                                                SHA-512:3661EC554C82F3608099E08808E5151B8D7BCCA385CF09D0FD4181073A52E1E835485DF0684F5091D0F5EF487A07298286DB463C3971E3986A6AD9B0BF7784C2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-20 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tajik........401..................&.....&...&..............&..........440..... ..... &........ ..... &............... .......&.......&.. ... ........&............ ............. ....... ......, .. ......... .... ...... .......?.500.&.....&.......&.......&......................&........540.&........... ..... &........... ..... ...............&............. ......&............ ......&........ ......&.... ................ ..... &.........&..... ....... ................................... ...... .............. .......&...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10094
                                                                                                                                                                                                Entropy (8bit):4.985202993884915
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:miY9r9BfTV6g/+fY3W8qvyyMvfWMWqTtdkKM97n6O7Ugmpien9Ju1yZYX7579H:iZBTSaW8qapvf0OtiEgihy1vX7579H
                                                                                                                                                                                                MD5:F0CBDAA70D567EE71C685250958EC194
                                                                                                                                                                                                SHA1:2DB013E6608739AA45453D0F69BA953FCC78B14D
                                                                                                                                                                                                SHA-256:6B21924CAEA51B395EFA0B8FA5D7E2492CE6A6B86DCC08565A5A4DEE5C182167
                                                                                                                                                                                                SHA-512:3AE68CC6BE78D6BCA7304516B25733A516AAF2121FB8E62EBB9B6FD5194D261117F7AB0C142DBFB2EFE2016E189E7EBB1F5BE4A82253F087A34A59CFC41EF7B9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Francisco Jr.; 4.37 : Fabricio Biazzotto.; 24.06 : Atualizado por Felipe.;.;.;.;.;.;.;.;.0.7-Zip.Portuguese Brazilian.Portugu.s Brasileiro.401.OK.Cancelar....&Sim.&N.o.&Fechar.Ajuda..&Continuar.440.Sim pra &Todos.N.o pra T&odos.Parar.Reiniciar.&Em 2. plano.&Em 1. plano.&Pausar.Pausado.Voc. tem certeza que voc. quer cancelar?.500.&Arquivo.&Editar.&Visualizar.F&avoritos.&Ferramentas.&Ajuda.540.&Abrir.Abrir &por Dentro.Abrir p&or Fora.&Visualizar.&Editar.Re&nomear.&Copiar Para....&Mover Para....&Apagar.&Dividir arquivo....Com&binar arquivos....P&ropriedades.Comen&t.rio.Calcular checksum.Diff.Criar Pasta.Criar Arquivo.S&air.Link.&Correntes Alternantes.600.Selecionar &Tudo.Desmarcar Tudo.&Inverter Sele..o.Selecionar....Desmarcar....Selecionar por Tipo.Desfazer a Sele..o por Tipo.700..co&nes Grandes..c&ones Pequenos.&Lista.&Detalhes.730.Desorganizado.Visualiza..o Plana.&2 Pain.is.&Barra de Ferramentas.Abrir a Pasta Raiz.Um N.vel Acima.Hist.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9099
                                                                                                                                                                                                Entropy (8bit):4.918696837936453
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:1W7Uw+zTCaVpRBbpgoeCb4wdHSYz2NufjbJTQewnpy:14N+zNpbbpgw4wdHxtXlipy
                                                                                                                                                                                                MD5:6CD7C2B4D6BBA163B1623035FEB4297D
                                                                                                                                                                                                SHA1:5DF07BCFD1EDBD448B566AEA5789EF251303DE69
                                                                                                                                                                                                SHA-256:9280AB90261B0C8F206EEF7196D7531E4E4932C9174AB899CEE4F8ED97CC87C6
                                                                                                                                                                                                SHA-512:7ED13085EBC2545B434F5671F958F7A5FAA1BC29F7C10721A972AFD2C886FC39F0A6E290E70F1F8EA798199CA26974257EAF9B8445652C9B02C789E198191A3E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : 2007-11-22 : Xos. Calvo.; 9.20 : 2014-11-26 : enfeitizador.; 15.00 : 2016-02-01 : enfeitizador.; 22.00 : 2023-05-13 : enfeitizador.;.;.;.;.;.;.;.0.7-Zip.Galician.Galego.401.De acordo.Cancelar....&Si.&Non.Pe&char.Axuda..&Continuar.440.Si &a todo.Non a &todo.Parar.Reiniciar.Po.er por de&baixo.Traer ao &fronte.&Pausa.Pausado.Queres cancelar?.500.&Ficheiro.&Editar.&Ver.F&avoritos.Ferramen&tas.A&xuda.540.&Abrir.Abr&ir dentro.Abrir &f.ra.&Ver.&Editar.Cambiar no&me.&Copiar a....&Mover a....&Eliminar.&Dividir ficheiro....Com&binar ficheiros....P&ropiedades.Come&ntario....Calcular suma de verificaci.n.Diferenzas.Crear cartafol.Crear ficheiro.Sa&.r.Ligaz.n.&Alternar fluxos.600.Seleccion&ar todo.Desmarcar todo.&Inverter selecci.n.Seleccionar....Desmarcar....Seleccionar por tipo.Desmarcar por tipo.700.Iconas lon&gas.Iconas &mi.das.&Lista.&Detalles.730.Sen orde.Vista plana.&2 paneis.Barras de ferramen&tas.Abrir cartafol ra.z.Subir un nivel.Hist.rico de carta
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8399
                                                                                                                                                                                                Entropy (8bit):4.743579226754701
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ChNzKhWj2NvAG/UkpyRFJHbskP/jZKMOdp6EAEPW:ChNXj2uG/Ukpe/DEMOdp6Em
                                                                                                                                                                                                MD5:C90CD9F1E3D05B80ABA527EB765CBF13
                                                                                                                                                                                                SHA1:66D1E1B250E2288F1E81322EDC3A272FC4D0FFFC
                                                                                                                                                                                                SHA-256:A1C9D46B0639878951538F531BBA69AEDDD61E6AD5229E3BF9C458196851C7D8
                                                                                                                                                                                                SHA-512:439375D01799DA3500DFA48C54EB46F7B971A299DFEBFF31492F39887D53ED83DF284EF196EB8BC07D99D0EC92BE08A1BF1A7DBF0CE9823C85449CC6F948F24C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.12 : 2015-12-04 : Xabier Aramendi.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Basque.Euskara.401.&Ongi.E&zeztatu....&Bai.&Ez.It&xi.&Laguntza..&Jarraitu.440.Bai &Guztiari.Ez G&uztiari.Gelditu.Berrabiarazi.Ba&rrenean.&Gainean.&Pausatu.Pausatuta.Zihur zaude ezeztatzea nahi duzula?.500.&Agiria.&Editatu.&Ikusi.&Gogokoenak.&Tresnak.&Laguntza.540.&Ireki.Ireki &Barnean.Ireki &Kanpoan.Ik&usi.&Editatu.Berrize&ndatu.Kopiatu &Hona....&Mugitu Hona....E&zabatu.Banan&du agiria....Nahas&tu agiriak....Ezau&garriak.&Aipamena....Ka&lkulatu egiaztapen-batura.Ezber.Sortu Agiritegia.S&ortu Agiria.I&rten.Lotura.&Aldikatu Jarioak.600.Hautatu &Guztiak.Deshatutau G&uztiak.&Alderantzizkatu Hautapena.&Hautatu....&Deshautatu....Hautatu &Motaz.Deshautatu M&otaz.700.Ikur &Handiak.Ikur Txi&kiak.&Zerrenda.&Xehetasunak.730.Ant&olatugabe.Ik&uspegi Laua.&2 Panel.&Tresnabarrak.Ireki &Erro Agiritegia.Maila Bat &Gora.Agiritegi &Historia....&Berritu.Be&rez Berritu.750.Artxibo Tresnabarra.Tresnabarra Estandarra.Boto
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10909
                                                                                                                                                                                                Entropy (8bit):3.91308688355158
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:v4MfocCqKNXU9shxj5fLniD65MfiZNUsQWzrSt3v+YGqzCoy8aMN:vzo5qK1U9sZfLiD65Mfip8vJzCoGu
                                                                                                                                                                                                MD5:0771F160D56B1890A1CDC2CA040D2616
                                                                                                                                                                                                SHA1:36E69202682BF6993273B521424EC082998F6CA9
                                                                                                                                                                                                SHA-256:03B4EA89CCE3AA4193A7E3E1E6180DAB8359388DF3B574379935EA39D7B8D723
                                                                                                                                                                                                SHA-512:B452C75292C7D365AA5759FB3F49DE674255E839CAA687436474B782F615B2AD86A11A58809A5BB60115B070C9B738A461DB24E70502598A3BFECCF373220DBB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : peterg.; : Gal Brill.; 9.13 : 2010-04-30 : Jonathan Lahav.; 19.00 : 2020-05-01 : ION.;.;.;.;.;.;.;.0.7-Zip.Hebrew.......401............&...&...&...........&.....440... .&..... &............. .....&....&......&...........?.. ... .... .... .... .....500.&.....&......&......&........&......&....540..&...... .&........ .&....&....&.....&... .......&. ......&.. ...&.......&. ......&... ......&............&...... ..... ................. .......... .....&..........&..... ........600.... &....... ..... ....&.... ............... ......... ... ....... ..... ... ....700........ &.............. &....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8352
                                                                                                                                                                                                Entropy (8bit):4.184447797063497
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:6Bs6ZfGCRhROvyepYP3abUeXUlWDyos3d8K/FAK1MbNH1hjg:6BPrhRyfpYP3wCl+E8K/FAK1Mbl12
                                                                                                                                                                                                MD5:C16E6946F912B49963BFA7E44BE2F7A0
                                                                                                                                                                                                SHA1:496922AD3E59737AC64289EE685F2FADAA942755
                                                                                                                                                                                                SHA-256:90EFCA5F6B8E37B963F7E42F700938440171942E0DE0AB8BAEB08912C0952957
                                                                                                                                                                                                SHA-512:55FEEA50104ED2249E6F5018B6883F89ACBCC0396E80349653356F40329C4A420584B29734CD1CA8930E9A383DA427EC979815CC3DA3F6F59AD8948B2262E874
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Gabriel Stojanoski.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Macedonian............401..............&...&...&................&........440... &....... .&.........................&.......&.......&.................... ....... ...... .. ........?.500.&.........&......&.......&........&.......&......540.&............. &............. &.......&.......&......&............&....... ......&........ ......&........&...... ...............&....... ............&................&................. ................... .........&.......600........... &............... ...&....... ............................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4785
                                                                                                                                                                                                Entropy (8bit):4.860196348023919
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:0PK8d9PEVqGUK+ZY6yB42vdhut4A9ThBbRaP0Jk:wKKPEVqGnmSvdhruf9o
                                                                                                                                                                                                MD5:E3267C5ED8158DA2B7E2679107CE1394
                                                                                                                                                                                                SHA1:6550CDE7359A1B3450D8C0937AFFBF0252FA4B82
                                                                                                                                                                                                SHA-256:C88BC7EA0C20769847A0403E188E273A0897D1C77DD72CC4B45471FC67E0D5E1
                                                                                                                                                                                                SHA-512:63C185613C5855379DD4CAC3D2CF264D6BB2A0E9B483B22EAB93B7E8B9ABDA88BEE2F80FCD24F0E9BE0972A04F6C725CB20CAE678E3E4F61251721B5BDB1CDCD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.30 : Khairul Ridhwan Bin Omar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Malay.Bahasa Melayu.401.OK.Batal....&Ya.&Tidak.&Tutup.Bantuan..&Teruskan.440.Ya untuk Semua.Tidak untuk Semua.Henti.Mula Semula.&Latar belakang.&Latar depan.&Berehat.Berehat.Anda yakin untuk membatalkannya?.500.&Fail.&Edit.&Paparan.K&egemaran.&Alat.&Bantuan.540.&Buka.Buka di D&alam.Buka di L&uar.&Paparan.&Edit.Nam&akan semula.&Salin ke....&Pindahkan ke....Hapus.&Bahagi/belah Fail....Gab&ung Fail....P&roperti.Kom&en...Buat Folder.Buat Fail.K&eluar.600.Pilih &Semua.Jangan Pilih Semua.&Sonsangkan Pilihan.Pilih....Tidak Memilih....Pilih Berdasarkan Jenis.Tidak Memilih Berdasarkan Jenis.700.Ikon B&esar.Ikon K&ecil.&Senarai.&Butiran.730.Tidak Tersusun..&2 Panel.&Toolbar.Buka Root Folder.Ke atas Satu Aras.Folder Sejarah....&Segarkan Semula.750.Toolbar Arkib.Toolbar Standard.Bebutang Besar.Perlihatkan Teks Bebutang.800.&Tambah folder pada Kegemaran sebagai.Penanda Buku.900.&Opsyen....&Tanda Aras.960.&Kandungan..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4812
                                                                                                                                                                                                Entropy (8bit):5.061169016847165
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:8VTu+i2nCrWTXAwQGjC6IF5/uNXlziug14+UFxmeeqYgzf7Edm+8VR:8VTTCqTRC6Iv/uzg14+UFxJYgzTR
                                                                                                                                                                                                MD5:6BDF25354B531370754506223B146600
                                                                                                                                                                                                SHA1:C2487C59EEEAA5C0BDB19D826FB1E926D691358E
                                                                                                                                                                                                SHA-256:470EAF5E67F5EAD5B8C3ECC1B5B21B29D16C73591EB0047B681660346E25B3FB
                                                                                                                                                                                                SHA-512:C357B07C176175CC36A85C42D91B0CADA79DBFB584BDF57F22A6CB11898F88AECF4392037D5CEA3E1BC02DF7493BB27B9509226F810F1875105BBC33C6AE3F20
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Owain Lewis.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Welsh.Cymraeg.401.Iawn.Canslo....&Iawn.&Na.&Cau.Cymorth..P&arhau.440.Iawn i'r &Cwbwl.Na i'r C&wbwl.Stopio.Ailgychwyn.&Cefndir.&Blaendir.&Pwyllo.Pwyllo.Ydych chi am canslo?.500.&Ffeil.&Golygu.Gwe&ld.Ff&efrynnau.&Offer.&Cymorth.540.&Agor.Agor tu &Mewn.Agor tu &Fas.Gwe&ld.&Golygu.A&ilenwi.&Cop.o i....&Symud i....&Dileu.&Hollti ffeil....Cy&funo ffeilau....&Priodweddau.Syl&wad.Cyfrifo swm-gwirio..Creu Ffolder.Creu Ffeil.Alla&n.600.Dewis y C&yfan.Dad-ddewis y Cyfan.Gwrt&hdroi'r Dewis.Dewis....Dad-ddewis....Dewis trwy Math.Dad-ddewis trwy Math.700.Eiconau &Mawr.Eiconau &Bach.&Rhestr.Ma&nylion.730.Dad-dosbarthu.Golwg Flat.&2 Paneli.Bariau &Offer.Agor Ffolder Gwraidd.Lan Un Lefel.Hanes Ffolderi....&Adnewyddu.750.Bar Offer Archif.Bar Offer Arferol.Botwmau Fawr.Dangos Testun Botwmau.800.&Ychwanegu ffolder i Ffefrynnau fel.Llyfrnod.900.&Dewisiadau....&Meincnod.960.&Cynnwys....&Manylion 7-Zip....1003.Llwybr.Enw.Estyniad.Ffolder.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17467
                                                                                                                                                                                                Entropy (8bit):3.84721481389097
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:wNAsf6IflsHX7q4IqKz+QCzaRDuAlTz8tw2+xE3ZAXsF:wjDGGeF
                                                                                                                                                                                                MD5:18D9C82F12E07B71E03D6086DEBA0DC3
                                                                                                                                                                                                SHA1:C6C11C6F1FC00A25DD53E1C78F207F6C8C8B8B13
                                                                                                                                                                                                SHA-256:5F79AE167A917860F95F73E5ED007FE250F30AF794BCFCE17941F9EF87D22A05
                                                                                                                                                                                                SHA-512:196A859D52A1A742B98460EAF113552DCE2CFC63378B19D2902BEABC1E66CBD9E26BF37FC26453832AA10929AAF0196ED9211332E63C830B0E5946013C82BDC1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma : ...... .... ......;.;.;.;.;.;.;.;.;.;.0.7-Zip.Hindi, Indian, ...................401.... ...........&....&.....&... .........&.... ....440.&... .. .... ....&... .. .... .............. .... .....&...........&........(.........).&..................... .... .... ..... ... ....... .... .. ....?.500.&.....&.......&......&.......&.....&....540.&.....&.... .....&.... .....&......&.......&...: .......&... ... .........&... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12052
                                                                                                                                                                                                Entropy (8bit):4.593559236039092
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:EVt6Fm0NMfdCluobJcX4/xBjnBmeevaMHYXk8ogjES+UntpdLCKmYcBp7a:EVSm0NMfdClucJcX4/xBVmKM4Xk8oJSj
                                                                                                                                                                                                MD5:E50C04D913DC92251AA6781C02E0BD45
                                                                                                                                                                                                SHA1:57E68C80B23A9B1BD689CCD81CBCD91E0CAE6AAC
                                                                                                                                                                                                SHA-256:9A9E4DDACC494EAAA386F1220837020F332A49E7FFF7F0BF8C38C847390DAB18
                                                                                                                                                                                                SHA-512:C428CAF314F79D533246CEE4015411102ED836D0173F67F3B2F4C61C3F3F81BE7FB2FFF7D3E863E999617BA05FD6F7FEF4B67CFF8557E1D0C86035ED29DAA2CE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20 : Kalil uulu Bolot.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kyrgyz..........401.OK..........&.....&....&..............&........440..... &........... .&...... ................ ........&......&....... .......&..................... ... ... .......... ........... ..... ......?.500.&.....&......&.....&...........&......&.......540.&........&... ..........&... ...........&................& .........&.... ...........&.... ..... ...........&.........&... ...............&........ ............&..........&................. .........Diff.&...... ...........&. .........&.....600....... .&..............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10395
                                                                                                                                                                                                Entropy (8bit):3.978171082486284
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:HosRVPp67cdE3hwwQtbgUaecHQFyMce+VWLeKhJHZgr:1RNphG3IRBwHoJbLeYJHi
                                                                                                                                                                                                MD5:B681F52BC54B1B340A3184CDE7FF59C2
                                                                                                                                                                                                SHA1:BA8D38155C0C81416233A360F7387EAF48C57DB2
                                                                                                                                                                                                SHA-256:F6D67CE2EAE4C125BBF54C04AC783005BDDC07007398CABD3B9603020AF67BFD
                                                                                                                                                                                                SHA-512:82FDB75B2F2A06E3CBBEAF1DFE84B196908286B9518194485DBBB168777181FA86A7E37136756544ACC98165860E8CA61B83545F6CD1F13EE91BFA995A5DF0D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.42 : ...... ..... ....... (Subodh Gaikwad).;.;.;.;.;.;.;.;.;.;.0.7-Zip.Marathi.......401.............&...&.....&.........&.....440.&.... .. ...&.... .. ................. .... ....&.... .....&.... ....&........................ .... .......... ...... ... ..?.500.&.....&.......&.......&.....&......&....540.&.....&.... .....&..... .....&......&.......... ....&.............&........&......&.... ..... ........... ...............................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10597
                                                                                                                                                                                                Entropy (8bit):4.894357872419177
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:5JD5oUEhpto75qEisSDlmED/UJ8Wn3bFEmL4FHjwjdBZ2QvcGFpo2ZI3v:5JtvEzG75qcSDlmcDw+EJBZFchFv
                                                                                                                                                                                                MD5:ED230F9F52EF20A79C4BED8A9FEFDF21
                                                                                                                                                                                                SHA1:EC0153260B58438AD17FAF1A506B22AD0FEC1BDC
                                                                                                                                                                                                SHA-256:7199B362F43E9DCA2049C0EEB8B1BB443488CA87E12D7DDA0F717B2ADBDB7F95
                                                                                                                                                                                                SHA-512:32F0E954235420A535291CF58B823BAACF4A84723231A8636C093061A8C64FCD0952C414FC5BC7080FD8E93F050505D308E834FEA44B8AB84802D8449F076BC9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Pablo Rodriguez.; : Jbc25.; : 2007-09-05 : Guillermo Gabrielli.; 9.07 : 2010-06-10 : Purgossu.; 2010-10-23 : Sergi Medina (corrected).; 18.00 : 2018-01-10 : Agust.n Bou (updated).; 22.00 : 2023-05-13 : To.o Calo (updated and minor fixes).; 24.04 : 2024-04-25 : MELERIX (updated and various fixes).;.;.;.0.7-Zip.Spanish.Espa.ol.401.Aceptar.Cancelar....&S..&No.&Cerrar.Ayuda..&Continuar.440.S. a &todo.No a t&odo.Detener.Reiniciar.&Segundo plano.&Primer plano.&Pausar.Pausado..Est.s seguro de querer cancelar?.500.&Archivo.&Editar.&Ver.F&avoritos.&Herramientas.&Ayuda.540.&Abrir.Abrir &dentro.Abrir f&uera.&Ver.&Editar.Reno&mbrar.&Copiar a....&Mover a....&Borrar.&Dividir archivo....Com&binar archivos....P&ropiedades.Come&ntario.Calcular suma de verificaci.n.Diferencia.Crear carpeta.Crear archivo.S&alir.Enlazar.Flujos &alternativos.600.Seleccionar &todo.Deseleccionar todo.&Invertir selecci.n.Seleccionar....Desel
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12299
                                                                                                                                                                                                Entropy (8bit):4.279828923149653
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Z/YybL3XSV+HYFBLRTRZgZCjWg6IvLDlaJQZmbghr0MhI05z:F3XIBLRMZCjWgfvLpGQZcghrvIC
                                                                                                                                                                                                MD5:5747381DC970306051432B18FB2236F2
                                                                                                                                                                                                SHA1:20C65850073308E498B63E5937AF68B2E21C66F3
                                                                                                                                                                                                SHA-256:85A26C7B59D6D9932F71518CCD03ECEEBA42043CB1707719B72BFC348C1C1D72
                                                                                                                                                                                                SHA-512:3306E15B2C9BB2751B626F6F726DE0BCAFDC41487BA11FABFCEF0A6A798572B29F2EE95384FF347B3B83B310444AAEEC23E12BB3DDD7567222A0DD275B0180FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 9.07 :............:... ..-.... ........; 9.07 : Awadh A Al-Ghaamdi.;.; 15.00 : 2016-08-28 : ..... ...... .......: ... .... .......; 15.00 : 2016-08-28 : Saif H Al-asadi (edited and corrected).; 20.00 : 2020-04-01 : Ammar Kurd (Edits and corrections).;.;.;.;.;.0.7-Zip.Arabic......401............ .........&....&...&................&........440.... ....... ................ .........&..........&.....&..... .......... ......... ... ..... .. .........500.&....&......&........&......&......&.......540.&....&.... .........&... .......&....&.........&.. ...........&.. .......&.. ....&....&..... ...........&. ..............&..........&..... .... ..........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9375
                                                                                                                                                                                                Entropy (8bit):4.996342947967769
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Kz9QG6nA1C574kEmsIO8M+M66rr6emGeHlOzsyqfP2diqPtVe3ydIINSAhy:U6nA1S1Em3O8M+M6RrGCyOmiqlVBSAU
                                                                                                                                                                                                MD5:238D20C2FD41EDEC7EFBFDA32B430156
                                                                                                                                                                                                SHA1:C63BB6DCEA0B453239EBEA6CBE004A0E07EE9AFF
                                                                                                                                                                                                SHA-256:B48DD5142C39C56D35F0BA673C3AFC706AF063040D7567D43B69345DDFA6E767
                                                                                                                                                                                                SHA-512:7749DB74A481539D997372C7931877C44C202137E9CE5E1EA1D32E61FA3EA851364C0F0FD0A57B4DE8FE50564D97C544007DB23093C7ED66841CE099F9D41B77
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Carlos Macao.; : Jo.o Alves.; : Jo.o Frade (100 NOME TR).; 4.46 : Rui Costa.; 9.17 : S.rgio Marques.; 15.00 : Rui Aguiar.; 15.00 : 2022-03-22 : Hugo Carvalho.; 22.00 : 2022-06-28 : Hugo Carvalho.;.;.;.0.7-Zip.Portuguese Portugal.Portugu.s.401.Aceitar.Cancelar....&Sim.&N.o.&Fechar.Ajuda..&Continuar.440.Sim a &tudo.N.o a t&udo.Parar.Reiniciar.&Segundo plano.P&rimeiro plano.&Pausar.Em pausa.Quer mesmo cancelar?.500.&Ficheiro.&Editar.&Ver.F&avoritos.Ferramen&tas.&Ajuda.540.&Abrir.Abrir &dentro.Abrir &fora.&Ver.&Editar.Mudar& o nome.&Copiar para....&Mover para....&Eliminar.&Dividir ficheiro....Com&binar ficheiros....P&ropriedades.Come&nt.rio.Calcular o checksum.Diff.Criar pasta.Criar ficheiro.&Sair.Liga..o.&Alternar fluxos.600.Seleccionar &tudo.Desseleccionar tudo.&Inverter selec..o.Seleccionar....Dessseleccionar....Seleccionar por tipo.Desseleccionar por tipo.700..cones &grandes..cones &pequenos.&Lista.&Detalhes.730.Desordenado.Vista
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19786
                                                                                                                                                                                                Entropy (8bit):3.4834684083480845
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:CcI/ZsPpGl9ZjeWe4vt/lx5qI4qwRXoFYvNCrSFbF7FdF+pIAZMijZdcdap4daBj:OUGxjeWe4vt/lvPIXTaGF+pPZZ7Ro/50
                                                                                                                                                                                                MD5:A10D62CB5875CC96D53E4BC02724F366
                                                                                                                                                                                                SHA1:BB8D2F73109084A9A11246733E5DA148D964D6EA
                                                                                                                                                                                                SHA-256:2E488EF05895B93ACA2B5F72EA08DA887722215D1B4CB85B12942EA32641DA2B
                                                                                                                                                                                                SHA-512:B01FCFA48883431BA98522C74A8AE9511BD6F122613E80A0439A049B8F509D689B89A59F280335532AF284A351C52F44313A4961EA5ACBFAF7EA2617AF75E797
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20:.; Saqirilatu Mongolqileb.; last updated: 2014-1-1.;.;.;.;.;.;.;.;.0.7-Zip.Mongolian (Unicode)....... .....401...................... (&Y)..... (&N)....... (&C)..................... (&C).440....... .... (&A)....... .... (&L)................ ........... ..... (&B)....... ..... (&F).......... (&P)........ .......... ...... ........ .. ..500...... (&F)............ (&E)...... (&V)........... (&A)....... (&T)........... (&H).540......... (&O)...... ..... ... ........ (&I)...... ..... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14633
                                                                                                                                                                                                Entropy (8bit):3.957046613501519
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:haD8h70Oi+7V+y+FJNgquLCnt/SD4mKYGn940nWXmJTQOdLrRMs:hKm5f7V+y+FJNgquIt/64tnSmJciLNMs
                                                                                                                                                                                                MD5:771C8B73A374CB30DF4DF682D9C40EDF
                                                                                                                                                                                                SHA1:46AA892C3553BDDC159A2C470BD317D1F7B8AF2A
                                                                                                                                                                                                SHA-256:3F55B2EC5033C39C159593C6F5ECE667B92F32938B38FCAF58B4B2A98176C1FC
                                                                                                                                                                                                SHA-512:8DCC9CC13322C4504EE49111E1F674809892900709290E58A4E219053B1F78747780E1266E1F4128C0C526C8C37B1A5D1A452EEFBA2890E3A5190EEBE30657BA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.46 : Team Oruddho (Fahad Mohammad Shaon, Mahmud Hassan).;.;.;.;.;.;.;.;.;.;.0.7-Zip.Bangla.......401.... .............&......&...&.... .............&...... ......440.&....... .... .......&...... .... ............ .....&.......& ......&............. .............. ..... .... ......?.500.&.....&.................&.&......&.......&.......540.&........ ....7-zip-. ........ .......... ........ ....&.........&............ .........&....... ...............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15450
                                                                                                                                                                                                Entropy (8bit):3.943828079014395
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:NrQMVEpEJbIRgAOaN2gs1KM5LypJ0/vrvQYKSK46smKhjlCqRK5ZThNFdHL0eF9s:Nr3m6JbIRgzaN2gs1/+J4vrvQYzK46Pg
                                                                                                                                                                                                MD5:6BE5BA977C60F103B54C4289399CE43E
                                                                                                                                                                                                SHA1:48DFF625438573A366D56ECEF43BC43A10E124A8
                                                                                                                                                                                                SHA-256:A1967002746961CDC4F3AD4F5F081BBA6DB231660CDFD5F2AB4A572EB11DD67C
                                                                                                                                                                                                SHA-512:DA61AA3C5389B5096F1C899AD17EBC20125B18D959F8C74AAE10665F65DE4A3C2069AFE47380C093926180C952336FCBEFF71329809D7FA59AB490849B647DBB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Chayanon Ruamcharoen.; 4.10 : Zafire06.; 9.13 : Kom10.;.;.;.;.;.;.;.;.0.7-Zip.Thai.....401................&....&....&...............&.............440...................................&..................&..................&..................................................500.&.....&......&.......&...........&...........&..........540.&...........................................&.......&......&............&...............&
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10328
                                                                                                                                                                                                Entropy (8bit):4.601143849904046
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:y/vuZGpufsiAAsiNSFT5JD7HahEPpBwwKOAmiyUSbD0A:y/vuZGMfjzRNGGhEP8DXyUSX0A
                                                                                                                                                                                                MD5:407130A212CFAC68FA4873B0381B2CB1
                                                                                                                                                                                                SHA1:C0C9B84CC79619D27536E9F50F25D81237B234D3
                                                                                                                                                                                                SHA-256:F813EAC0B284EDCE156DD1E6B7EA75B027F4342E04D8B8DB1131894A227A4562
                                                                                                                                                                                                SHA-512:E80AFDF726CCC5D495F62A9B289EE31703F151EA01EBA32AD7D2DA306C2C07DE2F9049DC6592C3C962B7CC2CBE352B8B7A19E9DBCF7B3C6B61DCC4026B70C151
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Arslan Beisenov, Arman Beisenov.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kazakh.........401......................&...&....&...............&...........440....... &......... &................. .... .....&......&....... .........&.......................... ....... ..... ..?.500.&.....&......&........&..........&......&.........540.&.......... &............ ..........&........... .....&..........&...........&.......... ................... ...........................&................. .......Diff.&..... .......... ...........600...... ..................... ........&........... ...................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8711
                                                                                                                                                                                                Entropy (8bit):5.0441606790922044
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oEiQ9ofFPhWwxTyaN+tu0okvFFr7S6IqOsc9gw8tjD7FuPNfOloU31QHvBcw:oEiQibWwjNT8cotjD8NfL
                                                                                                                                                                                                MD5:9A27F7E51E2143F4258AAC9975F78F60
                                                                                                                                                                                                SHA1:49DFFBD91FE27A81DA38BECDE87DE6B2DF28962F
                                                                                                                                                                                                SHA-256:233596E0D29DAD356CD31C302EB1EB3A263736F166F5A7628A753BD808668EBB
                                                                                                                                                                                                SHA-512:83C6464E05C776910552591D6D4B8DCB5CD0CC8C627519AEFB7B61672F4478E42FDB8E023B5BFD29C313A22DEEEE75FCF66BF638F8D48156E98694F110B7D324
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Andreas M Nilsson, Christoffer Enqvist.; 4.59 : Bernhard Eriksson.; 22.00 : (2022-06-20) Mikael Hiort af Orn.s.;.;.;.;.;.;.;.;.0.7-Zip.Swedish.Svenska.401.OK.Avbryt....&Ja.&Nej.&St.ng.Hj.lp..F&orts.tt.440.Ja till &alla.Nej till a&lla.Stoppa.Starta om.&Bakgrunden.&F.rgrunden.&Pausa.Pausad..r du s.ker p. att du vill avbryta?.500.&Arkiv.&Redigera.&Visa.&Favoriter.Verkt&yg.&Hj.lp.540.&.ppna..ppna &internt..ppna &externt.&Visa.&Redigera.&Byt namn.&Kopiera till....&Flytta till....&Ta bort.&Dela upp fil....&Sammanfoga filer....E&genskaper.Komme&ntera.Ber.kna kontrollsumma.Differens.Skapa mapp.Skapa fil.&Avsluta.Skapa l.nk.&Alternativa datastr.mmar.600.Markera &alla.Avmarkera alla.&Invertera markering.Markera....Avmarkera....Markera efter typ.Avmarkera efter typ.700.St&ora ikoner.Sm&. ikoner.&Lista.&Detaljerad lista.730.Osorterad.Platt vy.&Tv. paneler.&Verktygsf.lt..ppna rotmappen.Upp en niv..Mapphistorik....&Uppdatera.Uppdatera automatiskt.75
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5370
                                                                                                                                                                                                Entropy (8bit):5.1403349462862655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:TF4kLCz94zsWXCgceerMLYVX0r/TL9PWE8OLBMTUgJiRNJ5zBD0N+VrmifAAec1T:94m3CjrMLY+LNPwOJgJiRj0tgAXc1jv
                                                                                                                                                                                                MD5:28E69DD6E397FA98C07088E4CDBEF1F4
                                                                                                                                                                                                SHA1:56E4A46B5C7360F609683562E617C75C28CD447C
                                                                                                                                                                                                SHA-256:57AE544F3F9E8BF5D96CE1F9CFE5648EB6C1E2F5604DA6EB0C80AE24BC1A40D7
                                                                                                                                                                                                SHA-512:6BDE04F3BBD42E73EA3E0A93E8EF69149F25DAE491051D1655A85718AF4D51F5247C610D87C20227F94BEEEBA038D54F7B213B0443382D080E87722485941AAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Rizoy. Xerz..;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kurdish.Kurd..401.Temam.Betal....&Er..&Na.Bi&gire.Al.kar...Bi&dom.ne.440.&Ji Bo Hem.y. Er..Ji &Bo Hem.y. Na.Raweste.D.sa Destp.ke.L%i Pi.t.Li &P...&Rawest.ne.Rawestiya -.Ma bila betal bibe?.500.&Dosya.&Bipergal.ne.&N..an Bide.Bi&jare.&Am.r.A&l.kar..540.&Veke.&Di Panel. De Veke.Di &Pacey. De Veke.&N..an Bide.&Sererast bike.&Navek. N. Bid..&Ji Ber Bigire.B&ar Bike.J. B&ibe.Par.e Bi&ke....Bike &Yek....&Taybet..Da&xuyan..checksum heseb bike..Pe&ldankeke N..Do&siyeke N..De&rkeve.600.&Hem.y. hilbij.re.He&m. hilijartin. rake.Be&revaj. w. hilbij.re.&Hilbij.re....Hilbijarti&n. Rake....V. curey. hilbij.re.Hilbijartina cure rake.700.&Daw.r.n Mezin.D&aw.r.n Bi..k.&L.ste.&H.ragah..730.B. Dor.xuyakirina sade.&2 Panelan veke.Da&rik. am.ran.Peldanka Kok Veke.Astek. Berjor.D.roka Peldank.....&N. Bike.750.Darik. ar..v..Darik. standart.Bi.kojk.n mezin.Bila niv.s
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8236
                                                                                                                                                                                                Entropy (8bit):4.571978993858432
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:XJLEhYBUC2Yz4e1uxLpnJ2Ega8W2uW55tmTG:FUC2YzJkxFnJ2ET8W2uW5H
                                                                                                                                                                                                MD5:23502D5CDD3671B634832D5F722CF5EA
                                                                                                                                                                                                SHA1:443FB98DF15B8BFD081802938E180A87EE24104D
                                                                                                                                                                                                SHA-256:FA12CA0BE49F4921D06268FAD673838C3A4644A70DC374A931997178F588E8F4
                                                                                                                                                                                                SHA-512:E1FC00A7AD4A817B32370F2C03EA10473070B9D2FEBC29BB87D95FF2670E8E47FF27B2C2B6D63396306DC0185E127A49F602E969166CB27073FEB735CFA47AF8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : 2007-12-26 : Pathanisation Project.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Pashto......401.................&...&......&...............&.440..... .. ..&..&... .. ......................&.......&......&........... ...... .... ..... .. ... .. .....500......&.....&....&..&...........&......&.540.........&.....& ............ .&...........&.....&...&............ .....&...... .....&......&......... ...&......... ...&...................&........ ........... ........... .......&....600.... ....&.... ............ .......&..................... ... ....... ... .......700...&. ...........&... ............&.........&.730..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8039
                                                                                                                                                                                                Entropy (8bit):4.830174437133884
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:FGtF7C6fBky7MIFT0T222a6CjlHtLG0mHR7s:O/fNaS2J6CjxdN
                                                                                                                                                                                                MD5:BAAC3FF9FC4B6A656AC7C51D44117BD9
                                                                                                                                                                                                SHA1:FEACD226EFB71EE149424F39AB47EBF6F64CAB04
                                                                                                                                                                                                SHA-256:9FED3C0B4E67673BC1D8BBD67D1F6651FADE030F98D12173C3564F2C492A67F8
                                                                                                                                                                                                SHA-512:44413A73CD0DE02F245CB5D8B35BB457AE136C1C2BBB76934F120F6D0B14FCE928B4763475730F018C6E4B4AD4881A32CF1C99879C197CC4E70B8A992B3BFCA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 15.00 : 2020-05-15 : Mara Gati Lucky.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Swahili.Kiswahili.401.Sawa.Ghairi....&Ndio.&Hapana.&Funga.Usaidizi..&Endelea.440.Ndio kwa &zote.Hapana kwa z&ote.Simamisha.Washa upya.&Mandharinyuma.&Mandharimbele.&Tuliza.Imetulizwa.Una uhakika unataka kughairi?.500.&Faili.&Hariri.&Mwoneko.Z&inazopendwa.&Zana.&Usaidizi.540.&Fungua.Fungua &ndani.Fungua n&je.&Mwoneko.&Hariri.Pati&a jina upya.&Nakili hadi....&Sogeza hadi....&Futa.&Gawiza faili....Ung&anisha nyaraka....S&ifa.Toa m&aoni....Kokotoa checksum.Tofautisha.Unda kabrasha.Unda faili.F&unga.Kiungo.&Mitiririsho mbadala.600.Teua &zote.Ondoa uteuzi wote.&Pindua uteuzi.Teua....Ondoa uteuzi....Teua kulingana na aina.Ondoa uteuzi kulingana na aina.700.Iko&ni kubwa.Ikoni ndogo.&Orodha.&Maelezo.730.Haijapangwa.Mwoneko bapa.&2 paneli.&Miambaa zana.Fungua kabrasha shina.Juu kiwango kimoja.Historia ya folda....&Weka upya.Weka upya kioto.750.Mwambaa zana wa akiba.Mwambaa zana wa kawaida.Vitufe vikubwa.Onyesha m
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8407
                                                                                                                                                                                                Entropy (8bit):4.980893267908514
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:hTCvOZThlzUkVNOjf9FvELDTMerNJ+svj0hId:hTCv23NkrvS4MWo
                                                                                                                                                                                                MD5:722551A008A99008006AF6CE4161537A
                                                                                                                                                                                                SHA1:294ABEA21D393BF624A4A97C1B4DB63D3332C312
                                                                                                                                                                                                SHA-256:6B53FB390DA88BD79D76487FF30466AE972976D2EED030ADE6D9B93991B99CBC
                                                                                                                                                                                                SHA-512:4BDE588E3ADD4B20B3DD89953136A655E0521CF3EC97E72A7FF337BF64E41F3DA75F60E4E56C5B833B86D6C23FAFAA92EBB0EFFE1D063D499EF3992C60BAC8F0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 22.01 : 2022-07-17 : Jadran Rudec.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Slovenian.Sloven..ina.401.Vredu.Prekli.i....&Da.&Ne.&Zapri.Po&mo...&Nadaljuj.440.Da za &vse.Ne za v&se.Ustavi.Znova za.eni.Ozad&je.&Ospredje.Premor.Na premoru.Ali ste prepri.ani, da .elite preklicati?.500.Datoteka.Urejanje.&Prikaz.Priljubljene.Orodja.Pomo..540.&Odpri.Odpri &znotraj.Odpri zu&naj.P&rikaz.&Uredi.Prei&menuj.&Kopiraj....&Premakni....Iz&bri.i.&Razdeli datoteko....&Zdru.i datoteke....L&astnosti.Ko&mentar.Izra.unaj preizusno vsoto.Razlika.Ustvari mapo.Ustvari datoteko.&Izhod.Povezava.&Nadomestni tokovi.600.Izberi &vse.Razveljavi izbiro vseh.&Preobrni izbor.Izberi....Razveljavi izbiro....Izberi po vrsti.Razveljavi izbiro po vrsti.700.&Velike ikone.&Majhne ikone.&Seznam.&Podrobnosti.730.Nerazvr..eno.Ploski prikaz.&Dve podokni.&Orodne vrstice.Odpri korensko mapo.Eno raven navzgor.Zgodovina map....&Osve.i.Samodejno osve.i.750.Orodna vrstica arhiva.Srandardna orodna vrstica.Veliki gum
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14672
                                                                                                                                                                                                Entropy (8bit):4.2852957756152215
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:2dRJSgU9qXjQ8Ob5bpXUa09uQEjvj1/vkW/J/Y/pfN15N:AU9qTQ8sZpXUa09uZp1BQRlB
                                                                                                                                                                                                MD5:0E053B461B1840743441F2B74D73E3EE
                                                                                                                                                                                                SHA1:C3F211F45C0702531C0BB09C13EAFE32634EE9CC
                                                                                                                                                                                                SHA-256:DD414D39F8DA2FBD5CAA0C7A7A9155C5F802B4D45F2E8828A79C7B4B63BD1179
                                                                                                                                                                                                SHA-512:8E2144242E9000290DAD52008B3DB9878B35C1C3182B74273965A5F7B4DC4AFE146D2C97A5318525ADE263753F08413A6FA45B7EC38F9C56D5042787D9E6C78E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-21 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uzbek-Cyrillic.........401......... ..........&...&....&.............&..... ......440....... &......... &.......................&......&..... .....&..... ............ ............. ..........?.500.&.....&............&........&.............&.........&......540.&......&........ ......&......... ......&........&............&..... .........&.......... ..............&.......... ............&.... .........&...... ..........&......... ................&............&.............. ...................... ........... .......&.....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6029
                                                                                                                                                                                                Entropy (8bit):4.993685353064603
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:TqjTBrLVXTzyIu8alVMSv5FbPtnG5kSksLzJ94KoD0vL0L5nsseiF3F3NPYrAE6g:Y1HyOmX5pPtnMzkYJ9HoD00xNPEAErS8
                                                                                                                                                                                                MD5:03D38F09189799A0D927727D071C54B6
                                                                                                                                                                                                SHA1:17FF3A2C83E6A0B0733F2A9A8CE6B83AF4F1B137
                                                                                                                                                                                                SHA-256:C1C050ED6FE2F8FBC048FD7D82944B8ADA784415B6E62316D590C3C7AA45E112
                                                                                                                                                                                                SHA-512:E511C1A271A3D78CB7F6111759EEC4D7CFC2D46F71F87AA3C4AC1BB11CD4E55E7D4DBE54F9C5107025FFE8C5FCADAD4359DC673BC802B82388E74A8F2FA60FF7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : Berend Ytsma.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Frisian.Frysk.401.Okee.Ofbrekke....&Jawis.&Nee.&Slute.Help..&Ferfetsje.440.Jawis foar &Alles.Nee foar A&lles.Stopje.Opnij begjinne.&Eftergr.n.&Foargr.n.&Skoftsje.Skoft.Binne jo wis dat jo .fbrekke wolle?.500.&Triem.&Bewurkje.&Byld.B&l.dwizers.&Ark.&Help.540.&Iepenje.Iepenje &yn.Iepenje b.&ten.&Byld.&Bewurkje.Omne&ame.&Kopiearje nei....&Ferpleats nei....&Wiskje.Triemmen &spjalte....Triemmen Kom&binearje....E&igenskippen.Komme&ntaar.Kontr.lesom berekenje..Map meitsje.Triem meitsje.U&tgong.600.&Alles selektearje.Alles net selektearje.&Seleksje omdraaien.Selektearje....Net selektearje....Selektearje neffens type.Net selektearje neffens type.700.Gru&tte Ikoanen.L&ytse Ikoanen.&List.&Details.730.Net Sortearre.Platte werjefte.&2 Panielen.&Arkbalke.Haadmap iepenje.Ien nivo omheech.Maphistoarje....&Ferfarskje.750.Argyf arkbalke.Standert arkbalke.Grutte knoppen.Knoptekst sjen litte.800.Map oan bl.dwizers &taheakje as.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8236
                                                                                                                                                                                                Entropy (8bit):6.029530102631068
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:6vCfchxHZbOVSVzaAP67peMNyE7nA95tLPggo:OxM0VLP677y4Y1PgF
                                                                                                                                                                                                MD5:D13839AF103477DF8CFD0BC2EB876EB0
                                                                                                                                                                                                SHA1:93AF39EBEB9677003DB67B386588409329104F4E
                                                                                                                                                                                                SHA-256:D04E5BD3BF1E3F3754C3603889AA1B659D1DAC518C5C6B5C1C49ECF16DCA1C01
                                                                                                                                                                                                SHA-512:DD79B5A8790E906E8BBE3FE69476126AB76ED472B4374E5FB7F4B272365BC305492832A1E3B95D22FC7D3C9EDD9B013C7BC8871C6BC85A717ACF3B361DA1900F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 2.30 : 2002-09-07 : Modern Tiger, kaZek, Hutu Li.; 3.08 : 2003-08-29 : Tunghsiao Liu.; 22.00 : 2022-06-09 : Tunghsiao Liu.; 24.05 : 2024-05-16 : MagicGenius.;.;.;.;.;.;.;.0.7-Zip.Chinese Simplified......401...........(&Y)..(&N)...(&C).......(&C).440...(&A)...(&L)...........(&B)...(&F)...(&P).............500...(&F)...(&E)...(&V)...(&A)...(&T)...(&H).540...(&O).......(&I).......(&U)...(&V)...(&E)....(&M)....(&C).......(&M)......(&D).....(&S)........(&B)......(&R)...(&N)........................(&X).........(&A).600...(&A)........(&I).....................................700....(&G)....(&M)...(&L).....(&D).730.............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12057
                                                                                                                                                                                                Entropy (8bit):3.6721380731890467
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:MZOpgEdXp2Aj1N1YZsHFoXmj6OI1v/O2RmrNqBSXGdCdfy01K:x3X4xO2RmUqqX
                                                                                                                                                                                                MD5:DD0AE446AD4C5D6F20DB6ECE80F21606
                                                                                                                                                                                                SHA1:CDDB5DC08DA094FF69E48C1AF7E329F6B83FB6A6
                                                                                                                                                                                                SHA-256:AE1A795105574BF2674A5DE98A4F06CADD9C79DEBDE9FC288F64B3D607FA329D
                                                                                                                                                                                                SHA-512:543777575D32B9E1A67AFA2380B7953B79F3031AD6421314BA1DD957EC356FC0446903E09CA70A4E61F1264FC87846C968574D3ADF90F1563BAE3CCCA875636F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.13 : Ve Elanjelian : ThamiZha! team.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tamil.......401................................................440.............. ................. .......................................................... ................. .................... ...... ..... .................?.500..................................................540.......... .......... ........................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8803
                                                                                                                                                                                                Entropy (8bit):4.986977159662758
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3nw9pDahG/twoHcW5W3PpCPa5zRHKDBZ0EeKIl3d10aeKY8FDiM:yDGG/twoHJ5Wf9i0EpTAiM
                                                                                                                                                                                                MD5:264FB4B86BCFB77DE221E063BEEBD832
                                                                                                                                                                                                SHA1:A2EB0A43EA4002C2D8B5817A207EB24296336A20
                                                                                                                                                                                                SHA-256:07B5C0AC13D62882BF59DB528168B6F0FFDF921D5442FAE46319E84C90BE3203
                                                                                                                                                                                                SHA-512:8D1A73E902C50FD390B9372483EBD2EC58D588BACF0A3B8C8B9474657C67705B6A284BB16BBA4326D314C7A3CC11CAF320DA38D5ACB42E685ED2F8A8B6F411F4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Josep Casals, Marc Folch.;.17.01.: Benet..BennyBeat..R..i.Camps.;.;.;.;.;.;.;.;.;.0.7-Zip.Catalan.Catal..401.D'acord.Cancel.la....&S..&No.Tan&ca.Ajuda..&Continua.440.S. a &tot.No a t&ot.Atura.Re&inicia.Rere&fons.Prim&er pla.&Pausa.Pausat.Segur que voleu cancel.lar?.500.&Fitxer.&Edita.&Visualitza.&Preferits.E&ines.Aj&uda.540.&Obre.Obre d&ins.Obre &fora.&Visualitza.&Edita.Reanom&ena.&Copia a....&Mou a....&Suprimeix.&Divideix el fitxer....Com&bina el fitxer....P&ropietats.Come&ntari.Calcula la suma de verificaci..Compara.Crea una carpeta.Crea un fitxer.S&urt.Enlla&..Flux &alternatiu.600.Seleccion&a-ho tot.No seleccionis res.&Inverteix la selecci..Selecciona....Desselecciona....Selecciona per tipus.Desselecciona per tipus.700.Icones g&rans.Icones petites.&Llista.&Detalls.730.No ordenat.Vista plana.&2 Panells.&Barres d'eines.Obre la carpeta arrel.Carpeta pare.Historial de carpetes....&Actualitza.Actualitza autom.ticament.750.Barra d'eines afege
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8069
                                                                                                                                                                                                Entropy (8bit):4.491280092053577
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:4NYic61W9cfCzaAhqbMUrJt6klXVUatQT+0V2sS14/g1Pa7fC:Uc2nFrJ8IXBQCG7Qam
                                                                                                                                                                                                MD5:1088565A362EBAD250975F46F8A94328
                                                                                                                                                                                                SHA1:406593AC2E74B8911DDA720952B7AFF6C4B5C145
                                                                                                                                                                                                SHA-256:C6A6CC400EE7420BFB680D71B43A9BE1FBC75D7B98AE2B6FFE98229D5EEFADCA
                                                                                                                                                                                                SHA-512:500093986EF49C23829D99251F0ADCD20A6D348A91C74362E95E6D8E73B83F7AD665CB49DA3E47DA1EC671842ABCC2D824850D243EE8D39C41E3568F9C2C89C4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Bayar.; : Bayarsaikhan.;.;.;.;.;.;.;.;.;.0.7-Zip.Mongolian....... ....401.............&.....&.....&..............&...........440....&. ......... .&.............. ........&.. .....&.... ....&... ........ .......... ....... ..... ... ..... ..?.500.&.....&......&.........&..... .....&...........&........540.&.......... &.......... &.....&......&............. .&........... &................ &........&.......&.... ................... ...........&........ ........&............. ........... .........&....600........ ..&............. ......&......... ..................................... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5649
                                                                                                                                                                                                Entropy (8bit):5.023150217249099
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Q1XbkTUCIRe/Ldwrrs0C9t5oOhCtF5Iw7YXjuaPJ6Z7cfjsfcQRQ:EATdIEOrrs0C9t5oOh6bb7QuaPJ6Kfjl
                                                                                                                                                                                                MD5:3B1958DA0544A6C318D18EF5779E81F5
                                                                                                                                                                                                SHA1:67E991A6525DA165145C4584C3D9B398583D7E68
                                                                                                                                                                                                SHA-256:F349529EA4584EBA51CD519B8A1D535D2DAEC762CD7369673B237FA03A526CC7
                                                                                                                                                                                                SHA-512:E9B5E76FC908BC193738781FDBEBD894AE310F6693F7B52D4369BC4F979A8EC9E2201E5A2056FBFC380FDAD3143F3E5A3BC00D7CCB00CEC078BC0E8CAF318861
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.45 : Jostein Christoffer Andersen.; : Kjetil Hjartnes.; : Robert Gr.nning.;.;.;.;.;.;.;.;.0.7-Zip.Norwegian Bokmal.Norsk Bokm.l.401.OK.Avbryt....&Ja.&Nei.&Lukk.Hjelp..&Fortsett.440.Ja til &alt.Nei til a&lt.Stopp.Start p. nytt.&Bakgrunn.&Forgrunn.&Stopp.Stoppet.Vil du avbryte?.500.&Fil.&Rediger.&Vis.&Bokmerker.Verk&t.y.&Hjelp.540.&.pne..pne &internt..pne &eksternt.&Vis.&Rediger.Gi nytt &navn.&Kopier til ..&Flytt til ..S&lett.&Del opp arkiv ..&Sett sammen arkiv ..E&genskaper.&Kommentar ..Beregn sjekksum..Ny &mappe ..Ny f&il ..&Avslutt.600.Merk &alle.Merk i&ngen.Merk &omvendt.Merk ..Merk &ikke ..Merk &valgt type.Merk i&kke valgt type.700.&Store ikoner.S&m. ikoner.&Liste.&Detaljer.730.Usortert.&Flat visning.&To felt.&Verkt.ylinjer.Rotmappe.G. opp et niv..Mappelogg ..&Oppdater.750.Arkivverkt.ylinje.Standardverkt.ylinje.Store knapper.Knappetekst.800.&Bokmerk denne mappen som.Bokmerke.900.&Innstillinger ..&Ytepr.ve ..9
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4967
                                                                                                                                                                                                Entropy (8bit):5.026921958239907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:FlZTprnge/nJYeoPyWxx6aXaNpx4pRfOvFE5Z2k3z7DWdyy/kYZTsJ:FnZ/n2eoPlxxRqNpx4jfOvFE5Ykq/o
                                                                                                                                                                                                MD5:1CF6411FF9154A34AFB512901BA3EE02
                                                                                                                                                                                                SHA1:958F7FF322475F16CA44728349934BC2F7309423
                                                                                                                                                                                                SHA-256:F5F2174DAF36E65790C7F0E9A4496B12E14816DAD2EE5B1D48A52307076BE35F
                                                                                                                                                                                                SHA-512:B554C1AB165A6344982533CCEED316D7F73B5B94CE483B5DC6FB1F492C6B1914773027D31C35D60AB9408669520EA0785DC0D934D3B2EB4D78570FF7CCBFCF9C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Dinamiteru.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Asturian.Asturianu.401.Val.Torgar....&Si.&Non.&Zarrar.Axuda..&Siguir.440.Si a &Too.Non a T&oo.Parar.Reentamar.&De fondu.&En primer planu.&Posar.Posao..Tas fixu que quies paralo?.500.F&icheru.&Remanar.&Ver.F&avoritos.&Ferramientes.A&xuda.540.&Abrir.Abrir &Dientro.Abrir F&uera.&Ver.&Remanar.Reno&mar.&Copiar a....&Mover a....&Borrar.&Partir ficheru....Com&binar ficheros....P&ropiedaes.Come&ntariu...Crear carpeta.Crear ficheru.Co&lar.600.Seleicionar &Too.Deseleicionar too.&Invertir seleici.n.Seleicionar....Deseleicionar....Seleicionar por Tipu.Deseleicionar por Tipu.700.Miniatures &Grandes.&Miniatures Peque.es.&Llista.&Detalles.730.Ens.n Ordenar..&2 Paneles.&Barres de Ferramientes.Abrir Carpeta Raiz.Xubir Un Nivel.Hestorial de Carpetes....Actualiza&r.750.Barra Ferramientes d.Archivu.Barra Ferramientes Normal.Botones Grandes.Amosar Testu nos Botones.800.&A.edir carpeta a Favoritos como.Marca.900.&Opciones....&Bancu d
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18706
                                                                                                                                                                                                Entropy (8bit):4.0202268271567725
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:oUocZSy4PE90cZ+B7H0eEcVN/Pc+SfuwOoq9LNVHS7PzYbZLg97/78BA5UmHezQu:pfSdRz0ezJc+OuwYhaPUudu36KKoMkBj
                                                                                                                                                                                                MD5:5203E172ECB9F384BCE04D243684551F
                                                                                                                                                                                                SHA1:5F6A09B52D729F3F6C95ABA9D29BFD6C7CD0340B
                                                                                                                                                                                                SHA-256:5405E5B04E670FF7A5B5242A3872803725053324FFDC31F71511EA6B2573F6E0
                                                                                                                                                                                                SHA-512:CE6B058891375577EB726A15E5430BCE4450A9C06D3F2D3361FFE5D39C0C47097B6D0E7CDC7B907A8E5F23FA8FA5A1866661A2AA3167D982FD5AEEC33FA39077
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : ...... ....... (Supun Budhajeewa).; 15.00 : ..... ..... (HelaBasa Group).;.;.;.;.;.;.;.;.;.0.7-Zip.Sinhala.......401...............&....&.....&............&........440.&........ ............ ............... .......&..........&..........&..................... ...... ..... .. ........?.500.&......&.........&.......&............&.......&.....540.&..... ......&..... ..... ......&....... ..... ......&.......&.........&... ... ......&... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17799
                                                                                                                                                                                                Entropy (8bit):3.496980139147961
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:E1OSMW33zMcaSwOgS6YQ9g/t+25rTHTIa5OVBUPSIqGA:EttJhq
                                                                                                                                                                                                MD5:C99E6572F5638599DBCA2CEAC337A320
                                                                                                                                                                                                SHA1:73C64554A00C6D5A3DAB8A2E7BD50426D6C7B6F4
                                                                                                                                                                                                SHA-256:8DD6073B585DD2E9D8CDD8E0FCE7DFEAF2F5A2D8BFC3059F67EAA3D8B5EB2D9E
                                                                                                                                                                                                SHA-512:CDE3D44793D1ABAB3B8D0BA71D1AF85C7CA49B37F4331B43D546D1F2022FC9CEDD1188869ACEE5BF9B74046788DAF26F4E4658AF86663065339103D2A602F7AA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.23 : 2011-09-25 : Translated by Giorgi Maghlakelidze, original translation by Dimitri Gogelia.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Georgian.........401.OK.............&.....&....&...................&...........440..... &............... ...&..........................&........&.... .......&.........&.................... ..... .......... ........?.500.&......&...........&......&........&............&..........540.&............. &............. ..&......&.............&......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9756
                                                                                                                                                                                                Entropy (8bit):5.222646559853333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:CKtangmNvbq5nFczPipu9FS1zPf6MHH2L6NyE8uP+G0O249bgCGLpO6u:RtangimWPieFSRPyE8uvLyo
                                                                                                                                                                                                MD5:CD44EF9F1C6526A18D9956517E510C16
                                                                                                                                                                                                SHA1:DD65DAD1B27F26B538CB3C8FC11895A7C6A81F20
                                                                                                                                                                                                SHA-256:D8DDEEC7A1D5F98BE9FE727D47F8BDF733E21693E988DCFE48089AC3344DCF30
                                                                                                                                                                                                SHA-512:51676AE9C163686DAD3748E2DEC7898ED218673D15AF741404C4EB30E8E8C23CC8C5BB7E33E1B7CC40DE56C1ACFE2639711F47BFAC9EF9FAE5703EAA889F924D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 24.04 : 2024-04-05 : Ahmet Murat .ZHAN.; 22.00 : 2023-05-28 : Emir SARI.; 15.00 : 2018-11-21 : Kaya Zeren.; 9.07 : 2009-09-22 : X-FoRcE.;.;.;.;.;.;.;.0.7-Zip.Turkish.T.rk.e.401.Tamam..ptal....&Evet.&Hay.r.&Kapat.Yard.m..&Devam.440.T.m.ne &Evet.T.m.ne &Hay.r.Durdur.Yeniden Ba.lat.&Arka Planda..&n Planda.&Duraklat.Duraklat.ld...ptal etmek istiyor musunuz?.500.&Dosya.&D.zen.&G.r.n.m.&S.k Kullan.lanlar.&Ara.lar.&Yard.m.540.&A..7-Zip ..i&nde A..&Varsay.lan Uygulamada A..&G.r.nt.le.&D.zenle.&Yeniden Adland.r.Klas.re &Kopyala....Klas.re &Ta......&Sil.Dosyay. &B.l....Dosyalar. Bi&rle.tir.....&zellikler.A..kla&ma.....Sa.lamalar. Hesapla.Fark.Klas.r Olu.tur.Dosya Olu.tur.&..k.Ba.lant..&Di.er Ak..lar.600.&T.m.n. Se..T.m.n.n Se.imini Kald.r.Se.imi &Tersine .evir.Se.....Se.imi Kald.r....T.re G.re Se..T.re G.re Se.imi Kald.r.700.&B.y.k Simgeler.&K...k Simgeler.&Liste.&Ayr.nt.lar.730.S.ralamas.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5525
                                                                                                                                                                                                Entropy (8bit):4.991041089735878
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:ewwLOC33eUlHAlE7zRzo7JAIXFZmN8oczCrsJfYsJgLu/wfYlRxKXHM2pPf8vzp:DwLv+UVAi7zRzo7uqFYN8JCrsxYseywc
                                                                                                                                                                                                MD5:780514AF9E967D8AA65005365EFA7D78
                                                                                                                                                                                                SHA1:9E060F149B110D0A0675B75D4A7B960563ACCA05
                                                                                                                                                                                                SHA-256:DB540E1A6B8FFFF2497F9C1A63F85CB5F345F8CBA767F05377C0365ABAF7B7D4
                                                                                                                                                                                                SHA-512:F85FEEFF1E89A371EB1143D695C76FBF84AFEE3699221E6E6CE7703A91EA80AC01AF27D34635FA2B61B1D6D979CB91BB98AFFBDB1CDFAE6CD04251A095EEEC84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.45 : Robert Gr.nning.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Norwegian Nynorsk.Norsk Nynorsk.401.OK.Avbryt....&Ja.&Nei.&Lukke.Hjelp..&Hald fram.440.Ja til &alt.N&ei til alt.Stopp.Start p. nytt.&Bakgrunn.&Forgrunn.&Pause.Sett p. pause.Er du sikker p. du vil avbryte?.500.&Fil.&Redigere.&Vis.F&avorittar.Verk&t.y.&Hjelp.540.&Opna.Opna &Inni.Opna &Utanfor.&Vis.&Redigere.Endra &namn.&Kopiere til....&Flytt til....&Slett.&Del opp fil....Set saman filer....&Eigenskapar.Ko&mmentar.Rekna ut kontrollnummer..Opprett mappe.Opprett fil.&Avslutta.600.&Merk alle.Fjern alle markeringar.&Omvendt markering.Marker....Fjern markering....Merk etter type.Fjern markering etter type.700.S&tore ikon.S&m. ikon.&Lista.&Detaljar.730.Assortert.Flat vising.&2 felt.&Verkt.ylinjer.Opna kjeldemappa.Opp eit niv..Mappelogg....&Oppdatere.750.Arkiv verkt.ylinje.Standard verkt.ylinjer.Store knappar.Vis knappetekst.800.&Legg mappe til i favorittar som.Bokmerke.900.&Val....&Yting test.960.&Innhold....&Om
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11444
                                                                                                                                                                                                Entropy (8bit):4.995289206779897
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:arUs6wOYcVCr1oX7A18zsuX/Y0Nf+6X5gOiAKNWw9BfpN5uc7Fd5:arWwzTr1oM1fuPJNf+26ORwAYH
                                                                                                                                                                                                MD5:DE64842F09051E3AF6792930A0456B16
                                                                                                                                                                                                SHA1:498B92A35F2A14101183EBE8A22C381610794465
                                                                                                                                                                                                SHA-256:DCFB95B47A4435EB7504B804DA47302D8A62BBE450DADF1A34BAEA51C7F60C77
                                                                                                                                                                                                SHA-512:5DABEED739A753FD20807400DFC84F7BF1EB544704660A74AFCF4E0205B7C71F1DDCF9F79AC2F7B63579735A38E224685B0125C49568CBDE2D9D6ADD4C7D0ED8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-04-06 : Patriccollu di Santa Maria . Sich. (Latest Update).; 22.00 : 2022-06-21 : Patriccollu di Santa Maria . Sich. (Update).; 15.00 : 2015-04-26 : Patriccollu di Santa Maria . Sich. (Update).; 9.20 : 2010-12-12 : Patriccollu di Santa Maria . Sich. (Creation).;.;.;.;.;.;.;.0.7-Zip.Corsican.Corsu.401.Vai.Abbandun.....&S..&N..&Chjode.Aiutu..&Cuntinu..440.S. per &tutti.N. per t&utti.Piant..Rilanci..Tacca di &fondu.&Primu pianu.&Pausa.In pausa.Vulete veramente annull..?.500.&Schedariu.&Mudific..&Affiss..&Favuriti.A&ttrezzi.Ai&utu.540.&Apre.Apre in &7-Zip.Apre in l.espluratore Windows.&Fighj. (esad.).&Mudific..&Rinumin..&Cupi. versu..&Dispiazz. versu..S&quass..&Sparte u schedariu..&Unisce i schedarii..&Prupriet..Cumme&ntu..Calcul. a somma di cuntrollu.Paragun. e sfarenze (Diff).Cre. un cartulare.Cre. un schedariu.&Esce.Liame.Flussi a&lternativi.600.&Tuttu selezziun...n selezziun. &nunda.&Arritrus. a selezzi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18214
                                                                                                                                                                                                Entropy (8bit):4.4284329818199835
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WkmihmxWquSsgldTiXtY5FxrbM/7uo6txGZ+r6GjuXxQlzHd:tmlwyidYnxrU7u/xk+r6GjuXxQdHd
                                                                                                                                                                                                MD5:5894A446DF1321FBDDA52A11FF402295
                                                                                                                                                                                                SHA1:A08BF21D20F8EC0FC305C87C71E2C94B98A075A4
                                                                                                                                                                                                SHA-256:2DD2130F94D31262B12680C080C96B38AD55C1007F9E610EC8473D4BB13D2908
                                                                                                                                                                                                SHA-512:0A2C3D24E7E9ADD3CA583C09A63BA130D0088ED36947B9F7B02BB48BE4D30EF8DC6B8D788535A941F74A7992566B969ADF3BD729665E61BFE22B67075766F8DE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Vasileios Karakoidas, Jacaranda Bill, Vasilis Kosmidis.; 9.07 : SkyHi [HDManiacs Team].; 15.00 : 2015-05-07: Pete D.; 24.04 : 2024-04-05: John Stamatakis.;.;.;.;.;.;.;.0.7-Zip.Greek..........401.OK..........&.....&...&..................&.........440.... .. &....... .. .&...&...................... &.............. &..........&................... ........ ... ...... .. .........;.500.&.......&.............&..........&...........&.....&........540...&............. ... &.... ................ .. &... ..........&..........&...........&..............&.............&................&...&.......... ...........&........ ...........&......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9030
                                                                                                                                                                                                Entropy (8bit):5.086332956902943
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3Lr7I2B5SmXxKKB7X47iyaljy7Peu1T96mo:3Lr1LBKKa7ipjy6ux96mo
                                                                                                                                                                                                MD5:B8056CBA4EDEB98D298D16EDBC34D678
                                                                                                                                                                                                SHA1:A4D39C3EDA31F8CE72C62E1DB91DEEABC884CEB0
                                                                                                                                                                                                SHA-256:9C15DB408E32DC699F598AAB30F539F91A212E5FBAEE2095022E24B3F1F09ECD
                                                                                                                                                                                                SHA-512:5C3FB76A5502C7C0312A32CFF38F99C303225C31C3E5C6041765BC2BEB0E9D5AC9CB4F543B80ECA969D54723A52122601B2074AFA8991AD64B92CFDA91104DC6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : Marius Navickas.; 4.57 : Domas Jokubauskis.; 15.05 : Vaidas777.;.;.;.;.;.;.;.;.0.7-Zip.Lithuanian.Lietuvi..401.Gerai.At.aukti....&Taip.&Ne.&U.daryti.Elektroninis .inynas..&T.sti.440.T&aip Visiems.Ne v&isiems.Sustabdyti.I. naujo.&Fone.&Pirminis procesas.&Laikinai sustabdyti.Laikinai sustabdyta.Ar j.s esate tikri, kad norite at.aukti?.500.&Failas.K&eisti.&Rodyti.M.gi&amiausi..ran&kiai.&Elektroninis .inynas.540.&Atverti.Atverti v&iduje.Atverti i.&or.je.&Rodyti.K&eisti.Pervadi&nti.&Kopijuoti .....&Perkelti ......alin&ti.&Skaidyti fail.....Jungti &failus....Savy&b.s.Kome&ntuoti.Skai.iuoti kontrolin. sum..Sulyginti.Sukurti aplank..Sukurti fail..I.ei&ti.Nuoroda.&Alternatyv.s srautai.600.Pa.ym.ti &visk..Nu.ym.ti visk..Atv&irk.tinis .ym.jimas.Parinkti....At.ym.ti....Pasirinkti pagal tip..At.ym.ti pagal tip..700.Did&el.s piktogramos.&Ma.os piktogramos.&S.ra.as.&I.samiai.730.Ner..iuotos.Nepaisyti aplank..&2 skydeliai.&
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8888
                                                                                                                                                                                                Entropy (8bit):5.049104436584185
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:cNml3r3hrOfvZQY19CUfwb8NKLHnxA4vN5rBBb7U7folni:Sml3r3hrWvZQ69CUfwb84LHxAulBv0oE
                                                                                                                                                                                                MD5:4479712709B19297483D020D11164745
                                                                                                                                                                                                SHA1:ADBF9F8EF1C44E7F7D13EF5E0ABE1F49C4ED3F1B
                                                                                                                                                                                                SHA-256:D62F8D3E7AA1F2636A1AD1B2AEDE0DA9FD725941A5F81D24A9B0B7599CAF0F50
                                                                                                                                                                                                SHA-512:A857B93E9991AEE4CDD6730DE538AB3BFD13620D0A99AEA1F49859B0D479EF4F757C4D99846FC1754691802B5DAFD044FC306BD31C0429DCF15EB5DC3C0B9036
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-20 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uzbek.O.zbekcha.401.OK.Bekor qilmoq....&Ha.&Yo.q.&Yopmoq.Ko.mak..&Davom etmoq.440.Bariga &ha.Bariga &yo.q.To.xtatmoq.Qaytadan.&Fonda.&Fonda emas.&Pauza qilmoq.Pauza qilindi.Bekor qilinsinmi?.500.&Fayl.&Tahrirlamoq.&Ko.rinish.&Tanlanganlar.&Jihozlar.&Ko.mak.540.&Ochmoq.&Ichkarida ochmoq.&Tashqariga ochmoq.&Ko.rinish.&Tahrirlamoq.&Qayta nomlamoq.&Quyidagiga nusxalamoq....&Quyidagiga ko.chirmoq....&Olib tashlamoq.&Faylni bo.lmoq....&Fayllarni birlashtirmoq....&Xususiyatlar.&Sharh....Yakuniy summa.Taqqoslamoq.Jild tuzmoq.Fayl tuzmoq.&Dasturdan chiqmoq.Havola.&Muqobil oqimlar.600.&Barini tanlamoq.Barini tanlamaslik.&Teskari tanlash.Tanlamoq....Tanlamaslik....Turi bo.yicha tanlamoq.Turi bo.yicha tanlamaslik.700.&Yirik ikonkalarda.&Kichik ikonkalarda.&Ro.yxatsimon.&Tafsilotli.730.Saralamaslik.Bejirim ko.rinish.&2 ta panelda.&Jihozlar.Asosiy jildni ochmoq.Bir pog.ona yuqoriga
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14259
                                                                                                                                                                                                Entropy (8bit):4.017885484807124
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Y/e1CL/yBWxhjeGTRjDKRC+miO7X8D+PoLQoTvKbVs4R2wjw6tK/BHHwpW0:Y/ekejg7X8GuQ8IsXw06t1b
                                                                                                                                                                                                MD5:C9AD9D02C661644F79820E779A6D3F0F
                                                                                                                                                                                                SHA1:92BD000AF1EA18B2FE8941CA4DF15858B4B53106
                                                                                                                                                                                                SHA-256:E542C19640D39F3C56BF11A9EAADB554D7E74D8EC525D41A321E97C5AE5191C5
                                                                                                                                                                                                SHA-512:40D178A217DD51A188E5C2AC5EB59DB62DB95DD0A7063E39B1ECFAD0943BB54A118767890D3AA7A753D7316AA2F0494CEF8BD81512D611AC2856256C524A5D0F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : Gurmeet Singh Kochar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Punjabi, Indian........401.... ...... .......... (&Y)..... (&N).... ... (&C)........... ... (&C).440....... .. ... (&A)....... .. .... (&l)......... .... ............. (&B).......... (&F)..... (&P)..... ....... ..... ........ .. ... .... ....... ..?.500..... (&F).... (&E)..... (&V)........ (&a).... (&T)..... (&H).540..... (&O)..... .... (&I)..... .... (&u)...... (&V).... ... (&E).... .... (&m)..... ...... .. ... ..... (&C)........ ...... .. ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7113
                                                                                                                                                                                                Entropy (8bit):4.969992127036655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:M7Bz8oq24hcsQzhPDu1FnweRCV2RnnfI9Mw2yzryIclVXPWMcg:M7Bz7wcse7uvFFnQMw2yzryIgXP3cg
                                                                                                                                                                                                MD5:06B08FE12C0F075D317CF9A2A1DD96BC
                                                                                                                                                                                                SHA1:0062BA87B9207536B9088E94505D765268069F63
                                                                                                                                                                                                SHA-256:6BA88938C468E7217BD300B607D7A730530E63D1F97562604EC0BB00D66A06C9
                                                                                                                                                                                                SHA-512:9F9FB1C045D92C1F8035D547554457E3466AE861A04F1CD3F57965E4A92F0FC433B2A7B3E9E1E71588E97F8C73D5914A750DEDED5D3056E327D7EFE19A220198
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.60 : Andrea Decorte (Klenje) : secont l'ortografie ufici.l de Provincie di Udin.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Friulian.Furlan.401.Va ben.Scancele....&S..&No.&Siare.&Jutori..&Continue.440.S. &a ducj.No a &ducj.Ferme.Torne a invi..&Sfont.P&rin plan.&Pause.In pause.S.stu sig.r di vol. scancel.?.500.&File.&Modifiche.&Viodude.&Prefer.ts.&Imprescj.&Jutori.540.&Viar..Viar. dentri 7-&Zip.V&iar. f.r di 7-Zip.&Mostre.M&odifiche.Gambie &non.&Copie in....M.&f in....&Elimine.&Div.t file....Torne a &un. files....P&ropiet.ts.Comen&t.Calcole so&me di control..Cree cartele.Cree file.V&a f.r.600.Selezione d&ut.&Deselezione dut.&Invert.s selezion.Selezione....Deselezione....Selezione par gjenar.Deselezione par gjenar.700.Iconis &grandis.Iconis &pi.ulis.&Liste.&Detais.730.Cence ordin.Viodude plane.&2 panei.Sbaris dai impresc&j.Viar. cartele princip.l.Parsore di un nivel.Storic des cartelis....&Atualize.750.Sbare dai imprescj par l'archivi.Sbare dai imprescj sta
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9604
                                                                                                                                                                                                Entropy (8bit):5.370172151079095
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ze8r7alD8BavrdGWTTB6wSOzGYcf4j0GgbX8SvggPrPnt:6eAD8Born6pAGYcfvbXQgDPt
                                                                                                                                                                                                MD5:3C297FBE9B1ED5582BEABFC112B55523
                                                                                                                                                                                                SHA1:C605C20ACF399A90AC9937935B4DBDB64FAD9C9F
                                                                                                                                                                                                SHA-256:055EC86AED86ABBDBD52D8E99FEC6E868D073A6DF92C60225ADD16676994C314
                                                                                                                                                                                                SHA-512:417984A749471770157C44737EE76BFD3655EF855956BE797433DADC2A71E12359454CC817B5C31C6AF811067D658429A8706E15625BF4CA9F0DB7586F0AE183
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : F@rhad.; 15.02 : 2015-03-29 : .. ........; 23.01 : 2023-06-25 : Az.r.;.;.;.;.;.;.;.;.0.7-Zip.Azerbaijani.Az.rbaycanca.401.OLDU..mtina....&B.li.&Xeyr.&Ba.lamaq.K.m.k..&Davam.440.&Ham.s.na B.li.Ha&m.s.na Xeyr.Dayan.Yenid.n ba.lamaq.&Arxa planda..&nd..F&asil..Fasil.d..H.qiq.t.n .m.liyyat. dayand.rmaq ist.yirsiniz?.500.&Fayl.&D.z.li..&G.r.n...S&e.ilmi.l.r.&Vasit.l.r.&Aray...540.&A.maq.&Daxild. A.maq.B&ay.rda a.maq.&Bax...&D.z.li..Ye&nid.n Adland.rmaq.&N.sx.l.m.k....&K...rm.k....&Silm.k.Fayl. &B.lm.k....Fayllar. B&irl..dirm.k....X&.susiyy.tl.r...r&h....Yoxlama C.mi.M.qayis..Qovluq Yaratmaq.Fayl Yaratmaq..&.x....stinad.&.v.zedici Ax.nlar.600.&Ham.s.n. Se.m.k.Se.imin L..vi.&Se.imi .evirm.k.Se.m.k....Se.imin L..vi....N.v.n. G.r. Se.m.k.N.v.n. G.r. Se.imin L..vi.700.&B.y.k ..ar.l.r.K&i.ik ..ar.l.r.&Siyah..&C.dv.l.730..e.idsiz.M
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10837
                                                                                                                                                                                                Entropy (8bit):4.643195839265694
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:EG9NeKlSU9fV6kPtwusVom5DvB4UlBFXCsMu:EG9FlSU9fV6kPt+hvBPLFXCE
                                                                                                                                                                                                MD5:387FF78CF5F524FC44640F3025746145
                                                                                                                                                                                                SHA1:8480E549D00003DE262B54BC342AF66049C43D3B
                                                                                                                                                                                                SHA-256:8A85C3FCB5F81157490971EE4F5E6B9E4F80BE69A802EBED04E6724CE859713F
                                                                                                                                                                                                SHA-512:7851633EE62C00FA2C68F6F59220A836307E6DDE37EAE5E5DCA3CA254D167E305FE1EB342F93112032DADAFE9E9608C97036AC489761F7BDC776A98337152344
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20 : Haqmar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Bashkir...........401........... ......&....&...&..........&......440......... .. .&.....&...... .. ............... ......&..... ........&... .......&........ ............... .... ....... .. ...... ............?.500.&.......&.....&.........&...........&.......&........540.&.......&...... .......&..... .........&....&..............&...... ............&................&...........&............. &.............. ...&...............&.........&................ .....Diff.... ............ &.........&.......600.&....... .. ............&..... .... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10267
                                                                                                                                                                                                Entropy (8bit):5.605372926696787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:X4S/0htQjcT2DFzg6Whd4FV6SLRVLrbqvTp4kCs1qeb:P/0ht0cT2DNyh2FJFVLPW4+ok
                                                                                                                                                                                                MD5:E85AE412871344211D00326D3DF2534D
                                                                                                                                                                                                SHA1:4A770EEE2EF9F302B8190C8BBE3988A5D7C90E5E
                                                                                                                                                                                                SHA-256:3EA103FFD2FF97E211C7ADE3A79A882B494FE416BC56BD05F42F2E82158A7A03
                                                                                                                                                                                                SHA-512:09EABFA3997F201F8402DC803319EE0DDC4007EF268AD44309FE78F9E2710D1A10930F2E89F2C0B201D1094C53F5CB7783E492503EB4737B2E3FDC1F39B69EF6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : ZannyLim (...).; : bzImage.; 4.52 : Hyeong il Kim (kurt Sawyer).; 9.07 : Dong-yoon Han (...).; 15.12 : Winterscenery (Ji-yong BAE).; 24.05 : Winterscenery (Ji-yong BAE).;.;.;.;.;.0.7-Zip.Korean.....401...........(&Y)....(&N)...(&C)........(&C).440... .(&A)... ...(&L)...... .........(&B)... ...(&F).....(&P).......... ........?.500...(&F)...(&E)...(&V).....(&A)...(&T)....(&H).540...(&O)... ..(&I)... ..(&U)... ..(&V)...(&E)... ...(&M)...(&C)......(&M)......(&D)... ..(&S)...... ..(&B)......(&R)...(&N)....... ........ ...... ......(&X)...... ...(&A).600... ..(&A)... .. ..... ..(&I)......... ......... .....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11589
                                                                                                                                                                                                Entropy (8bit):4.212638798878335
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:b8TEDykT3a1oTLEKqX+KgU0XH9VL9dYALdOy7a+HSwOYAcvYxD/HI5wxhG9h2bZk:6VST0uKk9R9yAKcAcAxjJ6h8akS
                                                                                                                                                                                                MD5:D95E6FF9DAE7FA22083D9ED73588FE1A
                                                                                                                                                                                                SHA1:F061E9E1AFE02B7B92D626432CD9DA55BD8BC2DD
                                                                                                                                                                                                SHA-256:817D7A33F2ADB19F47F45F78C314F6AE6DF4CA4DA133C1F7A82703E0CDEE7E20
                                                                                                                                                                                                SHA-512:210BFDC206C2173BD680B6F319AFDA3228AC44CAF611C3846EF9AE0AD11701306BA923CCC9715086FF3CA5222F80713BF9FD6ABF61141232834DD95692EDC7C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Lazar.; 9.07 : Ozzii.;.;.;.;.;.;.;.;.;.0.7-Zip.Serbian - Cyrillic....... - .........401.. ............................................440... .. ...... .. ............................ ................... .. ... ....... .. ...... .. .........?.500................................................540................ .. 7-Zip-......... .. ........... ............................................. ............. .................. ............ ....................................... ........ ..................... ............. ...............600........ ........... ..... ........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8251
                                                                                                                                                                                                Entropy (8bit):5.19488137916907
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:IHrcQOp6UkYC3kMQVtxXYrqYlMtiMeQIFTYENLlr7mAzNtcjpuqd/WWQse:IH3OpXBUMeQIFTYGr9NtycmW
                                                                                                                                                                                                MD5:C8F31D6ADEE368CA0AA00350DF0D82DF
                                                                                                                                                                                                SHA1:4146C7C62DD46B2C43C92CDF33E45FA7E2272D04
                                                                                                                                                                                                SHA-256:DC61090369E1269A68C75E472D863AAF42207F702B3D3E12CA48D2852E1478E3
                                                                                                                                                                                                SHA-512:758AF54A33DC243992324974F01707C8027BE7BDC7D07187A28038F4C9D8F7681D989B66F56A13B86E99C8BC74D80A70FA44BD5DD9532C99B78DF7985B397ED8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 19.02 : 2019-11-12 : Stef.n .rvar Sigmundsson.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Icelandic..slenska.401.. lagi.H.tta vi.....&J..&Nei.&Loka.Hj.lp..&Halda .fram.440.&J. vi. .llu.&Nei vi. .llu.St..va.Endurr.sa.&Bakgrunnur.&Forgrunnur.&Gera hl... hl.i.Ert .. viss um a. .. viljir h.tta vi.?.500.&Skr..&Breyta.&Sko.a.&Upp.hald.&Verkf.ri.&Hj.lp.540.&Opna.&Opna a. innanver.u.&Opna a. utanver.u.&Sko.a.&Breyta.&Endurnefna.&Afrita .....&F.ra .....&Ey.a.&Klj.fa skr.....&Sameina skr.r....&Eiginleikar.&Gera athugasemd....Reikna samt.lu.Mismunur.Skapa m.ppu.Skapa skr..&H.tta.Tengill.&V.xlstraumar.600.&Velja allt.&Afvelja allt.&Umsn.a vali.Velja....Afvelja....Velja eftir tegund.Afvelja eftir tegund.700.&St.rar t.knmyndir.&Sm.ar t.knmyndir.&Listi.&Sm.atri.i.730..flokka..Flats.n.&2 spj.ld.&Verkf.rastikur.Opna r.tarm.ppu.Upp um eitt stig.M.ppusaga....&Endurgl..a.Sj.lfendurgl..un.750.Safnverkf.rastika.St..lu. verkf.rastik
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9906
                                                                                                                                                                                                Entropy (8bit):4.823682778375202
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:0uk7PN270x4ndKLWwjJ8Y1+rUtOGj10KRuNnoyYe4Y8nEkglgSgZDaOIgmHqJ4V:GIwyeWtY1+AtOGRZyYe98EkglgSgZDaZ
                                                                                                                                                                                                MD5:AA7B46B6DDD673BC06BD90187E552743
                                                                                                                                                                                                SHA1:2C11A1E5F97AC1415073C2C953CD92018CF3EB93
                                                                                                                                                                                                SHA-256:EFB1AED5C52AF731A733C720B6F5479898C9DE28367A5DE4C80F697FB745546A
                                                                                                                                                                                                SHA-512:10C262122417B081D0403F9C917A4BEBA34078CA52E88478EBD2C0B6956AA6B61B34511FAC71E87578D56AE1F5ACDC265CDDAC8C92B9F14757DAA75042DFC7AA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.07 : Leandro Spagnol.; : Vincenzo Reale (some corrections).; 15.05 : 2015-06-17 : TJL73.; 17.00 : 2017-02-01 : Massimo Castiglia.; 18.03 : 2018-01-15 : POLAR.; 24.04 : 2024-04-05 : TJL73.;.;.;.;.;.0.7-Zip.Italian.Italiano.401.OK.Annulla....&S..&No.&Chiudi.Aiuto..&Continua.440.S. per &tutti.No per t&utti.Arresta.Riavvia.&In background.&In primo piano.&Pausa.In pausa.Sei sicuro di voler annullare?.500.&File.&Modifica.&Visualizza.&Preferiti.&Strumenti.&Aiuto.540.&Apri.Apri in &7-Zip File Manager.Apri in E&xplorer.&Visualizza.Modifica con l'&editor predefinito.Rino&mina.&Copia in....&Sposta in....&Elimina.Sud&dividi il file....&Unisci i file....&Propriet..Comme&nto....Calcola chec&ksum.Comparazione differenze (Diff).Crea cartella.Crea file.E&sci.Collegamento.&Alternate Data Streams.600.&Seleziona tutto.&Deseleziona tutto.In&verti selezione.Seleziona....Deseleziona....Seleziona per tipo.Deseleziona per tipo.700.Icone &grandi.Icone &piccole.&Elenco.&Dettagli
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12387
                                                                                                                                                                                                Entropy (8bit):5.313192066737636
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:n4fuupdoCXs+8WFml8HKp2yj99UfdECKU/Gh6o:n4fuofsjrW5KmGh6o
                                                                                                                                                                                                MD5:A0C7EB5D5A5DD7AB6F4C1E4FEF092256
                                                                                                                                                                                                SHA1:F121129211DBEDBA3C440267FD9BD1C636E263C2
                                                                                                                                                                                                SHA-256:9F70F1943A8E0A9B9040D1F769CA2494C2B83CEB8DC55B08DB1FC3E6973AD835
                                                                                                                                                                                                SHA-512:F864C9AC99EDC97968FECA96919A412E87C27457F5E0A8956DCECF37351CE7AEAF0E745343A649743D665B46BE108B3CC5BAFD92029D25D5A5D9BF6C390E5149
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : : Komuro.; : : Mick.; : : 2chBBS-software.; : : Crus Mitsuaki.; 9.23 : 2011-06-22 : nabeshin.; 22.00 : 2022-06-20 : Rukoto Luther.; 24.06 : 2024-06-15 : Stepanushkin Dmitry.;.;.;.;.0.7-Zip.Japanese.....401.OK............(&Y)....(&N)....(&C)........(&C).440......(&A).......(&L)................(&B).........(&F).....(&P)....................?.500.....(&F)...(&E)...(&V)......(&A)....(&T)....(&H).540...(&O).7-Zip ...(&I)........(&U)...(&V)...(&E)......(&M)....(&C)......(&M)......(&D).......(&S)..........(&B).........(&R).....(&N)..................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17799
                                                                                                                                                                                                Entropy (8bit):3.496980139147961
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:E1OSMW33zMcaSwOgS6YQ9g/t+25rTHTIa5OVBUPSIqGA:EttJhq
                                                                                                                                                                                                MD5:C99E6572F5638599DBCA2CEAC337A320
                                                                                                                                                                                                SHA1:73C64554A00C6D5A3DAB8A2E7BD50426D6C7B6F4
                                                                                                                                                                                                SHA-256:8DD6073B585DD2E9D8CDD8E0FCE7DFEAF2F5A2D8BFC3059F67EAA3D8B5EB2D9E
                                                                                                                                                                                                SHA-512:CDE3D44793D1ABAB3B8D0BA71D1AF85C7CA49B37F4331B43D546D1F2022FC9CEDD1188869ACEE5BF9B74046788DAF26F4E4658AF86663065339103D2A602F7AA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.23 : 2011-09-25 : Translated by Giorgi Maghlakelidze, original translation by Dimitri Gogelia.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Georgian.........401.OK.............&.....&....&...................&...........440..... &............... ...&..........................&........&.... .......&.........&.................... ..... .......... ........?.500.&......&...........&......&........&............&..........540.&............. &............. ..&......&.............&......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7698
                                                                                                                                                                                                Entropy (8bit):5.071278892240066
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:KoAZ/jQKbqhsAdNrd6FBf9vQqiQw9aBhbHTYJsVOxTSv:KoANnYsgLqi+BBHMJssxWv
                                                                                                                                                                                                MD5:FFC17520FB68FE464650B2F78E15AB5D
                                                                                                                                                                                                SHA1:2B83034AC04640160DDAA8E797FAA5D8C80F956B
                                                                                                                                                                                                SHA-256:24F7325271DD7AD2B63E977841D2F06ED0194BD9257F0DB460DF32BAEEEC4746
                                                                                                                                                                                                SHA-512:4F1483796A8EF95B2BE61811A6566EA2E19564F37733647B6EB4E1C82A8DA8FA927AFDF024A247FC7E70088F63133A7843FE6129B77B2ADA01E39A1E814429C7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Atabek Murtazaev.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Karakalpak - Latin.Qaraqalpaqsha - Lat.n.401.OK.Biykar etiw....&Awa.&Yaq.&Jab.w.Ja'rdem..&Dawam etiw.440.&Barl.g'.na awa.Ba&rl.g'.na yaq.Toqtat.w.Qaytadan baslaw.&Artq. fong'a.Ald.ng'. &fong'a.&Pauza.Pauza q.l.ng'an.An.q biykar etiwdi qa'leysizbe?.500.&Fayl.&Du'zetiw.&Ko'rinis.&Sayland.lar.A's&baplar.&Ja'rdem.540.&Ash.w.&.shinde ash.w.&S.rt.nda ash.w.&Ko'riw.&Du'zetiw.At.n o'&zgertiw.Bul jerge &nusqas.n al.w....Bul jerge ko'shiriw....O'shiriw.&Fayld. bo'liw....Fayllard. &biriktiriw....Sazlawla&r.Kom&mentariy....Qadag'alaw summas..Diff.Papka jarat.w.Fayl jarat.w.Sh&.g'.w.600.Barl.g'.n &saylaw.Saylawd. al.p taslaw.Saylawd. &teris awdar.w.Saylaw....Saylawd. al.p taslaw....Tu'ri boy.nsha saylaw.Tu'ri boy.nsha saylawd. al.p taslaw.700.U'&lken ikonalar.Kishi &ikonalar.&Dizim.&Keste.730.Ta'rtipsiz.Tegis ko'rinis.&2 panel.&A'sbaplar paneli.Derek papkas.n ash.w.Bir da'reje joqa
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8094
                                                                                                                                                                                                Entropy (8bit):5.214957275203997
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:C0DkhCKSxkMAluUHPTe9Dt2cVM9sefce+gELJvocyn01m6ptYMk0iLEkei2EW8pR:Ceod1y9DtX+9xVUJy05zk3f31D
                                                                                                                                                                                                MD5:5AF10C5616E0487D236C8CBE2F23A7A4
                                                                                                                                                                                                SHA1:2049E1A82A0AF13A8ED2CF9E4EB51F1DFD377480
                                                                                                                                                                                                SHA-256:F249930089C374EAB59078CF16B8652D443CF2A47485D737AE5A9FCA2957D6B9
                                                                                                                                                                                                SHA-512:8E2DB2769D8C9D4AF435986BC58F66F570C4D85BF7C8A2B9369F546CF45C0848A07986582E8E7F76A9AED569DA2774E5B19706EC77BFD41BB6B4AF86ABCFCEFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.00 : 2018-02-27 : Belkacem Mohammed.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kabyle.Taqbaylit.401.IH.Sefsex....&Ih.&Uhu.&Mdel.Tallelt..&Kemmel.440.Ih i &Me..a.Uhu i M&e..a.Se.bes.Ales tanekra.&Agilal.&A.awas Amezwaru.&R.u.I.bes.Teb.i. ad tsefsxe.?.500.A&faylu.&.reg.&Sken.I&nurifen.&Ifecka.&Tallelt.540.&Ldi.Ldi deg &ugensu.Ldi di B&erra.&Sken.&..eg.Snif&el Isem.&N.el .er....&Senkez .er....&Kkes.&B.u Afaylu....Sdu&kkel ifuyla....A&ylan.Awenn&it....Timernit n Usenqed.Ice..iq.Snulfu-d Akaram.Snulfu-d Afaylu.F&fe..Ase.wen.&Alternate Streams.600.Fren &Me..a.Kkes Afran i Me..a.&Tti Afran.Fren....Kkes Afran....Fren s Tawsit.Kkes Afran s Tawsit.700.Tig&nitin Timeqranin.T&ignitin Time.yanin.&Tabdart.&Talqayt.730.Ur Yettwafren ara.Askan Imlebbe..&2 Igalisen.&Ifeggagen n Ifecka.Ldi Akaram Agejdan.Yiwen Uswir d Asawen.Amazray n Ikaramen....&Smiren.Asmiren Awurman.750.Afeggag n Ifecka U.ba..Afeggag n Ifecka Alugen.Tiqeffalin Tihrawanin.S
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10328
                                                                                                                                                                                                Entropy (8bit):4.601143849904046
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:y/vuZGpufsiAAsiNSFT5JD7HahEPpBwwKOAmiyUSbD0A:y/vuZGMfjzRNGGhEP8DXyUSX0A
                                                                                                                                                                                                MD5:407130A212CFAC68FA4873B0381B2CB1
                                                                                                                                                                                                SHA1:C0C9B84CC79619D27536E9F50F25D81237B234D3
                                                                                                                                                                                                SHA-256:F813EAC0B284EDCE156DD1E6B7EA75B027F4342E04D8B8DB1131894A227A4562
                                                                                                                                                                                                SHA-512:E80AFDF726CCC5D495F62A9B289EE31703F151EA01EBA32AD7D2DA306C2C07DE2F9049DC6592C3C962B7CC2CBE352B8B7A19E9DBCF7B3C6B61DCC4026B70C151
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Arslan Beisenov, Arman Beisenov.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kazakh.........401......................&...&....&...............&...........440....... &......... &................. .... .....&......&....... .........&.......................... ....... ..... ..?.500.&.....&......&........&..........&......&.........540.&.......... &............ ..........&........... .....&..........&...........&.......... ................... ...........................&................. .......Diff.&..... .......... ...........600...... ..................... ........&........... ...................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10267
                                                                                                                                                                                                Entropy (8bit):5.605372926696787
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:X4S/0htQjcT2DFzg6Whd4FV6SLRVLrbqvTp4kCs1qeb:P/0ht0cT2DNyh2FJFVLPW4+ok
                                                                                                                                                                                                MD5:E85AE412871344211D00326D3DF2534D
                                                                                                                                                                                                SHA1:4A770EEE2EF9F302B8190C8BBE3988A5D7C90E5E
                                                                                                                                                                                                SHA-256:3EA103FFD2FF97E211C7ADE3A79A882B494FE416BC56BD05F42F2E82158A7A03
                                                                                                                                                                                                SHA-512:09EABFA3997F201F8402DC803319EE0DDC4007EF268AD44309FE78F9E2710D1A10930F2E89F2C0B201D1094C53F5CB7783E492503EB4737B2E3FDC1F39B69EF6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : ZannyLim (...).; : bzImage.; 4.52 : Hyeong il Kim (kurt Sawyer).; 9.07 : Dong-yoon Han (...).; 15.12 : Winterscenery (Ji-yong BAE).; 24.05 : Winterscenery (Ji-yong BAE).;.;.;.;.;.0.7-Zip.Korean.....401...........(&Y)....(&N)...(&C)........(&C).440... .(&A)... ...(&L)...... .........(&B)... ...(&F).....(&P).......... ........?.500...(&F)...(&E)...(&V).....(&A)...(&T)....(&H).540...(&O)... ..(&I)... ..(&U)... ..(&V)...(&E)... ...(&M)...(&C)......(&M)......(&D)... ..(&S)...... ..(&B)......(&R)...(&N)....... ........ ...... ......(&X)...... ...(&A).600... ..(&A)... .. ..... ..(&I)......... ......... .....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11933
                                                                                                                                                                                                Entropy (8bit):4.4743589010781175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:FxV9LYmQ441Ye2LFuoWSD8T+srvk2VWpfLEwAcADwoA2FwP8PCsucC6LvS4tKs4f:Qml14LThvcpf+A2Fpg7Gip
                                                                                                                                                                                                MD5:8C3F9AD9C824DCF74A09C9D406DB22E7
                                                                                                                                                                                                SHA1:0C683BB56A13C3FBCA664F1E4C6C98D0F7AEC8BC
                                                                                                                                                                                                SHA-256:B8B7DB8C139B19D414CEF35AE96D854D5A8364C32B0C3FDC4CAC331B5AF44C16
                                                                                                                                                                                                SHA-512:DA33D4098679A14D2F434221EF968951407727126B12404C8B6C3E2AD6FA346D9D515DEA940F9109D5D196E648583124F31A1D27CF518AB19E3DCAD673C027CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Ara Bakhtiar.; 4.66 : Ara Qadir.;.;.;.;.;.;.;.;.;.0.7-Zip.Kurdish - Sorani.......401.......................&.....&......&................&.............440..... .. &........... .. ..&...........................&...........&.........&....................... .. ...............500.&.....&.........&.......&..........&...........&........540.&............... ..&... ............ .. &.......&......&.........&.........&............ ......&......... ......&........&........ .........&...... ....... ............&..................&............. checksum............ ................ .......
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5370
                                                                                                                                                                                                Entropy (8bit):5.1403349462862655
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:TF4kLCz94zsWXCgceerMLYVX0r/TL9PWE8OLBMTUgJiRNJ5zBD0N+VrmifAAec1T:94m3CjrMLY+LNPwOJgJiRj0tgAXc1jv
                                                                                                                                                                                                MD5:28E69DD6E397FA98C07088E4CDBEF1F4
                                                                                                                                                                                                SHA1:56E4A46B5C7360F609683562E617C75C28CD447C
                                                                                                                                                                                                SHA-256:57AE544F3F9E8BF5D96CE1F9CFE5648EB6C1E2F5604DA6EB0C80AE24BC1A40D7
                                                                                                                                                                                                SHA-512:6BDE04F3BBD42E73EA3E0A93E8EF69149F25DAE491051D1655A85718AF4D51F5247C610D87C20227F94BEEEBA038D54F7B213B0443382D080E87722485941AAE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Rizoy. Xerz..;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kurdish.Kurd..401.Temam.Betal....&Er..&Na.Bi&gire.Al.kar...Bi&dom.ne.440.&Ji Bo Hem.y. Er..Ji &Bo Hem.y. Na.Raweste.D.sa Destp.ke.L%i Pi.t.Li &P...&Rawest.ne.Rawestiya -.Ma bila betal bibe?.500.&Dosya.&Bipergal.ne.&N..an Bide.Bi&jare.&Am.r.A&l.kar..540.&Veke.&Di Panel. De Veke.Di &Pacey. De Veke.&N..an Bide.&Sererast bike.&Navek. N. Bid..&Ji Ber Bigire.B&ar Bike.J. B&ibe.Par.e Bi&ke....Bike &Yek....&Taybet..Da&xuyan..checksum heseb bike..Pe&ldankeke N..Do&siyeke N..De&rkeve.600.&Hem.y. hilbij.re.He&m. hilijartin. rake.Be&revaj. w. hilbij.re.&Hilbij.re....Hilbijarti&n. Rake....V. curey. hilbij.re.Hilbijartina cure rake.700.&Daw.r.n Mezin.D&aw.r.n Bi..k.&L.ste.&H.ragah..730.B. Dor.xuyakirina sade.&2 Panelan veke.Da&rik. am.ran.Peldanka Kok Veke.Astek. Berjor.D.roka Peldank.....&N. Bike.750.Darik. ar..v..Darik. standart.Bi.kojk.n mezin.Bila niv.s
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12052
                                                                                                                                                                                                Entropy (8bit):4.593559236039092
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:EVt6Fm0NMfdCluobJcX4/xBjnBmeevaMHYXk8ogjES+UntpdLCKmYcBp7a:EVSm0NMfdClucJcX4/xBVmKM4Xk8oJSj
                                                                                                                                                                                                MD5:E50C04D913DC92251AA6781C02E0BD45
                                                                                                                                                                                                SHA1:57E68C80B23A9B1BD689CCD81CBCD91E0CAE6AAC
                                                                                                                                                                                                SHA-256:9A9E4DDACC494EAAA386F1220837020F332A49E7FFF7F0BF8C38C847390DAB18
                                                                                                                                                                                                SHA-512:C428CAF314F79D533246CEE4015411102ED836D0173F67F3B2F4C61C3F3F81BE7FB2FFF7D3E863E999617BA05FD6F7FEF4B67CFF8557E1D0C86035ED29DAA2CE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20 : Kalil uulu Bolot.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Kyrgyz..........401.OK..........&.....&....&..............&........440..... &........... .&...... ................ ........&......&....... .......&..................... ... ... .......... ........... ..... ......?.500.&.....&......&.....&...........&......&.......540.&........&... ..........&... ...........&................& .........&.... ...........&.... ..... ...........&.........&... ...............&........ ............&..........&................. .........Diff.&...... ...........&. .........&.....600....... .&..............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7471
                                                                                                                                                                                                Entropy (8bit):4.976709314177123
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:21Oo14rh/0lXjPqDp2h+O0k2r/2T7tQpl:21OoqUDureT7tQpl
                                                                                                                                                                                                MD5:58FF044FE195453F797DD1AC6903ABF9
                                                                                                                                                                                                SHA1:4B8DAE21DD14AC6DAA1DECF804336A1AAE169AA9
                                                                                                                                                                                                SHA-256:D9BB6BFC127938C47B43290241378887085314AD1326095934A362CD9836B560
                                                                                                                                                                                                SHA-512:861300FE39FF0DACA00B4CB56C4075AFBA2BB3A1654BCF35713251237630206F06BC63D7F339ECFF040C9EA1F5B7094A11FE57C5848E91DB9000F48D166AB1BE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : GENOVES.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Ligurian.Zeneize.401.D'ac.rdio.Anulla....&Sci.&No.S.&ra.Agiutto..&Continoa.440.Sci pe &Tutti.No pe T&utti.Ferma.Inandia torna.Into &sfondo.&In primmo cian.&Paoza.In paoza.Ti . seguo de voei anul.?.500.&Archivio.&Modifica.&Vixoalizza.&Preferii.&Strumenti.A&giutto.540.&Arvi.Arvi into Manezat. d'archivi 7-Zip.Arvi inte Explorer.&Vixoalizza.&Modifica.Ri&nomina.&C.pia inte....&Sp.sta inte....Scancel&la.&Dividi l'archivio....&Unisci i archivi....P&ropiet..Comen&ta....Calcola somma de contr.llo.Dif.Crea cartella.Crea archivio.Sc&i.rti.600.Sele.ionn-a &tutto.Desele.ionn-a tutto.In&verti sele.ion.Sele.ionn-a....Desele.ionn-a....Sele.ionn-a pe tipo.Desele.ionn-a pe tipo.700.Figue &grende.Figue picinn-e.&Listin.&D.ti.730.Nisciun ordine.Vista ciatta.&2 barco.n.Bare di &Strumenti.Arvi cartella prin.ip..Livello supei..Cronologia....&Agiorna.750.Bara di strumenti Archivio.Bara di strumenti Normali.Figue grende.Mos
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9030
                                                                                                                                                                                                Entropy (8bit):5.086332956902943
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:3Lr7I2B5SmXxKKB7X47iyaljy7Peu1T96mo:3Lr1LBKKa7ipjy6ux96mo
                                                                                                                                                                                                MD5:B8056CBA4EDEB98D298D16EDBC34D678
                                                                                                                                                                                                SHA1:A4D39C3EDA31F8CE72C62E1DB91DEEABC884CEB0
                                                                                                                                                                                                SHA-256:9C15DB408E32DC699F598AAB30F539F91A212E5FBAEE2095022E24B3F1F09ECD
                                                                                                                                                                                                SHA-512:5C3FB76A5502C7C0312A32CFF38F99C303225C31C3E5C6041765BC2BEB0E9D5AC9CB4F543B80ECA969D54723A52122601B2074AFA8991AD64B92CFDA91104DC6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : Marius Navickas.; 4.57 : Domas Jokubauskis.; 15.05 : Vaidas777.;.;.;.;.;.;.;.;.0.7-Zip.Lithuanian.Lietuvi..401.Gerai.At.aukti....&Taip.&Ne.&U.daryti.Elektroninis .inynas..&T.sti.440.T&aip Visiems.Ne v&isiems.Sustabdyti.I. naujo.&Fone.&Pirminis procesas.&Laikinai sustabdyti.Laikinai sustabdyta.Ar j.s esate tikri, kad norite at.aukti?.500.&Failas.K&eisti.&Rodyti.M.gi&amiausi..ran&kiai.&Elektroninis .inynas.540.&Atverti.Atverti v&iduje.Atverti i.&or.je.&Rodyti.K&eisti.Pervadi&nti.&Kopijuoti .....&Perkelti ......alin&ti.&Skaidyti fail.....Jungti &failus....Savy&b.s.Kome&ntuoti.Skai.iuoti kontrolin. sum..Sulyginti.Sukurti aplank..Sukurti fail..I.ei&ti.Nuoroda.&Alternatyv.s srautai.600.Pa.ym.ti &visk..Nu.ym.ti visk..Atv&irk.tinis .ym.jimas.Parinkti....At.ym.ti....Pasirinkti pagal tip..At.ym.ti pagal tip..700.Did&el.s piktogramos.&Ma.os piktogramos.&S.ra.as.&I.samiai.730.Ner..iuotos.Nepaisyti aplank..&2 skydeliai.&
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5016
                                                                                                                                                                                                Entropy (8bit):5.202718875099834
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:UnbIMLOcn+2YYrzNOw/tglixPmncrwQMpp7urX:5MBQs9encsQCps
                                                                                                                                                                                                MD5:056327042B9CFD5FCB5F788F22112D62
                                                                                                                                                                                                SHA1:FAE6324417DC88E9A9BB0FBAC9B4D4CE61C1980E
                                                                                                                                                                                                SHA-256:533F9FF016E7BB36216665CCA1065139A35D8DA71651678814415FF457A9BE7D
                                                                                                                                                                                                SHA-512:FE853C2042251B3987C169F8241E0B3B0F1C3AE039DC7786B07E0DB07E8A6B0F89E1D478F27D3C8DFD69473E6C6118CE13A39D7DE84A22A3C2A660652B852660
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.10 : Armands Radzu.ka.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Latvian.Latvie.u.401.&Labi.&Atcelt....&J..&N..Aiz&v.rt.&Rokasgr.mata..&Turpin.t.440.J. &visiem.N. v&isiem.Stop.P.rstart.t.&Fon..&Priek.pl.n..Pa&uze.Pauz.ts.Vai piekr.tat p.rtraukt .o darb.bu?.500.&Fails.&Labo.ana.&Izskats.Ie&cien.t.s.&R.ki.&Pal.dz.ba.540.&Atv.rt.Atv.rt &iek.pus..Atv.rt .rp&us..Ap&skate.&Labot.P.&rd.v.t.&Kop.t uz....P.r&vietot uz....&Dz.st.&Sadal.t failu....Ap&vienot failus.....pa..&bas.&Piez.mes...Izveidot &mapi.Izveidot &failu.&Beigt.600.Iez.m.t &visu.Atcelt vis&u.I&nvert.t iez.m.jumu.Ie&z.m.t....&Atcelt....I&ez.m.t p.c tipa.A&tcelt p.c tipa.700.&Lielas ikonas.&Mazas ikonas.&Saraksts.S.&k.k.730.&Ne..irot..&2 pane.i.&R.ku joslas.&Atv.rt saknes mapi.L.meni &uz aug.u.Mapju &v.sture....&P.rlas.t.750.Arh.va r.ku josla.Standarta r.ku josla.Lielas pogas.Par.d.t pogu tekstu.800.&Pievienot mapi iecien.taj.m k..Iecien.t.s.900.&U
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8352
                                                                                                                                                                                                Entropy (8bit):4.184447797063497
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:6Bs6ZfGCRhROvyepYP3abUeXUlWDyos3d8K/FAK1MbNH1hjg:6BPrhRyfpYP3wCl+E8K/FAK1Mbl12
                                                                                                                                                                                                MD5:C16E6946F912B49963BFA7E44BE2F7A0
                                                                                                                                                                                                SHA1:496922AD3E59737AC64289EE685F2FADAA942755
                                                                                                                                                                                                SHA-256:90EFCA5F6B8E37B963F7E42F700938440171942E0DE0AB8BAEB08912C0952957
                                                                                                                                                                                                SHA-512:55FEEA50104ED2249E6F5018B6883F89ACBCC0396E80349653356F40329C4A420584B29734CD1CA8930E9A383DA427EC979815CC3DA3F6F59AD8948B2262E874
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Gabriel Stojanoski.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Macedonian............401..............&...&...&................&........440... &....... .&.........................&.......&.......&.................... ....... ...... .. ........?.500.&.........&......&.......&........&.......&......540.&............. &............. &.......&.......&......&............&....... ......&........ ......&........&...... ...............&....... ............&................&................. ................... .........&.......600........... &............... ...&....... ............................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8069
                                                                                                                                                                                                Entropy (8bit):4.491280092053577
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:4NYic61W9cfCzaAhqbMUrJt6klXVUatQT+0V2sS14/g1Pa7fC:Uc2nFrJ8IXBQCG7Qam
                                                                                                                                                                                                MD5:1088565A362EBAD250975F46F8A94328
                                                                                                                                                                                                SHA1:406593AC2E74B8911DDA720952B7AFF6C4B5C145
                                                                                                                                                                                                SHA-256:C6A6CC400EE7420BFB680D71B43A9BE1FBC75D7B98AE2B6FFE98229D5EEFADCA
                                                                                                                                                                                                SHA-512:500093986EF49C23829D99251F0ADCD20A6D348A91C74362E95E6D8E73B83F7AD665CB49DA3E47DA1EC671842ABCC2D824850D243EE8D39C41E3568F9C2C89C4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.12 : Bayar.; : Bayarsaikhan.;.;.;.;.;.;.;.;.;.0.7-Zip.Mongolian....... ....401.............&.....&.....&..............&...........440....&. ......... .&.............. ........&.. .....&.... ....&... ........ .......... ....... ..... ... ..... ..?.500.&.....&......&.........&..... .....&...........&........540.&.......... &.......... &.....&......&............. .&........... &................ &........&.......&.... ................... ...........&........ ........&............. ........... .........&....600........ ..&............. ......&......... ..................................... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19786
                                                                                                                                                                                                Entropy (8bit):3.4834684083480845
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:CcI/ZsPpGl9ZjeWe4vt/lx5qI4qwRXoFYvNCrSFbF7FdF+pIAZMijZdcdap4daBj:OUGxjeWe4vt/lvPIXTaGF+pPZZ7Ro/50
                                                                                                                                                                                                MD5:A10D62CB5875CC96D53E4BC02724F366
                                                                                                                                                                                                SHA1:BB8D2F73109084A9A11246733E5DA148D964D6EA
                                                                                                                                                                                                SHA-256:2E488EF05895B93ACA2B5F72EA08DA887722215D1B4CB85B12942EA32641DA2B
                                                                                                                                                                                                SHA-512:B01FCFA48883431BA98522C74A8AE9511BD6F122613E80A0439A049B8F509D689B89A59F280335532AF284A351C52F44313A4961EA5ACBFAF7EA2617AF75E797
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20:.; Saqirilatu Mongolqileb.; last updated: 2014-1-1.;.;.;.;.;.;.;.;.0.7-Zip.Mongolian (Unicode)....... .....401...................... (&Y)..... (&N)....... (&C)..................... (&C).440....... .... (&A)....... .... (&L)................ ........... ..... (&B)....... ..... (&F).......... (&P)........ .......... ...... ........ .. ..500...... (&F)............ (&E)...... (&V)........... (&A)....... (&T)........... (&H).540......... (&O)...... ..... ... ........ (&I)...... ..... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21169
                                                                                                                                                                                                Entropy (8bit):3.6500180773175783
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:NSzhkx60rKSu1t5tO2lV6rxhA/1bRRsMQSJNg4T4H84zQ9gZGvlLk2+ZuYbzw:Kkx6MqVUSJNVCw
                                                                                                                                                                                                MD5:2BE2F9C77556CA413B590B8477DF5499
                                                                                                                                                                                                SHA1:DD5CE617642C977470AA20C6DC6815728C779245
                                                                                                                                                                                                SHA-256:5A85CC532F802DA683374C3F4C98E3F37425CF304D6772BA554D2C49BAC7BE0B
                                                                                                                                                                                                SHA-512:3BA82549752E6BFE6C1F1706B205747D70F2F3106C49EA08D35E82047166C3D5B26457D6BF00FBBD0E9CAC4AE8EC38123F533DE3F68ED466F219C551B5417C40
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.20:.; Saqirilatu Mongolqileb.; last updated: 2013-12-11.; Update and Spelling corrected Bayarsaikhan.;.;.;.;.;.;.;.0.7-Zip.Mongolian (MenkCode)......... .....401............................ (&Y)..... (&N)......... (&C)........................ (&C).440........ ..... (&A)........ .... (&L)................... ............ .... (&B)...... ... (&F).......... (&P)........ ............ ........ ............ .. ..500...... (&F).............. (&E)........ (&V)............. (&A)........ (&T)........... (&H).540..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10395
                                                                                                                                                                                                Entropy (8bit):3.978171082486284
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:HosRVPp67cdE3hwwQtbgUaecHQFyMce+VWLeKhJHZgr:1RNphG3IRBwHoJbLeYJHi
                                                                                                                                                                                                MD5:B681F52BC54B1B340A3184CDE7FF59C2
                                                                                                                                                                                                SHA1:BA8D38155C0C81416233A360F7387EAF48C57DB2
                                                                                                                                                                                                SHA-256:F6D67CE2EAE4C125BBF54C04AC783005BDDC07007398CABD3B9603020AF67BFD
                                                                                                                                                                                                SHA-512:82FDB75B2F2A06E3CBBEAF1DFE84B196908286B9518194485DBBB168777181FA86A7E37136756544ACC98165860E8CA61B83545F6CD1F13EE91BFA995A5DF0D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.42 : ...... ..... ....... (Subodh Gaikwad).;.;.;.;.;.;.;.;.;.;.0.7-Zip.Marathi.......401.............&...&.....&.........&.....440.&.... .. ...&.... .. ................. .... ....&.... .....&.... ....&........................ .... .......... ...... ... ..?.500.&.....&.......&.......&.....&......&....540.&.....&.... .....&..... .....&......&.......... ....&.............&........&......&.... ..... ........... ...............................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4785
                                                                                                                                                                                                Entropy (8bit):4.860196348023919
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:0PK8d9PEVqGUK+ZY6yB42vdhut4A9ThBbRaP0Jk:wKKPEVqGnmSvdhruf9o
                                                                                                                                                                                                MD5:E3267C5ED8158DA2B7E2679107CE1394
                                                                                                                                                                                                SHA1:6550CDE7359A1B3450D8C0937AFFBF0252FA4B82
                                                                                                                                                                                                SHA-256:C88BC7EA0C20769847A0403E188E273A0897D1C77DD72CC4B45471FC67E0D5E1
                                                                                                                                                                                                SHA-512:63C185613C5855379DD4CAC3D2CF264D6BB2A0E9B483B22EAB93B7E8B9ABDA88BEE2F80FCD24F0E9BE0972A04F6C725CB20CAE678E3E4F61251721B5BDB1CDCD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.30 : Khairul Ridhwan Bin Omar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Malay.Bahasa Melayu.401.OK.Batal....&Ya.&Tidak.&Tutup.Bantuan..&Teruskan.440.Ya untuk Semua.Tidak untuk Semua.Henti.Mula Semula.&Latar belakang.&Latar depan.&Berehat.Berehat.Anda yakin untuk membatalkannya?.500.&Fail.&Edit.&Paparan.K&egemaran.&Alat.&Bantuan.540.&Buka.Buka di D&alam.Buka di L&uar.&Paparan.&Edit.Nam&akan semula.&Salin ke....&Pindahkan ke....Hapus.&Bahagi/belah Fail....Gab&ung Fail....P&roperti.Kom&en...Buat Folder.Buat Fail.K&eluar.600.Pilih &Semua.Jangan Pilih Semua.&Sonsangkan Pilihan.Pilih....Tidak Memilih....Pilih Berdasarkan Jenis.Tidak Memilih Berdasarkan Jenis.700.Ikon B&esar.Ikon K&ecil.&Senarai.&Butiran.730.Tidak Tersusun..&2 Panel.&Toolbar.Buka Root Folder.Ke atas Satu Aras.Folder Sejarah....&Segarkan Semula.750.Toolbar Arkib.Toolbar Standard.Bebutang Besar.Perlihatkan Teks Bebutang.800.&Tambah folder pada Kegemaran sebagai.Penanda Buku.900.&Opsyen....&Tanda Aras.960.&Kandungan..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5649
                                                                                                                                                                                                Entropy (8bit):5.023150217249099
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Q1XbkTUCIRe/Ldwrrs0C9t5oOhCtF5Iw7YXjuaPJ6Z7cfjsfcQRQ:EATdIEOrrs0C9t5oOh6bb7QuaPJ6Kfjl
                                                                                                                                                                                                MD5:3B1958DA0544A6C318D18EF5779E81F5
                                                                                                                                                                                                SHA1:67E991A6525DA165145C4584C3D9B398583D7E68
                                                                                                                                                                                                SHA-256:F349529EA4584EBA51CD519B8A1D535D2DAEC762CD7369673B237FA03A526CC7
                                                                                                                                                                                                SHA-512:E9B5E76FC908BC193738781FDBEBD894AE310F6693F7B52D4369BC4F979A8EC9E2201E5A2056FBFC380FDAD3143F3E5A3BC00D7CCB00CEC078BC0E8CAF318861
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.45 : Jostein Christoffer Andersen.; : Kjetil Hjartnes.; : Robert Gr.nning.;.;.;.;.;.;.;.;.0.7-Zip.Norwegian Bokmal.Norsk Bokm.l.401.OK.Avbryt....&Ja.&Nei.&Lukk.Hjelp..&Fortsett.440.Ja til &alt.Nei til a&lt.Stopp.Start p. nytt.&Bakgrunn.&Forgrunn.&Stopp.Stoppet.Vil du avbryte?.500.&Fil.&Rediger.&Vis.&Bokmerker.Verk&t.y.&Hjelp.540.&.pne..pne &internt..pne &eksternt.&Vis.&Rediger.Gi nytt &navn.&Kopier til ..&Flytt til ..S&lett.&Del opp arkiv ..&Sett sammen arkiv ..E&genskaper.&Kommentar ..Beregn sjekksum..Ny &mappe ..Ny f&il ..&Avslutt.600.Merk &alle.Merk i&ngen.Merk &omvendt.Merk ..Merk &ikke ..Merk &valgt type.Merk i&kke valgt type.700.&Store ikoner.S&m. ikoner.&Liste.&Detaljer.730.Usortert.&Flat visning.&To felt.&Verkt.ylinjer.Rotmappe.G. opp et niv..Mappelogg ..&Oppdater.750.Arkivverkt.ylinje.Standardverkt.ylinje.Store knapper.Knappetekst.800.&Bokmerk denne mappen som.Bokmerke.900.&Innstillinger ..&Ytepr.ve ..9
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13050
                                                                                                                                                                                                Entropy (8bit):3.8543519831557473
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dNvZCtxUT2PoIhbW7dxmmWkcU0rwSdCsbW3UcSru1:d1vT2PoIRWMBwSY3Sr6
                                                                                                                                                                                                MD5:04CFC22F9293329C5EA7EC5C4A14D3BC
                                                                                                                                                                                                SHA1:57AA51DEC6BED50703054060F46918AA26AE0E4A
                                                                                                                                                                                                SHA-256:E016E8872F2DE7CBC1F4FC786C747CC26B2E250E6C1B8F1C46040B72C523D90F
                                                                                                                                                                                                SHA-512:5099E2A8B6BE04E2124280711AF1BF5807DCA5DF93DD33CCA416D56337ADAD19903AACEF3872F550D16A82F8F1471EC5D821D6E4E096E817A8C4D8340291D402
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Shiva Pokharel, Mahesh Subedi.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Nepali........401.... ...... .............&...&.....&.... .................&.... ...........440.&...... ...&...... ...................: .... ..........&..........&.........&.. ............ ............ .... .... .... ......... ?.500.&.....&....... ..........&...........&.........&......&......540.&..................... ..................... ...........&.........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9608
                                                                                                                                                                                                Entropy (8bit):4.880635467905247
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:XRVV/VctnsLlc+zMZUnYel4yj7FBjYAifM3k8i1sFB2ytqPbtY+0zonViwswzdUF:Xrk+IZ2YeigFReNgB2k2btgtl
                                                                                                                                                                                                MD5:E888911310C0B6D7A1932DE36AD27250
                                                                                                                                                                                                SHA1:928D9FBDB0C0C83042CAC9059FFDDE48EA4E9F71
                                                                                                                                                                                                SHA-256:4CB5F08449B5E22ED15F8A8CC038D021CDBCF56548587023D1AB31AB6CFC232D
                                                                                                                                                                                                SHA-512:56308E46914FD3B0EF62B33331F815FE95CA4A3CF122934DD0C506A041898D94A9ED6F3E1BAEF386EFB9AA949CD47002FA859B4843F2E32C186ECDB6055FF85F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Bert van Velsen.; 4.26 : Jeroen van der Weijde..; : Harm Hilvers.; 9.07 : Jeroen Tulp.; 15.00 : Jeroen Tulp.; 21.03 : Quinten Althues.; 21.05 : Jeroen Tulp.; 24.04 : Jeroen Tulp : 2024-05-13.;.;.;.0.7-Zip.Dutch.Nederlands.401.OK.Annuleren....&Ja.&Nee.A&fsluiten.Help..&Hervatten.440.Ja op &alles.Nee op a&lles.Stoppen.Herstarten.&Achtergrond.&Voorgrond.&Pauzeren.Gepauzeerd.Weet u zeker dat u wilt annuleren?.500.&Bestand.Be&werken.Bee&ld.&Favorieten.E&xtra.&Help.540.&Openen.Open b&innen.Open b&uiten.Be&kijken.&Bewerken.&Hernoemen.&Kopi.ren naar....&Verplaatsen naar....Verwij&deren.Bestand &opsplitsen....Bestanden &samenvoegen....&Eigenschappen.O&pmerking plaatsen....Controlegetal berekenen.Delta.Nieuwe map.Nieuw bestand.&Sluiten.Koppeling.&Alternatieve streams.600.&Alles selecteren.Alles deselecteren.Selectie &omkeren.&Selecteren....&Deselecteren....Selecteren op &type.Deselecteren op t&ype.700.&Grote pictogrammen.Kleine pictogra&mmen.&Lijst.&Details
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5525
                                                                                                                                                                                                Entropy (8bit):4.991041089735878
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:ewwLOC33eUlHAlE7zRzo7JAIXFZmN8oczCrsJfYsJgLu/wfYlRxKXHM2pPf8vzp:DwLv+UVAi7zRzo7uqFYN8JCrsxYseywc
                                                                                                                                                                                                MD5:780514AF9E967D8AA65005365EFA7D78
                                                                                                                                                                                                SHA1:9E060F149B110D0A0675B75D4A7B960563ACCA05
                                                                                                                                                                                                SHA-256:DB540E1A6B8FFFF2497F9C1A63F85CB5F345F8CBA767F05377C0365ABAF7B7D4
                                                                                                                                                                                                SHA-512:F85FEEFF1E89A371EB1143D695C76FBF84AFEE3699221E6E6CE7703A91EA80AC01AF27D34635FA2B61B1D6D979CB91BB98AFFBDB1CDFAE6CD04251A095EEEC84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.45 : Robert Gr.nning.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Norwegian Nynorsk.Norsk Nynorsk.401.OK.Avbryt....&Ja.&Nei.&Lukke.Hjelp..&Hald fram.440.Ja til &alt.N&ei til alt.Stopp.Start p. nytt.&Bakgrunn.&Forgrunn.&Pause.Sett p. pause.Er du sikker p. du vil avbryte?.500.&Fil.&Redigere.&Vis.F&avorittar.Verk&t.y.&Hjelp.540.&Opna.Opna &Inni.Opna &Utanfor.&Vis.&Redigere.Endra &namn.&Kopiere til....&Flytt til....&Slett.&Del opp fil....Set saman filer....&Eigenskapar.Ko&mmentar.Rekna ut kontrollnummer..Opprett mappe.Opprett fil.&Avslutta.600.&Merk alle.Fjern alle markeringar.&Omvendt markering.Marker....Fjern markering....Merk etter type.Fjern markering etter type.700.S&tore ikon.S&m. ikon.&Lista.&Detaljar.730.Assortert.Flat vising.&2 felt.&Verkt.ylinjer.Opna kjeldemappa.Opp eit niv..Mappelogg....&Oppdatere.750.Arkiv verkt.ylinje.Standard verkt.ylinjer.Store knappar.Vis knappetekst.800.&Legg mappe til i favorittar som.Bokmerke.900.&Val....&Yting test.960.&Innhold....&Om
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14259
                                                                                                                                                                                                Entropy (8bit):4.017885484807124
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Y/e1CL/yBWxhjeGTRjDKRC+miO7X8D+PoLQoTvKbVs4R2wjw6tK/BHHwpW0:Y/ekejg7X8GuQ8IsXw06t1b
                                                                                                                                                                                                MD5:C9AD9D02C661644F79820E779A6D3F0F
                                                                                                                                                                                                SHA1:92BD000AF1EA18B2FE8941CA4DF15858B4B53106
                                                                                                                                                                                                SHA-256:E542C19640D39F3C56BF11A9EAADB554D7E74D8EC525D41A321E97C5AE5191C5
                                                                                                                                                                                                SHA-512:40D178A217DD51A188E5C2AC5EB59DB62DB95DD0A7063E39B1ECFAD0943BB54A118767890D3AA7A753D7316AA2F0494CEF8BD81512D611AC2856256C524A5D0F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : Gurmeet Singh Kochar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Punjabi, Indian........401.... ...... .......... (&Y)..... (&N).... ... (&C)........... ... (&C).440....... .. ... (&A)....... .. .... (&l)......... .... ............. (&B).......... (&F)..... (&P)..... ....... ..... ........ .. ... .... ....... ..?.500..... (&F).... (&E)..... (&V)........ (&a).... (&T)..... (&H).540..... (&O)..... .... (&I)..... .... (&u)...... (&V).... ... (&E).... .... (&m)..... ...... .. ... ..... (&C)........ ...... .. ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9911
                                                                                                                                                                                                Entropy (8bit):5.3108412818364545
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ovp0mydAiVui6B3+6hX+S5YELolHgMKJas99KWGmU/DbU0E1nUv3b:Ip0mydAq6A6hOS5pLoQzd0snUT
                                                                                                                                                                                                MD5:F8821C75507199F4EF041EEBA8B82281
                                                                                                                                                                                                SHA1:96759A3B826BB5DBC18730378D0F8BA08C1DF7E1
                                                                                                                                                                                                SHA-256:B4B96FDAA023A3988D514C1CB1E2914817CD538D3BB7F062778360338B73BA67
                                                                                                                                                                                                SHA-512:173D6F0437A4E315F4F890F67EF93936E53205F950A9B718B8B232F6FAF0ED7E33E6C72531E0C2613611F4B02F5FD1ED7CDE8CBD05F2256A68FE577DAE4D3A90
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : cienislaw.; : pixel.; 9.07 : F1xat.; 9.33 : .ukasz Maria P. Pastuszczak.; 22.00 : Micha. L..; 24.04 : Piter, Micha. L..;.;.;.;.;.0.7-Zip.Polish.Polski.401.OK.Anuluj....&Tak.&Nie.&Zamknij.Pomoc..&Kontynuuj.440.Ta&k na wszystkie.Ni&e na wszystkie.Zatrzymaj.Pon.w.&T.o.&Pierwszy plan.&Wstrzymaj.Wstrzymano.Czy na pewno chcesz anulowa.?.500.&Plik.&Edycja.&Widok.&Ulubione.&Narz.dzia.Pomo&c.540.&Otw.rz.Otw.rz &wewn.trz.Otw.rz na &zewn.trz.Pod&gl.d.&Edytuj.Zmie. &nazw..Kopiuj &do....&Przenie. do....&Usu..Podzie&l plik....Z..&cz pliki....W.&a.ciwo.ci.Ko&mentarz.Oblicz sum. kontroln..R..nice pomi.dzy plikami.Utw.rz &folder.U&tw.rz plik.Za&ko.cz.Dow&i.zanie.&Alternatywne strumienie.600.Z&aznacz wszystko.&Odznacz wszystko.Odwr.. &zaznaczenie.Zaznacz....Odznacz....Zaznacz wed.ug typu.Odznacz wed.ug typu.700.&Du.e ikony.&Ma.e ikony.&Lista.&Szczeg..y.730.Nieposortowane.Widok p.aski.&2 panele.&Paski narz.dzi.Otw.rz folder g
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8236
                                                                                                                                                                                                Entropy (8bit):4.571978993858432
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:XJLEhYBUC2Yz4e1uxLpnJ2Ega8W2uW55tmTG:FUC2YzJkxFnJ2ET8W2uW5H
                                                                                                                                                                                                MD5:23502D5CDD3671B634832D5F722CF5EA
                                                                                                                                                                                                SHA1:443FB98DF15B8BFD081802938E180A87EE24104D
                                                                                                                                                                                                SHA-256:FA12CA0BE49F4921D06268FAD673838C3A4644A70DC374A931997178F588E8F4
                                                                                                                                                                                                SHA-512:E1FC00A7AD4A817B32370F2C03EA10473070B9D2FEBC29BB87D95FF2670E8E47FF27B2C2B6D63396306DC0185E127A49F602E969166CB27073FEB735CFA47AF8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.53 : 2007-12-26 : Pathanisation Project.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Pashto......401.................&...&......&...............&.440..... .. ..&..&... .. ......................&.......&......&........... ...... .... ..... .. ... .. .....500......&.....&....&..&...........&......&.540.........&.....& ............ .&...........&.....&...&............ .....&...... .....&......&......... ...&......... ...&...................&........ ........... ........... .......&....600.... ....&.... ............ .......&..................... ... ....... ... .......700...&. ...........&... ............&.........&.730..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10094
                                                                                                                                                                                                Entropy (8bit):4.985202993884915
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:miY9r9BfTV6g/+fY3W8qvyyMvfWMWqTtdkKM97n6O7Ugmpien9Ju1yZYX7579H:iZBTSaW8qapvf0OtiEgihy1vX7579H
                                                                                                                                                                                                MD5:F0CBDAA70D567EE71C685250958EC194
                                                                                                                                                                                                SHA1:2DB013E6608739AA45453D0F69BA953FCC78B14D
                                                                                                                                                                                                SHA-256:6B21924CAEA51B395EFA0B8FA5D7E2492CE6A6B86DCC08565A5A4DEE5C182167
                                                                                                                                                                                                SHA-512:3AE68CC6BE78D6BCA7304516B25733A516AAF2121FB8E62EBB9B6FD5194D261117F7AB0C142DBFB2EFE2016E189E7EBB1F5BE4A82253F087A34A59CFC41EF7B9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Francisco Jr.; 4.37 : Fabricio Biazzotto.; 24.06 : Atualizado por Felipe.;.;.;.;.;.;.;.;.0.7-Zip.Portuguese Brazilian.Portugu.s Brasileiro.401.OK.Cancelar....&Sim.&N.o.&Fechar.Ajuda..&Continuar.440.Sim pra &Todos.N.o pra T&odos.Parar.Reiniciar.&Em 2. plano.&Em 1. plano.&Pausar.Pausado.Voc. tem certeza que voc. quer cancelar?.500.&Arquivo.&Editar.&Visualizar.F&avoritos.&Ferramentas.&Ajuda.540.&Abrir.Abrir &por Dentro.Abrir p&or Fora.&Visualizar.&Editar.Re&nomear.&Copiar Para....&Mover Para....&Apagar.&Dividir arquivo....Com&binar arquivos....P&ropriedades.Comen&t.rio.Calcular checksum.Diff.Criar Pasta.Criar Arquivo.S&air.Link.&Correntes Alternantes.600.Selecionar &Tudo.Desmarcar Tudo.&Inverter Sele..o.Selecionar....Desmarcar....Selecionar por Tipo.Desfazer a Sele..o por Tipo.700..co&nes Grandes..c&ones Pequenos.&Lista.&Detalhes.730.Desorganizado.Visualiza..o Plana.&2 Pain.is.&Barra de Ferramentas.Abrir a Pasta Raiz.Um N.vel Acima.Hist.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9375
                                                                                                                                                                                                Entropy (8bit):4.996342947967769
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Kz9QG6nA1C574kEmsIO8M+M66rr6emGeHlOzsyqfP2diqPtVe3ydIINSAhy:U6nA1S1Em3O8M+M6RrGCyOmiqlVBSAU
                                                                                                                                                                                                MD5:238D20C2FD41EDEC7EFBFDA32B430156
                                                                                                                                                                                                SHA1:C63BB6DCEA0B453239EBEA6CBE004A0E07EE9AFF
                                                                                                                                                                                                SHA-256:B48DD5142C39C56D35F0BA673C3AFC706AF063040D7567D43B69345DDFA6E767
                                                                                                                                                                                                SHA-512:7749DB74A481539D997372C7931877C44C202137E9CE5E1EA1D32E61FA3EA851364C0F0FD0A57B4DE8FE50564D97C544007DB23093C7ED66841CE099F9D41B77
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Carlos Macao.; : Jo.o Alves.; : Jo.o Frade (100 NOME TR).; 4.46 : Rui Costa.; 9.17 : S.rgio Marques.; 15.00 : Rui Aguiar.; 15.00 : 2022-03-22 : Hugo Carvalho.; 22.00 : 2022-06-28 : Hugo Carvalho.;.;.;.0.7-Zip.Portuguese Portugal.Portugu.s.401.Aceitar.Cancelar....&Sim.&N.o.&Fechar.Ajuda..&Continuar.440.Sim a &tudo.N.o a t&udo.Parar.Reiniciar.&Segundo plano.P&rimeiro plano.&Pausar.Em pausa.Quer mesmo cancelar?.500.&Ficheiro.&Editar.&Ver.F&avoritos.Ferramen&tas.&Ajuda.540.&Abrir.Abrir &dentro.Abrir &fora.&Ver.&Editar.Mudar& o nome.&Copiar para....&Mover para....&Eliminar.&Dividir ficheiro....Com&binar ficheiros....P&ropriedades.Come&nt.rio.Calcular o checksum.Diff.Criar pasta.Criar ficheiro.&Sair.Liga..o.&Alternar fluxos.600.Seleccionar &tudo.Desseleccionar tudo.&Inverter selec..o.Seleccionar....Dessseleccionar....Seleccionar por tipo.Desseleccionar por tipo.700..cones &grandes..cones &pequenos.&Lista.&Detalhes.730.Desordenado.Vista
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10040
                                                                                                                                                                                                Entropy (8bit):5.033364801945333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bBLhu312JnrmZ80+hs6MKaZy5HH9+jieCn6abdXdg9R49:bbhJnro80+X1HQT6fg9G9
                                                                                                                                                                                                MD5:9A2FC6431192E6FC18871DA5D4ADC467
                                                                                                                                                                                                SHA1:EEA02FAF56E746DFADF67C5FE4E12A79EA2FB089
                                                                                                                                                                                                SHA-256:4FD993DBAE9606C062DC3511292274631335956A016B74B3061BAB55F7D9C736
                                                                                                                                                                                                SHA-512:A4945CD1522FD2A57960959C4937C55920520BE615F3CB84CBE74842479D426AFF28F3E041FA61A338B121CA3BE64EFC4C128CA94A48B4D994EEA79A42AAB7F9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 4.59 : Lucian Nan.; 23.00 : 2023-07-22 : Marius Hudea.; 24.05 : 2024-05-19 : Miloiu Andrei-Valentin.;.;.;.;.;.;.;.;.0.7-Zip.Romanian.Rom.n..401.Bine.Anulare....&Da.&Nu..n&chide.Ajutor..&Continu..440.Da, pentru &toate.Nu, pentru t&oate.Opre.te.Restarteaz...n &fundal.La &suprafa...&Pauz...n pauz..E.ti sigur c. vrei s. anulezi?.500.&Fi.ier.&Editeaz..&Vizualizeaz..Fav&orite.&Unelte.&Ajutor.540.&Deschide.Deschide .&n.Deschide .n &afar..&Vizualizez..&Editeaz..&Redenume.te.&Copiaz. la....&Mut. la.....ter&ge.Segmenteaz. &fi.ierul....Com&bin. segmente....&Propriet..i.Comen&tariu.Calculeaz. cod verificare.Diferen...Creaz. director.Creaz. fi.ier.&Ie.ire.Scurt.tur..Fluxuri de date &alternative.600.&Selecteaz. toate.&Deselecteaz. toate.&Inverseaz. selec.ia.Selecteaz.....Deselecteaz.....Selecteaz. dup. tip.Deselecteaz. dup. tip.700.PIctograme m&ari.Pictograme m&ici.&List..&Detalii.730.Nesortat.Vedere &plan..&2 panouri.Bare de &
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):4.288162718572465
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:TmGK+SCI5WUrVarSC0sgvy995DoVdhpWQl9y5pwVt1tX8aEFPGH0IU4smVxa:fSJHBqS7/69HSdHWaZsaEFP6nm
                                                                                                                                                                                                MD5:447E681A030C82C3832DBA0B51CC790D
                                                                                                                                                                                                SHA1:401BF38C2122AE2493470820C92D069F3F6C7606
                                                                                                                                                                                                SHA-256:3E76BC88DB5CB108CF8750B01BDABBB3772DBF2BF14592C6AB18B7339817D6EE
                                                                                                                                                                                                SHA-512:D17EF32A1DE17EC1C9D6CAE6199E6623DB700B18E43B3B85EF403A60EC11B9EFC0AC0BB188B03D13F7895DFCF4ED37D1F40C1BFC4BEE469742B712ED5DE70722
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 24.04 : 2024-04-05 : Igor Pavlov.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Russian.........401.OK...........&...&....&................&...........440... ... &........ ... .&....................&......&.. ........ .....&........ ........ ............. ...... ........ ........?.500.&.....&.......&....&...........&......&........540.&............... &.............. .....&............&...................&.........&.......... .....&........... .....&..........&..... .........&......... ............&...........&..................... ...............&....... ..........&... ......&............&...........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18834
                                                                                                                                                                                                Entropy (8bit):3.802411708886365
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:TtnNoVvuZp1uKx4IshqMehIANlXgZC0Mzat2Irn0rInzY3TPYXtr:T/u/JBr
                                                                                                                                                                                                MD5:FD1B984BAEA0E5A905F756E9FDC54E86
                                                                                                                                                                                                SHA1:4DA8DA9154115F6BF0962FD02DB9D7E166285C8E
                                                                                                                                                                                                SHA-256:02CC9032C117A7818865AF3DCADBDD3C7B348BE3507681CD0032DD9BD15B76FC
                                                                                                                                                                                                SHA-512:1595742CCCFFF001C7BE0A7809F2E700460AD4CBD684D5A0CC53C5CCF615046E2E94EFD96CEEACA3D6FB20AAA5249D7677AB1F6FAF8DAB0A1B559A0C0951913E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 9.07 : Vinayy Sharrma, ....... .... ......;.;.;.;.;.;.;.;.;.;.0.7-Zip.Sanskrit, Indian, .....................401.... ..............&....&...&... ...........&.... ....440.&....... ....&....... ............ .... .....&...........&........(.........).&....................... .... .... ..... ... ....... .... ..... ....?.500.&.......&.........&........&.........&.......&......540.&........&.... ........&.... ........&........&........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18706
                                                                                                                                                                                                Entropy (8bit):4.0202268271567725
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:oUocZSy4PE90cZ+B7H0eEcVN/Pc+SfuwOoq9LNVHS7PzYbZLg97/78BA5UmHezQu:pfSdRz0ezJc+OuwYhaPUudu36KKoMkBj
                                                                                                                                                                                                MD5:5203E172ECB9F384BCE04D243684551F
                                                                                                                                                                                                SHA1:5F6A09B52D729F3F6C95ABA9D29BFD6C7CD0340B
                                                                                                                                                                                                SHA-256:5405E5B04E670FF7A5B5242A3872803725053324FFDC31F71511EA6B2573F6E0
                                                                                                                                                                                                SHA-512:CE6B058891375577EB726A15E5430BCE4450A9C06D3F2D3361FFE5D39C0C47097B6D0E7CDC7B907A8E5F23FA8FA5A1866661A2AA3167D982FD5AEEC33FA39077
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : ...... ....... (Supun Budhajeewa).; 15.00 : ..... ..... (HelaBasa Group).;.;.;.;.;.;.;.;.;.0.7-Zip.Sinhala.......401...............&....&.....&............&........440.&........ ............ ............... .......&..........&..........&..................... ...... ..... .. ........?.500.&......&.........&.......&............&.......&.....540.&..... ......&..... ..... ......&....... ..... ......&.......&.........&... ... ......&... .
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10142
                                                                                                                                                                                                Entropy (8bit):5.350645745471363
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:xPc6gARXHeJlbbciOeh3rykpqMmEIN5U91n8:N3gARX+Jlbbfh3ryvTEIN5Un8
                                                                                                                                                                                                MD5:3FDECAE1FF188894295759380B0378DA
                                                                                                                                                                                                SHA1:935A4797540CE26828569C50924BAAE230F2D41E
                                                                                                                                                                                                SHA-256:B53FE26795B01F3347B614EAA499D28770D94EB5B51005C842386E97D8344CB6
                                                                                                                                                                                                SHA-512:F5B87DEFB1837E98EA46E1E37E13180976C5910F13E18A178397C530E6F15C585CF55E54048206D1A343C298BFE136E0CCF259657B29D7A8C5A9EE2537288AED
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Tomas Tomasek.; 9.07 : Pavel Deve.ka.; 9.38 beta : 2015-01-11 : Roman Horv.th.; 24.02 : Milan .alka.;.;.;.;.;.;.;.0.7-Zip.Slovak.Sloven.ina.401.OK.Zru.i.....&.no.&Nie.&Zavrie..Pomocn.k..Po&kra.ova..440..no na &v.etko.Nie na v.&etko.Zastavi..Re.tartova..&Pozadie.P&opredie.Po&zastavi..Pozastaven..Ste si ist., .e chcete akciu zru.i.?.500.&S.bor.&Upravi..&Zobrazi..&Ob..ben..&N.stroje.&Pomocn.k.540.&Otvori..O&tvori. vn.tri.Ot&vori. externe.&Zobrazi..&Upravi..&Premenova..&Kop.rova. do....P&resun.. do....O&dstr.ni..Ro&zdeli. s.bor....Zl..&i. s.bory....V&lastnosti.Ko&ment.r.Vypo..ta. kontroln. s..et.Rozdiel (Diff).Vytvori. prie.inok.Vytvori. s.bor.Uko&n.i..Odkaz....&Alternat.vne streamy.600.Ozna.i. v.etko.Odzna.i. v.etko.Invertova. ozna.enie.Ozna.i.....Odzna.i.....Ozna.i. pod.a typu.Odzna.i. pod.a typu.700.&Ve.k. ikony.&Mal. ikony.&Zoznam.&Podrobnosti.730.Netriedi..Ploch. vzh
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8407
                                                                                                                                                                                                Entropy (8bit):4.980893267908514
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:hTCvOZThlzUkVNOjf9FvELDTMerNJ+svj0hId:hTCv23NkrvS4MWo
                                                                                                                                                                                                MD5:722551A008A99008006AF6CE4161537A
                                                                                                                                                                                                SHA1:294ABEA21D393BF624A4A97C1B4DB63D3332C312
                                                                                                                                                                                                SHA-256:6B53FB390DA88BD79D76487FF30466AE972976D2EED030ADE6D9B93991B99CBC
                                                                                                                                                                                                SHA-512:4BDE588E3ADD4B20B3DD89953136A655E0521CF3EC97E72A7FF337BF64E41F3DA75F60E4E56C5B833B86D6C23FAFAA92EBB0EFFE1D063D499EF3992C60BAC8F0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 22.01 : 2022-07-17 : Jadran Rudec.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Slovenian.Sloven..ina.401.Vredu.Prekli.i....&Da.&Ne.&Zapri.Po&mo...&Nadaljuj.440.Da za &vse.Ne za v&se.Ustavi.Znova za.eni.Ozad&je.&Ospredje.Premor.Na premoru.Ali ste prepri.ani, da .elite preklicati?.500.Datoteka.Urejanje.&Prikaz.Priljubljene.Orodja.Pomo..540.&Odpri.Odpri &znotraj.Odpri zu&naj.P&rikaz.&Uredi.Prei&menuj.&Kopiraj....&Premakni....Iz&bri.i.&Razdeli datoteko....&Zdru.i datoteke....L&astnosti.Ko&mentar.Izra.unaj preizusno vsoto.Razlika.Ustvari mapo.Ustvari datoteko.&Izhod.Povezava.&Nadomestni tokovi.600.Izberi &vse.Razveljavi izbiro vseh.&Preobrni izbor.Izberi....Razveljavi izbiro....Izberi po vrsti.Razveljavi izbiro po vrsti.700.&Velike ikone.&Majhne ikone.&Seznam.&Podrobnosti.730.Nerazvr..eno.Ploski prikaz.&Dve podokni.&Orodne vrstice.Odpri korensko mapo.Eno raven navzgor.Zgodovina map....&Osve.i.Samodejno osve.i.750.Orodna vrstica arhiva.Srandardna orodna vrstica.Veliki gum
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5579
                                                                                                                                                                                                Entropy (8bit):5.039812534553965
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:P/3mbERgiJQCLlUBwpMBf4WV49vXJQX2Egzqlg+5RK6uxy4rcRQKktwlm80DCDHB:P/3sue8MOWyBXyX2tyj9RpGgigi6KwJ
                                                                                                                                                                                                MD5:69720A6D09230D9747BB2AA3C0EF650D
                                                                                                                                                                                                SHA1:4750E61EC19BA905D6F2BC5828510FD08D915AF8
                                                                                                                                                                                                SHA-256:B6EE3C8A14230AA7D1A17C5493E0A410C5C5C638BA7A9D81681FFED4A8DE6884
                                                                                                                                                                                                SHA-512:92230FEE3E5BC4B57013E359E43BF5F921DCFD9CAD4522E09B11EF8BF2F21F96555FC3AF72618A06D953F8D68050629358A8A7312A649489D6CA82780B793C88
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.37 : Mikel Hasko.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Albanian.Shqip.401.N. rregull.Anulim....&Po.&Jo.&Mbyll.Ndihm...&Vazhdim.440.Po p.r t. gjith&a.Jo p.r t. gjit&ha.Ndalo.Rinis.N. &sfond.N. pla&n t. par..&Pushim.N. pushim.Jeni t. sigurt se d.shironi ta anuloni?.500.&Skedari.&Redaktimi.&Pamja.&T. parap.lqyerit.&Veglat.&Ndihma.540.&Hap.Hap p.rbre&nda.Hap p.rjas&hta.&Pamja.&Redakto.Ri&em.rto.&Kopjo tek....&Zhvendos tek....&Fshi.N&daj skedarin....Kom&bino skedar.t....&Vetit..Ko&menti.Llogarit shum.n e verifikimit..Krijo nj. dosje.Krijo nj. skedar.&Dil.600.S&elekto t. gjith...se&lekto t. gjith..Anasill selekti&min.Selekto.....selekto....Selekto sipas tipit..selekto sipas tipit.700.Ikona t. &m.dha.Ikona t. &vogla.&List..&Detaje.730.&T. parenditur.Pamje e rrafsht..&2 panele.&Shiritat e veglave.Hap dosjen rr.nj..Nj. nivel m. lart..Historiku i dosjes....&Rifresko.750.Shiriti i veglave i arkivit.Shiriti standard i veglave.Butona t. m.dh
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):11589
                                                                                                                                                                                                Entropy (8bit):4.212638798878335
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:b8TEDykT3a1oTLEKqX+KgU0XH9VL9dYALdOy7a+HSwOYAcvYxD/HI5wxhG9h2bZk:6VST0uKk9R9yAKcAcAxjJ6h8akS
                                                                                                                                                                                                MD5:D95E6FF9DAE7FA22083D9ED73588FE1A
                                                                                                                                                                                                SHA1:F061E9E1AFE02B7B92D626432CD9DA55BD8BC2DD
                                                                                                                                                                                                SHA-256:817D7A33F2ADB19F47F45F78C314F6AE6DF4CA4DA133C1F7A82703E0CDEE7E20
                                                                                                                                                                                                SHA-512:210BFDC206C2173BD680B6F319AFDA3228AC44CAF611C3846EF9AE0AD11701306BA923CCC9715086FF3CA5222F80713BF9FD6ABF61141232834DD95692EDC7C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Lazar.; 9.07 : Ozzii.;.;.;.;.;.;.;.;.;.0.7-Zip.Serbian - Cyrillic....... - .........401.. ............................................440... .. ...... .. ............................ ................... .. ... ....... .. ...... .. .........?.500................................................540................ .. 7-Zip-......... .. ........... ............................................. ............. .................. ............ ....................................... ........ ..................... ............. ...............600........ ........... ..... ........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6765
                                                                                                                                                                                                Entropy (8bit):4.998761539106251
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ebQDPq3odT/FQ66mJpo46+z6Khowcwz+/ODBs+sO+krfRZ:eqPq4N/FKmJ2N2FWmNdrfX
                                                                                                                                                                                                MD5:9E08D57D48B4D8CB16F98736C5C0511B
                                                                                                                                                                                                SHA1:85A597B74BCB1CBF918D6366705F0B0C0727DE31
                                                                                                                                                                                                SHA-256:D8C5223FE423129145C5B55A756E499D4680B1DF0A7115D72736F09E51C89C1F
                                                                                                                                                                                                SHA-512:13E431E00F5EC0373DE201897C68A55C91962BD3DF6CD693448D3D5D6EBB478B51A1834ECD37B456761DCE94DBC4E5214FD421FA7BAD3B5B8A51051D0D8D6964
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Lazar.; 9.07 : Ozzii.;.;.;.;.;.;.;.;.;.0.7-Zip.Serbian - Latin.Srpski - latinica.401.U redu.Otka.i....Da.Ne.Zatvori.Pomo...Nastavi.440.Da za sve.Ne za sve.Stani.Ponovo.Pozadina.Na vrhu.Pauza.Pauza.Da li ste sigurni da .elite da prekinete?.500.Datoteka.Ure.ivanje.Pregled.Omiljeno.Alati.Pomo..540.Pogledaj.Otvori sa 7-Zip-om.Otvori sa pridru.enom programom.Pregledaj.Promeni.Preimenuj.Kopiraj u....Premesti u....Obri.i.Podeli fajl....Spoj delove....Svojstva.Komentar.Izra.unajte provernu veli.inu.razlika.Nova fascikla.Nova datoteka.Izlaz.600.Izaberi sve.Poni.ti izbor svega.Obrnuti izbor.Izaberi....Poni.ti izbor....Izaberi po tipu.Poni.ti izbor po tipu.700.Ikone.Naporedno slaganje.Spisak.Detalji.730.Bez sortiranja.Ravan pregled.2 Prozora.Trake sa alatkama.Otvori po.etnu fasciklu.Gore za jedan nivo.Hronologija....Osve.avanje.750.Rad sa arhivama.Rad sa datotekama.Velika dugmad.Prika.i tekst ispod dugmadi.800.Dodaj.Izaberi.900.Opcije....Benchmark.960
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8711
                                                                                                                                                                                                Entropy (8bit):5.0441606790922044
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:oEiQ9ofFPhWwxTyaN+tu0okvFFr7S6IqOsc9gw8tjD7FuPNfOloU31QHvBcw:oEiQibWwjNT8cotjD8NfL
                                                                                                                                                                                                MD5:9A27F7E51E2143F4258AAC9975F78F60
                                                                                                                                                                                                SHA1:49DFFBD91FE27A81DA38BECDE87DE6B2DF28962F
                                                                                                                                                                                                SHA-256:233596E0D29DAD356CD31C302EB1EB3A263736F166F5A7628A753BD808668EBB
                                                                                                                                                                                                SHA-512:83C6464E05C776910552591D6D4B8DCB5CD0CC8C627519AEFB7B61672F4478E42FDB8E023B5BFD29C313A22DEEEE75FCF66BF638F8D48156E98694F110B7D324
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Andreas M Nilsson, Christoffer Enqvist.; 4.59 : Bernhard Eriksson.; 22.00 : (2022-06-20) Mikael Hiort af Orn.s.;.;.;.;.;.;.;.;.0.7-Zip.Swedish.Svenska.401.OK.Avbryt....&Ja.&Nej.&St.ng.Hj.lp..F&orts.tt.440.Ja till &alla.Nej till a&lla.Stoppa.Starta om.&Bakgrunden.&F.rgrunden.&Pausa.Pausad..r du s.ker p. att du vill avbryta?.500.&Arkiv.&Redigera.&Visa.&Favoriter.Verkt&yg.&Hj.lp.540.&.ppna..ppna &internt..ppna &externt.&Visa.&Redigera.&Byt namn.&Kopiera till....&Flytta till....&Ta bort.&Dela upp fil....&Sammanfoga filer....E&genskaper.Komme&ntera.Ber.kna kontrollsumma.Differens.Skapa mapp.Skapa fil.&Avsluta.Skapa l.nk.&Alternativa datastr.mmar.600.Markera &alla.Avmarkera alla.&Invertera markering.Markera....Avmarkera....Markera efter typ.Avmarkera efter typ.700.St&ora ikoner.Sm&. ikoner.&Lista.&Detaljerad lista.730.Osorterad.Platt vy.&Tv. paneler.&Verktygsf.lt..ppna rotmappen.Upp en niv..Mapphistorik....&Uppdatera.Uppdatera automatiskt.75
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8039
                                                                                                                                                                                                Entropy (8bit):4.830174437133884
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:FGtF7C6fBky7MIFT0T222a6CjlHtLG0mHR7s:O/fNaS2J6CjxdN
                                                                                                                                                                                                MD5:BAAC3FF9FC4B6A656AC7C51D44117BD9
                                                                                                                                                                                                SHA1:FEACD226EFB71EE149424F39AB47EBF6F64CAB04
                                                                                                                                                                                                SHA-256:9FED3C0B4E67673BC1D8BBD67D1F6651FADE030F98D12173C3564F2C492A67F8
                                                                                                                                                                                                SHA-512:44413A73CD0DE02F245CB5D8B35BB457AE136C1C2BBB76934F120F6D0B14FCE928B4763475730F018C6E4B4AD4881A32CF1C99879C197CC4E70B8A992B3BFCA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 15.00 : 2020-05-15 : Mara Gati Lucky.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Swahili.Kiswahili.401.Sawa.Ghairi....&Ndio.&Hapana.&Funga.Usaidizi..&Endelea.440.Ndio kwa &zote.Hapana kwa z&ote.Simamisha.Washa upya.&Mandharinyuma.&Mandharimbele.&Tuliza.Imetulizwa.Una uhakika unataka kughairi?.500.&Faili.&Hariri.&Mwoneko.Z&inazopendwa.&Zana.&Usaidizi.540.&Fungua.Fungua &ndani.Fungua n&je.&Mwoneko.&Hariri.Pati&a jina upya.&Nakili hadi....&Sogeza hadi....&Futa.&Gawiza faili....Ung&anisha nyaraka....S&ifa.Toa m&aoni....Kokotoa checksum.Tofautisha.Unda kabrasha.Unda faili.F&unga.Kiungo.&Mitiririsho mbadala.600.Teua &zote.Ondoa uteuzi wote.&Pindua uteuzi.Teua....Ondoa uteuzi....Teua kulingana na aina.Ondoa uteuzi kulingana na aina.700.Iko&ni kubwa.Ikoni ndogo.&Orodha.&Maelezo.730.Haijapangwa.Mwoneko bapa.&2 paneli.&Miambaa zana.Fungua kabrasha shina.Juu kiwango kimoja.Historia ya folda....&Weka upya.Weka upya kioto.750.Mwambaa zana wa akiba.Mwambaa zana wa kawaida.Vitufe vikubwa.Onyesha m
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12057
                                                                                                                                                                                                Entropy (8bit):3.6721380731890467
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:MZOpgEdXp2Aj1N1YZsHFoXmj6OI1v/O2RmrNqBSXGdCdfy01K:x3X4xO2RmUqqX
                                                                                                                                                                                                MD5:DD0AE446AD4C5D6F20DB6ECE80F21606
                                                                                                                                                                                                SHA1:CDDB5DC08DA094FF69E48C1AF7E329F6B83FB6A6
                                                                                                                                                                                                SHA-256:AE1A795105574BF2674A5DE98A4F06CADD9C79DEBDE9FC288F64B3D607FA329D
                                                                                                                                                                                                SHA-512:543777575D32B9E1A67AFA2380B7953B79F3031AD6421314BA1DD957EC356FC0446903E09CA70A4E61F1264FC87846C968574D3ADF90F1563BAE3CCCA875636F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 3.13 : Ve Elanjelian : ThamiZha! team.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tamil.......401................................................440.............. ................. .......................................................... ................. .................... ...... ..... .................?.500..................................................540.......... .......... ........................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14632
                                                                                                                                                                                                Entropy (8bit):4.341973950530399
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:LzDXSHvMCtcY7SbE1BgUmOTfhEUDgkoSa4pTG++3slxxgYbgDfvCPKpTWO4z+dWE:uMC2YubdUmsKEAcb+3QbgDEK9KyQ2f
                                                                                                                                                                                                MD5:EA08A1D73A4A150D7EC590B094D4E0D5
                                                                                                                                                                                                SHA1:E4F3172CF52DB8DA27F7D95CFBA2EACFAB12D533
                                                                                                                                                                                                SHA-256:E029F34DDEA8B1358E1F519526EF643D79BE37CFCE55BB5EA21B4BD0D026F9D3
                                                                                                                                                                                                SHA-512:3661EC554C82F3608099E08808E5151B8D7BCCA385CF09D0FD4181073A52E1E835485DF0684F5091D0F5EF487A07298286DB463C3971E3986A6AD9B0BF7784C2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-20 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tajik........401..................&.....&...&..............&..........440..... ..... &........ ..... &............... .......&.......&.. ... ........&............ ............. ....... ......, .. ......... .... ...... .......?.500.&.....&.......&.......&......................&........540.&........... ..... &........... ..... ...............&............. ......&............ ......&........ ......&.... ................ ..... &.........&..... ....... ................................... ...... .............. .......&...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15450
                                                                                                                                                                                                Entropy (8bit):3.943828079014395
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:NrQMVEpEJbIRgAOaN2gs1KM5LypJ0/vrvQYKSK46smKhjlCqRK5ZThNFdHL0eF9s:Nr3m6JbIRgzaN2gs1/+J4vrvQYzK46Pg
                                                                                                                                                                                                MD5:6BE5BA977C60F103B54C4289399CE43E
                                                                                                                                                                                                SHA1:48DFF625438573A366D56ECEF43BC43A10E124A8
                                                                                                                                                                                                SHA-256:A1967002746961CDC4F3AD4F5F081BBA6DB231660CDFD5F2AB4A572EB11DD67C
                                                                                                                                                                                                SHA-512:DA61AA3C5389B5096F1C899AD17EBC20125B18D959F8C74AAE10665F65DE4A3C2069AFE47380C093926180C952336FCBEFF71329809D7FA59AB490849B647DBB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.09 : Chayanon Ruamcharoen.; 4.10 : Zafire06.; 9.13 : Kom10.;.;.;.;.;.;.;.;.0.7-Zip.Thai.....401................&....&....&...............&.............440...................................&..................&..................&..................................................500.&.....&......&.......&...........&...........&..........540.&...........................................&.......&......&............&...............&
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8736
                                                                                                                                                                                                Entropy (8bit):5.243048507979006
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:K9LGWUpW9ui2eHMMfj0RIC/2Naq49K5ztPYIzvPMdQpJzPq:859uigRr/2Yq4uJPYIzvPMZ
                                                                                                                                                                                                MD5:1F610DF86538A3ED788D6A8024C1982E
                                                                                                                                                                                                SHA1:3180F829602B83148C73A47EF4DAF841BB379A14
                                                                                                                                                                                                SHA-256:A0F485755CBC6356CFA4BEF5CB6134653DC6743F4BFCA89CED92D43EC31C5649
                                                                                                                                                                                                SHA-512:C184E3898944B2C0A12806E0B0592FD19BE05A75E7F3B2F9A69B8D39FA847E90AEBE93E1E96588AAA38DCDBB9FF89C1667BCA1B5A5FDFDB7F77E37A574981309
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 19.00 : 2019-03-04 : Merdan NURIYEV Hazar-Balkan H.K..;.;.;.;.;.;.;.;.;.;.0.7-Zip.Turkmen.T.rkmen.e.401.Howwa.Go.bolsun et....&Howwa.&.ok..a&p.K.mek al..&Dowam et.440.Hemmesine howw&a.Hemmesine &.ok.Dur.Ga.tadan ba.la.&G.r.nme.&..e .yksyn.&S.gindir.S.gindi.Go.bolsun etjekmi?.500.&Dos.a.&D.zelt.&G.r.F&aworitler.G&urallar.&K.mek.540.&A..&I.inde A..Da.&ynda A..&G.r.&D.zelt.Adyn&y ..tget..u .ere &kop.ala.....u .ere &g...r....&...r.Fa.ly &b.l....Fa.llary &birle.dir....&D.zg.nlemeler.Tes&wir....Barlag jemini hasapla.Tapawutlanma.Bukja d.ret.Fa.l d.ret.&.yk.Bag.Akymlary .&aly..600.Hemmesini Se..Hemmesini Se.me.Se.im&i tersine .w.r.Se.....Se.me....Tiplerine g.r. se..Tiplerine g.ra se.me.700.U&ly Ikon.Ki.i Ikon.Tablissa.Jikme-jikleri.730.Sortlanmadyk.D.z G.rn...&2 Paneller.&Esbaplar.D..p Bukjany A..Bir Tekje .okary...ki Bukjalar....T.zele.Awtomatiki T.zele.750.Arhiw Esbaplary.Standart Esbaplar.Uly K
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9756
                                                                                                                                                                                                Entropy (8bit):5.222646559853333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:CKtangmNvbq5nFczPipu9FS1zPf6MHH2L6NyE8uP+G0O249bgCGLpO6u:RtangimWPieFSRPyE8uvLyo
                                                                                                                                                                                                MD5:CD44EF9F1C6526A18D9956517E510C16
                                                                                                                                                                                                SHA1:DD65DAD1B27F26B538CB3C8FC11895A7C6A81F20
                                                                                                                                                                                                SHA-256:D8DDEEC7A1D5F98BE9FE727D47F8BDF733E21693E988DCFE48089AC3344DCF30
                                                                                                                                                                                                SHA-512:51676AE9C163686DAD3748E2DEC7898ED218673D15AF741404C4EB30E8E8C23CC8C5BB7E33E1B7CC40DE56C1ACFE2639711F47BFAC9EF9FAE5703EAA889F924D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 24.04 : 2024-04-05 : Ahmet Murat .ZHAN.; 22.00 : 2023-05-28 : Emir SARI.; 15.00 : 2018-11-21 : Kaya Zeren.; 9.07 : 2009-09-22 : X-FoRcE.;.;.;.;.;.;.;.0.7-Zip.Turkish.T.rk.e.401.Tamam..ptal....&Evet.&Hay.r.&Kapat.Yard.m..&Devam.440.T.m.ne &Evet.T.m.ne &Hay.r.Durdur.Yeniden Ba.lat.&Arka Planda..&n Planda.&Duraklat.Duraklat.ld...ptal etmek istiyor musunuz?.500.&Dosya.&D.zen.&G.r.n.m.&S.k Kullan.lanlar.&Ara.lar.&Yard.m.540.&A..7-Zip ..i&nde A..&Varsay.lan Uygulamada A..&G.r.nt.le.&D.zenle.&Yeniden Adland.r.Klas.re &Kopyala....Klas.re &Ta......&Sil.Dosyay. &B.l....Dosyalar. Bi&rle.tir.....&zellikler.A..kla&ma.....Sa.lamalar. Hesapla.Fark.Klas.r Olu.tur.Dosya Olu.tur.&..k.Ba.lant..&Di.er Ak..lar.600.&T.m.n. Se..T.m.n.n Se.imini Kald.r.Se.imi &Tersine .evir.Se.....Se.imi Kald.r....T.re G.re Se..T.re G.re Se.imi Kald.r.700.&B.y.k Simgeler.&K...k Simgeler.&Liste.&Ayr.nt.lar.730.S.ralamas.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13706
                                                                                                                                                                                                Entropy (8bit):4.512938543489413
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:4sAaGWnyUCvYb6klPJFdljLNCZXg54yd+yACOFFytAQm:maG39YeklPJFLjLN+g5h+MtAd
                                                                                                                                                                                                MD5:730C16345E2A2366C2221D5F22980666
                                                                                                                                                                                                SHA1:41E92F0B3AEE2436183E1263AAD85787ECBABF34
                                                                                                                                                                                                SHA-256:813B5264F3F2D2B632B346E800E738E04DC098C7B3A1A2AF64BCF3A6ACBCA037
                                                                                                                                                                                                SHA-512:339A9B6E5788B6B2D627C16B6DCA5A942133B2F113ADC21225C693951D87EE5C476A684565C2A38510A23C42E1DFA0689A62450CB2D741D4AC43A53B9B691606
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 15.10 : 2017-02-12 : Bulat Ibrahim.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Tatar.........401.OK.... .........&....&...&..............&..... .......440.... &........ ....... .&....... .................&......&.... .......&.................... .. ....... ............?.500.&.....&........&......&..........&........&........540.&........... &............ ..&...........&................. &...........&................&.............&................ &.................... &...................&.............&.............. ...................&..... .........&.. ........&............&........... ........60
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10982
                                                                                                                                                                                                Entropy (8bit):4.662514332505228
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Ca+X3gDVs7FuvI9w83Dce6oF3DSiskkSx6NGhu1c9:XAwpe53uUkSWlc9
                                                                                                                                                                                                MD5:47C628C679FF488DDF4E14C457D2FCA0
                                                                                                                                                                                                SHA1:E8DA632E677A92224B5095271087A68C60504B9C
                                                                                                                                                                                                SHA-256:7FD494130F9B96DFCA492D495EF3FD7B4EAACF59F075172898ECE5AEBD1F6FCE
                                                                                                                                                                                                SHA-512:A4A22D6FE3C01A3E3D93C6D555B840EEECD72F396F0BCB5AFD871292BCA5B86F2CA76E3CF44FA71DD6C1B08D6672C50D16D0FBA679A4AF4AA677993A9900E497
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : Sahran.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uyghur..........401........... .......(&Y)........(&N)....(&C)....................(&C).440........ ....(&A)........ ...(&L)............ ........... ....(&B)...... ....(&F)......... .....(&P)......... ................... ... ..........500.......(&F).......(&E)........(&V).......(&A)......(&T).......(&H).540....(&O).......... ........ ...(&I)..... ........ ...(&U)........(&V).......(&E).... .......(&M)........ .....(&C)........ .....(&M).......(&D)....... .......(&S)........ .........(&B)........(&R)........(&N)....... ............. ........... ............(&X).600..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16420
                                                                                                                                                                                                Entropy (8bit):4.346958198063598
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:IyFxzaETT1SP58Hs+5tgxe3+edU74njAMcpsN0RxRgxExJx2B6LZExRlRYhT:ZvTf/eJT
                                                                                                                                                                                                MD5:14C60B55D5400607C7B6443D10B0A37C
                                                                                                                                                                                                SHA1:B92D556FF934F83AC3BEEC3DE20FBB909D0E1AFB
                                                                                                                                                                                                SHA-256:262BCC4EBAE464D1C96FBFCCDCA7813E6F6CC8FDFD78FBB933DE72A2B7AC8367
                                                                                                                                                                                                SHA-512:BC5951287DBAE1BC775293B1CCC3FCE37C2776905FBCF9EC47E49E9A28E6F54B1349B49EBF65631D04617666EED483A91870E255FEDAAAF9A4269B985310EFE1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; : Andrij Ilechko.; : Mokiy Mazaylo.; : Sergiy Gontaruk.; : Misha Padalka.; 23.01 : 2023-06-20 : Yurii Petrashko.; 24.04 : 2024-04-17 : MrIkso.;.;.;.;.;.0.7-Zip.Ukrainian............401.OK..............&....&...&.................&...........440.... ... &....... ... ..&..........................&.. ........ ......&.. .......... ......&.................... ........, .. ....... ......... ........?.500.&.....&............&.......&...........&............&.........540.&................. .&................. &......&............&...............&..........&......... ..........&....... ..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14672
                                                                                                                                                                                                Entropy (8bit):4.2852957756152215
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:2dRJSgU9qXjQ8Ob5bpXUa09uQEjvj1/vkW/J/Y/pfN15N:AU9qTQ8sZpXUa09uZp1BQRlB
                                                                                                                                                                                                MD5:0E053B461B1840743441F2B74D73E3EE
                                                                                                                                                                                                SHA1:C3F211F45C0702531C0BB09C13EAFE32634EE9CC
                                                                                                                                                                                                SHA-256:DD414D39F8DA2FBD5CAA0C7A7A9155C5F802B4D45F2E8828A79C7B4B63BD1179
                                                                                                                                                                                                SHA-512:8E2144242E9000290DAD52008B3DB9878B35C1C3182B74273965A5F7B4DC4AFE146D2C97A5318525ADE263753F08413A6FA45B7EC38F9C56D5042787D9E6C78E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-21 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uzbek-Cyrillic.........401......... ..........&...&....&.............&..... ......440....... &......... &.......................&......&..... .....&..... ............ ............. ..........?.500.&.....&............&........&.............&.........&......540.&......&........ ......&......... ......&........&............&..... .........&.......... ..............&.......... ............&.... .........&...... ..........&......... ................&............&.............. ...................... ........... .......&.....
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8888
                                                                                                                                                                                                Entropy (8bit):5.049104436584185
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:cNml3r3hrOfvZQY19CUfwb8NKLHnxA4vN5rBBb7U7folni:Sml3r3hrWvZQ69CUfwb84LHxAulBv0oE
                                                                                                                                                                                                MD5:4479712709B19297483D020D11164745
                                                                                                                                                                                                SHA1:ADBF9F8EF1C44E7F7D13EF5E0ABE1F49C4ED3F1B
                                                                                                                                                                                                SHA-256:D62F8D3E7AA1F2636A1AD1B2AEDE0DA9FD725941A5F81D24A9B0B7599CAF0F50
                                                                                                                                                                                                SHA-512:A857B93E9991AEE4CDD6730DE538AB3BFD13620D0A99AEA1F49859B0D479EF4F757C4D99846FC1754691802B5DAFD044FC306BD31C0429DCF15EB5DC3C0B9036
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 20.02 : 2020-10-20 : Shamsiddinov Zafar.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Uzbek.O.zbekcha.401.OK.Bekor qilmoq....&Ha.&Yo.q.&Yopmoq.Ko.mak..&Davom etmoq.440.Bariga &ha.Bariga &yo.q.To.xtatmoq.Qaytadan.&Fonda.&Fonda emas.&Pauza qilmoq.Pauza qilindi.Bekor qilinsinmi?.500.&Fayl.&Tahrirlamoq.&Ko.rinish.&Tanlanganlar.&Jihozlar.&Ko.mak.540.&Ochmoq.&Ichkarida ochmoq.&Tashqariga ochmoq.&Ko.rinish.&Tahrirlamoq.&Qayta nomlamoq.&Quyidagiga nusxalamoq....&Quyidagiga ko.chirmoq....&Olib tashlamoq.&Faylni bo.lmoq....&Fayllarni birlashtirmoq....&Xususiyatlar.&Sharh....Yakuniy summa.Taqqoslamoq.Jild tuzmoq.Fayl tuzmoq.&Dasturdan chiqmoq.Havola.&Muqobil oqimlar.600.&Barini tanlamoq.Barini tanlamaslik.&Teskari tanlash.Tanlamoq....Tanlamaslik....Turi bo.yicha tanlamoq.Turi bo.yicha tanlamaslik.700.&Yirik ikonkalarda.&Kichik ikonkalarda.&Ro.yxatsimon.&Tafsilotli.730.Saralamaslik.Bejirim ko.rinish.&2 ta panelda.&Jihozlar.Asosiy jildni ochmoq.Bir pog.ona yuqoriga
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9508
                                                                                                                                                                                                Entropy (8bit):4.956382401228677
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:bFIzlmWIGz4txB2GnYESx8EvawZP7/uHCkU331:5bUzwxB2GfJwZP7/uHCkO31
                                                                                                                                                                                                MD5:1651078BE7CE617922904CA7941FAE20
                                                                                                                                                                                                SHA1:1FE33F74AAA6AF59B5055B968EF6424107544538
                                                                                                                                                                                                SHA-256:C0D985DEA02778276BA3D3DF96B50B33F7BA0C1EC7C62761F0DCD67A05B62270
                                                                                                                                                                                                SHA-512:E1721EE191E1BA24212E85C013497C66D35DB0E48DF464D2E86762B4A0855AC04FFEC59AF8C259F91DFF0924D977FFEB1FBA92A7C9A951D5F8FDDFD0B02BB67E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.26 : Tomas Miralles.; 4.44 : Fernando Verd..; 24.05 : 2024-05-23 : David Chova.;.;.;.;.;.;.;.;.0.7-Zip.Valencian.Valenci..401.Accepta.Cancel.la....&Si.&No.Tan&ca.Ajuda..&Continua.440.Si a &tot.No a t&ot.Atura.Reinicia.Segon pla.Primer pla.&Pausa.Parat.Esteu segur que voleu cancel.lar?.500.&Fitxer.&Edita.&Mostra.Favorits.Eines.Ajuda.540.&Obri.Obri d&ins.Obri fora.&Mostra.&Edita.Canvia &nom.&Copia a....&Despla.a a....&Suprimeix.&Separa fitxer....Com&bina fitxers....P&ropietats.Come&ntari.Calcula checksum.Difer.ncia.Nova carpeta.Nou fitxer.Ix.Vincula.Fluxos &alternatius.600.Seleccion&a-ho tot.Deselecciona-ho tot.&Inverteix selecci..Selecciona....No selecciones....Selecciona per tipus.No selecciones per tipus.700.Icones g&rans.Icones menudes.&Llista.&Detall.730.No ordenat.Vista plana.&2 Taules.&Barres d'eines.Obri directori arrel.Directori pare.Historial de carpetes....Actualit&za.Actualitza autom.ticament.750.Barra d'eines de Fitxer.Barra d'eines Est.nda
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8111
                                                                                                                                                                                                Entropy (8bit):5.364411458818708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:EpyG/WRw/t50jb9+lrFwm9HIb4He0Wtd2iYNo+rRkRLTEMqbfMu9854Il2cqXK:Ekhw/tmlScwlni8CSku9bW
                                                                                                                                                                                                MD5:A0612FA9EB8196659D15C67AC965A5E6
                                                                                                                                                                                                SHA1:AE733BBAEF962F3A10C5855ED30B6D084C8C5D5F
                                                                                                                                                                                                SHA-256:C73634402C3EFFDB2750AB5CF6F1083ABD8771529BFF6F7E513D646E0FCDAE23
                                                                                                                                                                                                SHA-512:74991149573FBC7B5D9BEF36B0F8CB00951BEBE959F2D9058C227F3E75A874E22C8AA6219BBD643E483E0D969674A9CA9004E33F116BC923A30C872FC3F7909C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 2.30 : : Tran Hong Ha.; 4.42 : : Le Vu Hoang.; 4.48 : : Nguyen Hong Quan.; 9.07 : 2011-04-12 : Vietnamize Team.;.;.;.;.;.;.;.0.7-Zip.Vietnamese.Ti.ng Vi.t.401...ng ..H.y b.....C..Kh.ng...ng.Gi.p ....Ti.p t.c.440.C. t.t c..Kh.ng t.t c..D.ng.L.m l.i.Ch.y n.n.Ch. .. .u ti.n.D.ng... d.ng.B.n ch.c ch.n mu.n h.y b.?.500.T.p tin.Bi.n t.p.Xem..a th.ch.C.ng c..Gi.p ...540.M..M. t.i ..y.M. trong c.a s. kh.c.Xem.Bi.n t.p...i t.n.Sao ch.p ..n....Di chuy.n ..n....Xo..Chia c.t t.p n.n....N.i t.p n.n....Thu.c t.nh.Ch. th.ch.T.nh checksum (md5).So s.nh.T.o th. m.c.T.o t.p n.n.Tho.t.600.Ch.n t.t c..B. ch.n t.t c....o l.a ch.n.Ch.n....B. ch.n....Ch.n theo lo.i.B. ch.n theo lo.i.700.Bi.u t..ng l.n.Bi.u t..ng nh..Danh s.ch.Chi ti.t.730.Kh.ng s.p x.p.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10469
                                                                                                                                                                                                Entropy (8bit):5.284564106594488
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:8F6LuxAINK+9IPpdcigPDojX4MmlmYplGPvxtdogal+7opiQRDev/4Fq/+ePRRtG:wxAELigPDoHITPjk6b9Fq/+1z
                                                                                                                                                                                                MD5:5D90F9C7771022E43C15A4393A0670CE
                                                                                                                                                                                                SHA1:689269A4B3AED23CDF59ED395732C592B515AC83
                                                                                                                                                                                                SHA-256:DE2497946932D806F822082C3CF9F2F26A18752D9973F9D09E0889A94CE4C28A
                                                                                                                                                                                                SHA-512:7A8BD040989CF66DD0F15BE68DFCF2799C34C491FDF900315AB82619938C79BE9F18C6A5B1A4AC7DF6BBA951B3B309DDAF4F5ED628A69B8B893406F68FBC9510
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 15.00 : 2015-03-29 : Ibrahim Oyekan.;.;.;.;.;.;.;.;.;.;.0.7-Zip.Yoruba.Yoruba.401.O DAA.Pa re....&B..ni.&B..k..&P.d...r.nl.w...&T..-s.w.j..440.B..ni fun &gbogbo ..B..k. fun &gbogbo ..D.r....t.nb..r...&...h.n-.gb.h.n.&Oj.-.gb.h.n.&D.d.r...d.r...e . d.j. pe .nyin f.. paar..500.&Fa.li.&Tunk..&.w..&A.y..&Irin....&.r.nl.w..540.&.i..i &si .n...i &si .ta.&.w..&Tunk..&Tun oruk. k..&...d. si....&Gb. si....&Paar..&P.n fa.li...... .w.n fa.li k.p......&.b.d..&.r. .w.ye.....e i.iro checksum..y.t...D. .p. fa.li sil...D. fa.li sil...&P.d...t..kas..&Yiyan agbara d.t..600....y.n &gbogbo fa.li.Paa ...y.n gbogbo fa.li.&Yi ...y.n Pad.....y.n....Paa ...y.n.......y.n bi ir. fa.li.Paa ...y.n bi ir. fa.li.700.&.mi .l..&.mi K.ker..&Ak.j...&Aw.n alaye.730.Lai t. l.s.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8236
                                                                                                                                                                                                Entropy (8bit):6.029530102631068
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:6vCfchxHZbOVSVzaAP67peMNyE7nA95tLPggo:OxM0VLP677y4Y1PgF
                                                                                                                                                                                                MD5:D13839AF103477DF8CFD0BC2EB876EB0
                                                                                                                                                                                                SHA1:93AF39EBEB9677003DB67B386588409329104F4E
                                                                                                                                                                                                SHA-256:D04E5BD3BF1E3F3754C3603889AA1B659D1DAC518C5C6B5C1C49ECF16DCA1C01
                                                                                                                                                                                                SHA-512:DD79B5A8790E906E8BBE3FE69476126AB76ED472B4374E5FB7F4B272365BC305492832A1E3B95D22FC7D3C9EDD9B013C7BC8871C6BC85A717ACF3B361DA1900F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:;!@Lang2@!UTF-8!.; 2.30 : 2002-09-07 : Modern Tiger, kaZek, Hutu Li.; 3.08 : 2003-08-29 : Tunghsiao Liu.; 22.00 : 2022-06-09 : Tunghsiao Liu.; 24.05 : 2024-05-16 : MagicGenius.;.;.;.;.;.;.;.0.7-Zip.Chinese Simplified......401...........(&Y)..(&N)...(&C).......(&C).440...(&A)...(&L)...........(&B)...(&F)...(&P).............500...(&F)...(&E)...(&V)...(&A)...(&T)...(&H).540...(&O).......(&I).......(&U)...(&V)...(&E)....(&M)....(&C).......(&M)......(&D).....(&S)........(&B)......(&R)...(&N)........................(&X).........(&A).600...(&A)........(&I).....................................700....(&G)....(&M)...(&L).....(&D).730.............
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8383
                                                                                                                                                                                                Entropy (8bit):6.039482945933355
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:dIEm/UwNgrNf35q4H0PPTo0CCKL9xlDCrBYwlW/A2flOEBV:dxmMwN5LTo/CKJuBdMtNV
                                                                                                                                                                                                MD5:E6C38C199079BE58EE81E8DA55E783AC
                                                                                                                                                                                                SHA1:1AD09B0146F317786AFB0A09C7907E6CCB5C207E
                                                                                                                                                                                                SHA-256:76A17B0A97925E5D6DEB1EBE8AE14F83BD49957C492C3733A0EA178E28B0D74B
                                                                                                                                                                                                SHA-512:014D3FB64B22DA94D5AC7626B3E4BF9321FB05647BDB1BE3EEF79ADD3EFB06EF6B0FC1590031D4E781489AFC96BA4B7E4A86590BCE98C901812E890A4680ED02
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.;!@Lang2@!UTF-8!.; 4.59 : Leon Tseng, sec2, ...; 9.07 - 24.04 : Jack Pang.;.;.;.;.;.;.;.;.;.0.7-Zip.Chinese Traditional......401...........(&Y)..(&N)...(&C).......(&C).440.....(&A).....(&L).............(&B).....(&F)...(&P)...........?.500...(&F)...(&E)...(&V).....(&A)...(&T)...(&H).540...(&O)......(&I)......(&U)...(&V)...(&E).....(&M)....(&C).......(&M)......(&D).....(&S)........(&B)......(&R)...(&N).........................(&X).........(&A).600...(&A).........(&I)............................700....(&G)....(&M)...(&L).....(&D).730.............(&2)....(&T)...........................(
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6031
                                                                                                                                                                                                Entropy (8bit):5.187853729445909
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:dNlju+xpEYNgOrLJIJzDJu3S3zVSwOrLJIJzAu3S3zVSw7Edxb1wp:pjuoDNgOrNcXJu3S3JSwOrNccu3S3JSE
                                                                                                                                                                                                MD5:761B393DAC39374A072E58AA6A4872FC
                                                                                                                                                                                                SHA1:FA049F28E907AB6A0489D1FEC1746DF3A26D22E2
                                                                                                                                                                                                SHA-256:3A9A7BCA133A8AF4560F48DFA351F941E110D80A2C2466E537EC6680B9FC2DDA
                                                                                                                                                                                                SHA-512:93C5A05469D4469C713370AC8D711CAF57BF87B91B4F77AAA6F950552180548624890EC0E910C0F0E2FA1E05417EDF37E31E9C128815A3811110BCA90885860E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: 7-Zip.. ~~~~~.. License for use and distribution.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.... 7-Zip Copyright (C) 1999-2024 Igor Pavlov..... The licenses for files are:.... - 7z.dll:.. - The "GNU LGPL" as main license for most of the code.. - The "GNU LGPL" with "unRAR license restriction" for some code.. - The "BSD 3-clause License" for some code.. - The "BSD 2-clause License" for some code.. - All other files: the "GNU LGPL"..... Redistributions in binary form must reproduce related license information from this file..... Note:.. You can use 7-Zip on any computer, including a computer in a commercial.. organization. You don't need to register or pay for 7-Zip.......GNU LGPL information..--------------------.... This library is free software; you can redistribute it and/or.. modify it under the terms of the GNU Lesser General Public.. License as published by the Free Software Foundation; either.. version 2.1 of the License, or
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):328296
                                                                                                                                                                                                Entropy (8bit):6.007199310246239
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ZTECIX8CYN9pu168zdrCqXBL0xhV4lH7suR:9s8CYbpu1ddv+xYH77
                                                                                                                                                                                                MD5:62D252FA6272006CA3E63EEE8C51DBDE
                                                                                                                                                                                                SHA1:4C679CED1658B8C57205E22AC507D1AB66DB0B3B
                                                                                                                                                                                                SHA-256:1D348A3EF33838E3D6C365FA34CBD7D667341CAFBE49F16A52D5D42A69F84B41
                                                                                                                                                                                                SHA-512:A6F991940634968C8B918D5488A80908073C6A68E01C21DECD8E5CD5514A313E464D2E5C7F640E84A165B01741B80C8FEDD58017C8B3A5CE678B7D90C4351E21
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................k.....k......k......................q.....a........t......t.....t....t......e...t....Rich..................PE..d...(*.f.........." .........................................................`............`.............................................`... ............r.......0......h(...P......0v..T....................w..(....v...............................................text...~........................... ..`.rdata..(m.......n..................@..@.data...dd... ......................@....pdata...0.......2...&..............@..@.rsrc....r.......t...X..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6210
                                                                                                                                                                                                Entropy (8bit):4.906576204359403
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:JB/W8Ncd1ccFoYjOvyQn5Oo615C94ghyBmIJeuoCueabLBQNksrWgd1kB6b5WlIm:J55UScE5UToWWioSwhbULfTvm4/qxzfN
                                                                                                                                                                                                MD5:553A02739D516379833451440076F884
                                                                                                                                                                                                SHA1:27A428D5EB9F961D6461F94AA3E414F0E3697296
                                                                                                                                                                                                SHA-256:83B1AE6D3486C2653766A28806AC110C9A0AFDE17020CA6AA0B7550A2F10E147
                                                                                                                                                                                                SHA-512:BE3CFF1E392F4216310B455D73E86B485245EBD9C94BC370233C130E14FC97F92FA1C74567025F506D42EADFC21CC1D7F845D76607BB933A1C654FB7A493796F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:HISTORY of the 7-Zip..--------------------....This file contains information about changes for latest versions of 7-Zip...The full changelog file can be downloaded here:..https://7-zip.org/history.txt......24.07 2024-06-19..-------------------------..- The bug was fixed: 7-Zip could crash for some incorrect ZSTD archives.......24.06 2024-05-26..-------------------------..- The bug was fixed: 7-Zip could not unpack some ZSTD archives.......24.05 2024-05-14..-------------------------..- New switch -myv={MMNN} to set decoder compatibility version for 7z archive creating... {MMNN} is 4-digit number that represents the version of 7-Zip without a dot... If -myv={MMNN} switch is specified, 7-Zip will only use compression methods that can.. be decoded by the specified version {MMNN} of 7-Zip and newer versions... If -myv={MMNN} switch is not specified, -myv=2300 is used, and 7-Zip will only.. use compression methods that can be decoded by 7-Zip 23.00 and newer v
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):328296
                                                                                                                                                                                                Entropy (8bit):6.007199310246239
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ZTECIX8CYN9pu168zdrCqXBL0xhV4lH7suR:9s8CYbpu1ddv+xYH77
                                                                                                                                                                                                MD5:62D252FA6272006CA3E63EEE8C51DBDE
                                                                                                                                                                                                SHA1:4C679CED1658B8C57205E22AC507D1AB66DB0B3B
                                                                                                                                                                                                SHA-256:1D348A3EF33838E3D6C365FA34CBD7D667341CAFBE49F16A52D5D42A69F84B41
                                                                                                                                                                                                SHA-512:A6F991940634968C8B918D5488A80908073C6A68E01C21DECD8E5CD5514A313E464D2E5C7F640E84A165B01741B80C8FEDD58017C8B3A5CE678B7D90C4351E21
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................k.....k......k......................q.....a........t......t.....t....t......e...t....Rich..................PE..d...(*.f.........." .........................................................`............`.............................................`... ............r.......0......h(...P......0v..T....................w..(....v...............................................text...~........................... ..`.rdata..(m.......n..................@..@.data...dd... ......................@....pdata...0.......2...&..............@..@.rsrc....r.......t...X..............@..@.reloc.......P......................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1891840
                                                                                                                                                                                                Entropy (8bit):6.29517110582479
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:CmnN6yAgaTr17cdftN0+ju1zzHiDefMyUz/uDIVAlan:BnN34Th7criCDeUyXDiua
                                                                                                                                                                                                MD5:0009BD5E13766D11A23289734B383CBE
                                                                                                                                                                                                SHA1:913784502BE52CE33078D75B97A1C1396414CF44
                                                                                                                                                                                                SHA-256:3691ADCEFC6DA67EEDD02A1B1FC7A21894AFD83ECF1B6216D303ED55A5F8D129
                                                                                                                                                                                                SHA-512:D92CD55FCEF5B15975C741F645F9C3CC53AE7CD5DFFD5D5745ADECF098B9957E8ED379E50F3D0855D54598E950B2DBF79094DA70D94DFD7FC40BDA7163A09B2B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..........................................l................h.............................Rich....................PE..d.....rf.........." .....8...z...... .....................................................`.....................................................x.......p........=..............."...................................................P...............................text....6.......8.................. ..`.rdata..Q....P.......<..............@..@.data...............................@....pdata...=.......>..................@..@.rsrc...p...........................@..@.reloc..\5.......6..................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6031
                                                                                                                                                                                                Entropy (8bit):5.187853729445909
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:dNlju+xpEYNgOrLJIJzDJu3S3zVSwOrLJIJzAu3S3zVSw7Edxb1wp:pjuoDNgOrNcXJu3S3JSwOrNccu3S3JSE
                                                                                                                                                                                                MD5:761B393DAC39374A072E58AA6A4872FC
                                                                                                                                                                                                SHA1:FA049F28E907AB6A0489D1FEC1746DF3A26D22E2
                                                                                                                                                                                                SHA-256:3A9A7BCA133A8AF4560F48DFA351F941E110D80A2C2466E537EC6680B9FC2DDA
                                                                                                                                                                                                SHA-512:93C5A05469D4469C713370AC8D711CAF57BF87B91B4F77AAA6F950552180548624890EC0E910C0F0E2FA1E05417EDF37E31E9C128815A3811110BCA90885860E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: 7-Zip.. ~~~~~.. License for use and distribution.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.... 7-Zip Copyright (C) 1999-2024 Igor Pavlov..... The licenses for files are:.... - 7z.dll:.. - The "GNU LGPL" as main license for most of the code.. - The "GNU LGPL" with "unRAR license restriction" for some code.. - The "BSD 3-clause License" for some code.. - The "BSD 2-clause License" for some code.. - All other files: the "GNU LGPL"..... Redistributions in binary form must reproduce related license information from this file..... Note:.. You can use 7-Zip on any computer, including a computer in a commercial.. organization. You don't need to register or pay for 7-Zip.......GNU LGPL information..--------------------.... This library is free software; you can redistribute it and/or.. modify it under the terms of the GNU Lesser General Public.. License as published by the Free Software Foundation; either.. version 2.1 of the License, or
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16637
                                                                                                                                                                                                Entropy (8bit):5.266492744194956
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHbMCbWhkeeN8cWMCD6kRLCAomZrLXwlmIFDi/isobN55ThNDfYjpYa:UfxOD6jngLg6lopjLDwjpYa
                                                                                                                                                                                                MD5:6EE3558516C464A2FF43BDF6F0EF5F2F
                                                                                                                                                                                                SHA1:1CAFB5DB4467AEC4687782CC44F6DF8352BA588D
                                                                                                                                                                                                SHA-256:12707EAAB80F0608E53369D0E8D2ED213124DCB8DFFD65B9573743BAE2BCFB50
                                                                                                                                                                                                SHA-512:FEC1E8A620B435E4480329943F2F7447AFDC233757D8E6B568DD27F7652187730758E38FA2361823BC2A71C4EE083F1E2B0A8A4522EEF98AE6008A754A2FB1EA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginArguments">.. <get/>.. <put/>.. </property>.. <property name="PluginVariables">.. <get/>.. <put/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="AIConvertText"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">....var REGKEY_PATH = "Plugins\\AI.sct/";..var wsh = new ActiveXObject("WScript.Shell");..var fso = new ActiveXObject("Scripting.FileSystemObject");..var pluginArguments = "";..var variables = new Array();..var mergeApp;....function get_PluginEvent() { return "EDITOR_SCRIPT"; }..function get_PluginDescription() { return "AI-assisted text conversion functions"; }..funct
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17965
                                                                                                                                                                                                Entropy (8bit):5.164550570085457
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKeDxvWtmZftw8kloCzFRZqJ7Z36wZ3w1iYa:U6KeDxvWtm9tw8kloV36wZj
                                                                                                                                                                                                MD5:9DB6608941460DBBA2617D5854B5CDC0
                                                                                                                                                                                                SHA1:DD0BB0C8C11478A8E9B27D42BC5EF1E7A15EBB98
                                                                                                                                                                                                SHA-256:68009DB1C6BE9500E0241407CD2CCCD4EFA80CFEF2661BCEAE1C690C02EB745D
                                                                                                                                                                                                SHA-512:EF2EF0026750DBC896AA146493CF66F9799BBE1C935A4D7F5B8B41B9C075AEBFF76ADD491C00C2A24B47EFD89E0B2FF250E925C1AE6DBEEA7FD99A09CEFC600F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will apply selected patch to specified file or folder using GNU patch... Copyright (C) 2015-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Softwa
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):34503
                                                                                                                                                                                                Entropy (8bit):5.118612059167486
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:UqK2D4d3CUnOfqn3tWCk9kj6+I8kloI+duPKNxA1BT0oiD8Urjw:U5QUn4qn7wU8+duPKNb3Q
                                                                                                                                                                                                MD5:6B8B5C550D75510E680D5E776039D660
                                                                                                                                                                                                SHA1:71CBF6965228603AC7894ECBA0C1B8E5AB130546
                                                                                                                                                                                                SHA-256:8F214DA58127DED296C3FBD2CAA9A0F1BB2CDE235D75319D9BA6C18FD66A41E0
                                                                                                                                                                                                SHA-512:471EF8A5B415833B4F488CCE376A0D9DC64C65A8753336FA00377C08899472DCE44312EB2E88AB2C6190EB3E211B2889C71FFF53CD24D8A8C0DD802D3916ED45
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginUnpackedFileExtension">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Excel files... Copyright (C) 2005-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU Gener
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19450
                                                                                                                                                                                                Entropy (8bit):5.167929592463697
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXK+DSmGo3+RwTziNS3q8kloIsDGfPP8NJ2oC8UrxsYa:U6K+DS9RwTzuS3q8kloIsGPENJ2oC8Ui
                                                                                                                                                                                                MD5:F1711CB8222885CBEBCF6E5A169E5B32
                                                                                                                                                                                                SHA1:5AB3B84B4E22EA1B5685B19198B5FF3E5555C246
                                                                                                                                                                                                SHA-256:EDFCC75BF05222849A1AEB3B4565F58C491FBA5642CD49C4A355F3D76A54B898
                                                                                                                                                                                                SHA-512:EC6392BC3CAEA4672EA9F6F55018BF6AC433366E0D69055A2E8481F1B87184C544D116D788FA4144CB8AD0C8FEF7744B0D1A7FAC9ED08FBE736B9A563FC5CB11
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS PowerPoint files... Copyright (C) 2016-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; ei
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17248
                                                                                                                                                                                                Entropy (8bit):5.168586711019873
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKvDvqGlqejCinEr58kloIfs+wP0iNn7W8UIsYa:U6KvDvDqejC6Er58kloIfkPRNn7W8UIw
                                                                                                                                                                                                MD5:CF56F3A41C04830E8BB769BAD576B608
                                                                                                                                                                                                SHA1:49AAF7CF14DC6BB00DFC6C5E216E78CEAB17418E
                                                                                                                                                                                                SHA-256:DA48A7D487A2DDD8A7B8673002DB30AA40629C44744E8D3C3EAEE1EC184605D3
                                                                                                                                                                                                SHA-512:1408BB3AB411A09884DD3C49915E7925ECC54F67E238770E92E1D1CA2B272078504BA57462561A1170D1DD7CB76F3A7F7F40B53CE90555E3B1CDB21F12CBB40F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Visio files... Copyright (C) 2020 dedicatus.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either version 2 of
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19674
                                                                                                                                                                                                Entropy (8bit):5.183518757129629
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKuD/WGjTejV1T3i9RoKTD8kloIJsgDVPHf9NnIABURF8UIsYa:U6KuD/hTeZ1rCSKv8kloIJnP1NnIABUr
                                                                                                                                                                                                MD5:A28135FC9121216A06EF96744E39F09E
                                                                                                                                                                                                SHA1:DFFE34B4AB37B5281F98510F755937057CE25AEE
                                                                                                                                                                                                SHA-256:BBE31396185378BD2829299C8D0A8879A86AE8FA18E4E426AB4378F3D712D9CA
                                                                                                                                                                                                SHA-512:CCB042D9FDD2F5D8E547575AF75FDD94CD186359921654F46AAEF9782C9636567E84374E6544AA3B7DAFCB24413FFC30BC085F0EEB07755CEDE801691D297976
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Word files... Copyright (C) 2008-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either v
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):173160
                                                                                                                                                                                                Entropy (8bit):6.1281484959414785
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:epIp/Rcl3pWU4gM0M2Yy4KUS6XT+TkdxURy0SQJXdJGm1nkfGX2:Vcl3pk8cNKd6j+IYJtUtum
                                                                                                                                                                                                MD5:F7471F10F0D1B908A6A5886AAA7FD8B0
                                                                                                                                                                                                SHA1:41E3BEE7C9E9EC44B3F6A8A771A6630C69F96951
                                                                                                                                                                                                SHA-256:0418CAD9A771E4DF444B03DA6C1F2B0245FBFCEBFF696C3212D91B1F9EA8E51B
                                                                                                                                                                                                SHA-512:8A8B047D2B92F1E26F0FE3B298CD3B88A588A8F261BF83EC1409BDE57E766EF4216FEAFACD1280C22E60FE8638CC1A7B23F82F0BAFAEE63350475CC7FF657CA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....b...(............................................................ ..........................................>......l?..................H....|..h(..............T...................P...(...P................................................text....a.......b.................. ..`.rdata..@............f..............@..@.data....#...P.......4..............@....pdata..H............F..............@..@.rsrc................`..............@..@.reloc...............t..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):151656
                                                                                                                                                                                                Entropy (8bit):6.107937984384151
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:rg0ZJbBAa/nEOV/jk6pRX2f6/0Xq7xsjUpZSDJfynl6XWl3+1nkfGX8:xbWa/n5djx2f68GZqJangm11us
                                                                                                                                                                                                MD5:1A5B8F0D04015B8701E567AEF0436A06
                                                                                                                                                                                                SHA1:6D7EEB82DDEB3B8799817238C20D6967040182A4
                                                                                                                                                                                                SHA-256:67D7A521D61216F4D47EB968026145CB6986AF55F41D63D3BA3FF0EABD218075
                                                                                                                                                                                                SHA-512:B74EFD639258E71C960462FD29D071D502CF1F2D1C6F065A9C440005B322E25E1353CD746C7A23E032214EE1020A291BF2AE8B94B8CA08DEEC4F390E716BB3E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8wd.Y.7.Y.7.Y.7...7.Y.7...7.Y.7...7.Y.7.1.6.Y.7.1.6.Y.7.1.6.Y.7.!.7.Y.7.!.7.Y.7.Y.7.Y.7.0.6.Y.7.0.6.Y.7.0.7.Y.7.Y.7.Y.7.0.6.Y.7Rich.Y.7................PE..d.....;d.........." .....(...........{..............................................Jf.... .................................................\...x....P.. ....0..x....(..h(...p..T...`...T............................................@..0............................text...h&.......(.................. ..`.rdata......@.......,..............@..@.data...T"..........................@....pdata..x....0......................@..@.rsrc... ....P......................@..@.reloc..T....p....... ..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):174184
                                                                                                                                                                                                Entropy (8bit):6.130411111013584
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:oIFnRaH73DmxoWrqg28zF372HW+9IZrIJx8yqUftO0SQDPJ8bH1nkfGXd:Na73DLW2UL2HWuWI2YDybmuN
                                                                                                                                                                                                MD5:982101D523D4CBA30EC1624D24F16BC8
                                                                                                                                                                                                SHA1:2B679342C60D1C05A17952CCFF2180619B8FE04E
                                                                                                                                                                                                SHA-256:CF8CBE11924CE0D1F1872CA3D434A069F5D41D4354634E1D1150CCBB8266733F
                                                                                                                                                                                                SHA-512:61B689331B558848AE49DDB69AE0E4B1D130DF5407FD46D8226871AB9D0C7CF652E2AA2C2F589562532E014CC0F079B59E7B5FD847385FF70F7D57D88AB6507E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....f...(......................................................d~.... ..........................................?......p@..........@.......l.......h(..............T...................0...(...0................................................text....e.......f.................. ..`.rdata..H............j..............@..@.data....#...P.......8..............@....pdata..l............J..............@..@.rsrc...@............d..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):174184
                                                                                                                                                                                                Entropy (8bit):6.128025983894254
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:v4gU6RGJ3MLYu2Q/IgE1WNPOlUir8FlY6dnyUu3m0SQg3R+CbyKW+1nkfGXjD:3GFMaKIt1soUir6lfYgfyN1un
                                                                                                                                                                                                MD5:3F9B6394CEE6FCA47696D33E66BFE254
                                                                                                                                                                                                SHA1:8218E8E137360203245880C67F163B71DD07B5EC
                                                                                                                                                                                                SHA-256:C712D6AD1238CB2836552DCB5DE353C8D59BA02D45A47EB849F870421915CB55
                                                                                                                                                                                                SHA-512:F04515297B977E3DF2578BB968498E9F0D149B91A37BC0054B306DC6EFD458DF0DB57F96CA1878AD664E48FD84FEE4B8FAA825886EBEDCF2C0208AB157359833
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....f...(......................................................I.... .........................................`?.......@..........(.......l.......h(..............T.......................(....................................................text...Hd.......f.................. ..`.rdata...............j..............@..@.data....#...P.......8..............@....pdata..l............J..............@..@.rsrc...(............d..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3158
                                                                                                                                                                                                Entropy (8bit):4.913333479650651
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:UbP8KN8q8F78H8qbax+w+tyQHYZkgefPWSTBt+53v0y8AyOfPmQf:UjbNHM6TVjYcldySOXm6
                                                                                                                                                                                                MD5:10264FB7BBB923F9D4E68DCC7AD85BD1
                                                                                                                                                                                                SHA1:C0317FD2DF0ED86C8D8CB40E496D2B340187A9C2
                                                                                                                                                                                                SHA-256:104578B4B73333839AA5A53B3F827596D98282EB24A55E1E641237B3BD9D5F56
                                                                                                                                                                                                SHA-512:A064E3E43C575A046DCC40A03543A660C4172FD8517F030A0C8188C6AB0ACBFAD9E56E88364E092A41DFE893E2402B174535E15AB2E10721CBA2B80D5B99C642
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PrediffBufferW"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*..+----------------------------------------------------------------------+..| This is a plugin for WinMerge <www.winmerge.org>. |..| It will ignores leading line numbers in text files. |..| Copyright (C) 2007 by Tim Gerundt |..+----------------------------------------------------------------------+..| This program is free software; you can redistribute it and/or modify |..| it under the terms of the GNU Genera
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12982
                                                                                                                                                                                                Entropy (8bit):5.308012785936211
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:GAcOkiyn3B1jbk1pbFDIO9ia7gDQiJTxnVvlkmPEgRLVZQph1mZ7dv1WZQt1Fpys:y1z2hVg8gs2TxnVv+Ngpt
                                                                                                                                                                                                MD5:6EC2668BA9DE05F631D0C709EFA53294
                                                                                                                                                                                                SHA1:1CD6FE9852B3815C7533EA4FDE92FCA9C7480883
                                                                                                                                                                                                SHA-256:2138B9799D3724463D021FCBFC5975BE39C2A44342A23B470A7D039DEDC275F8
                                                                                                                                                                                                SHA-512:9B1B77DEC491699E2909E598FD3AEDC92CC237C68F2131C62C5A83665331388009E4330F35E8A187EB4CBD80270219B2700DD5173D90AC929BAE6F8300E3BEB2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<plugins>.. <plugin name="HandleSchemeHTTP">.. <event value="URL_PACK_UNPACK" />.. <description value="HTTP URL Scheme Handler with curl. &#xD;&#xA;Arguments: Command line options passed to the curl command." />.. <file-filters value="^http://.*$;^https://.*$" />.. <extended-properties value="ProcessType=URL Handling" />.. <is-automatic value="true" />.. <arguments value="--fail -L " />.. <unpack-file>.. <command>curl ${*} -o "${DST_FILE}" "${SRC_FILE}"</command>.. </unpack-file>.. </plugin>.. <plugin name="HandleSchemeReg">.. <event value="URL_PACK_UNPACK" />.. <description value="Windows Registry URL Scheme Handler. &#xD;&#xA;Arguments: Command line options passed to the reg.exe command." />.. <file-filters value="^reg:.*$" />.. <extended-properties value="ProcessType=URL Handling" />.. <is-automatic value="true" />.. <unpacked-file-extension value=".reg" />.. <arguments value="" />.. <unpack-file>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16019
                                                                                                                                                                                                Entropy (8bit):5.014576207070997
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHM60SD2eYGLACDjraBTAG7Y6cWZi/isooLiNb7AeOZXcyo1ToSUGaqdYa:UkSD2T5YZloYebLOZXchToSUGaqdYa
                                                                                                                                                                                                MD5:BF210CD748A78296534C436A735C0D4E
                                                                                                                                                                                                SHA1:815680EDC9568807125A98F7E0D88E672EC6952C
                                                                                                                                                                                                SHA-256:BA61472F28DD8701BC7D69CB41D35FFEA612B68D47892FD11DF293927C2E4148
                                                                                                                                                                                                SHA-512:75CC58DC7EDD8C99646E2C594F2CE1C50C4C21307CB17312B976A4E4B953D820B7A44566704F32A2D1076C4AAD9511B8F27D169CDEEFC692A3CBC66657964D84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="PrediffBufferW"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It does almost the same thing as Substitution filters... Copyright (C) 2018-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either version 2 of the License, or.. (at your option) any later version..... This program is distributed in the hop
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22862
                                                                                                                                                                                                Entropy (8bit):4.900094552445541
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHbMC1y/KAL41x2RjpLdZbde8MicK6vxa7Y6cWmPMu6POPLkXyPoOvLOaaRBTY:UgZ0x2RRDZMicNiYJsGwXy7YT/UCO7
                                                                                                                                                                                                MD5:C9781B687B8922BFDD40BA4551751151
                                                                                                                                                                                                SHA1:27D4D50F1C80A020FD3A50F184080603DE79A260
                                                                                                                                                                                                SHA-256:C30B40B32152E04EAC978AD1B1A1A9C39E66FF83CB58A3539179346EFA1F8627
                                                                                                                                                                                                SHA-512:10515CF98C943EA09D0466A9232E56CCFE3F42084C481DE47D45D631A2008355E8AB8E632AF718355994F21640EBDB7E1CC91D82EED585468137BC11414D14AD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginArguments">.. <get/>.. <put/>.. </property>.. <property name="PluginVariables">.. <get/>.. <put/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="ExecFilterCommand"/>.. <method name="MakeUpper"/>.. <method name="MakeLower"/>.. <method name="RemoveDuplicates"/>.. <method name="CountDuplicates"/>.. <method name="SortAscending"/>.. <method name="SortDescending"/>.. <method name="ReverseColumns"/>.. <method name="ReverseLines"/>.. <method name="SelectColumns"/>.. <method name="SelectLines"/>.. <method name="Replace" internalName="ReplaceText"/>.. <method name="Tokenize"/>.. <method name="Trim"/>..</imp
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                Entropy (8bit):4.993711086926044
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:RJbCX0K5z0mC2z0kz0F3Stje0L6CBxnHRwnfV+f3M15:zbZK5omokoF3SBe4HBxWnt+Ef
                                                                                                                                                                                                MD5:41C871180E6CDDAF7BE40507AF66D75C
                                                                                                                                                                                                SHA1:FA4E77B051B46B05041779E2B0FE6E542A552D6B
                                                                                                                                                                                                SHA-256:C68D5B3A64CC80B2FC08BA9A96404F935954D31EB2B952B1617DE84459CBEB8C
                                                                                                                                                                                                SHA-512:50A539412CB16EBF4B8D957F6D5C42D75AF9132FBA1B5F74633A588354B477F30A8B8F830D125D6015701489569EFD6A92380636B0D189B6D3D40648492EAF23
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>....<implements type="Automation" id="dispatcher">...<property name="PluginEvent">....<get/>...</property>...<property name="PluginDescription">....<get/>...</property>...<property name="PluginExtendedProperties">....<get/>...</property>...<property name="PluginFileFilters">....<get/>...</property>...<method name="InsertDate"/>...<method name="InsertTime"/>..</implements>....<script language="JScript">....function get_PluginEvent() {...return "EDITOR_SCRIPT";..}....function get_PluginDescription() {...return "Date and time insertion function";..}....function get_PluginFileFilters() {...return ".*";..}....function get_PluginExtendedProperties() {...return "InsertDate.MenuCaption=Insert Date;InsertTime.MenuCaption=Insert Time";..}....// transformation functions..function InsertDate(Text) {...return Text + (new Date()).toLocaleDateString();..}....function InsertTime(Text) {...return Text + (new Date()).toLocaleTimeString();..}....</script>..</scriptlet>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19674
                                                                                                                                                                                                Entropy (8bit):5.183518757129629
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKuD/WGjTejV1T3i9RoKTD8kloIJsgDVPHf9NnIABURF8UIsYa:U6KuD/hTeZ1rCSKv8kloIJnP1NnIABUr
                                                                                                                                                                                                MD5:A28135FC9121216A06EF96744E39F09E
                                                                                                                                                                                                SHA1:DFFE34B4AB37B5281F98510F755937057CE25AEE
                                                                                                                                                                                                SHA-256:BBE31396185378BD2829299C8D0A8879A86AE8FA18E4E426AB4378F3D712D9CA
                                                                                                                                                                                                SHA-512:CCB042D9FDD2F5D8E547575AF75FDD94CD186359921654F46AAEF9782C9636567E84374E6544AA3B7DAFCB24413FFC30BC085F0EEB07755CEDE801691D297976
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Word files... Copyright (C) 2008-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either v
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17248
                                                                                                                                                                                                Entropy (8bit):5.168586711019873
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKvDvqGlqejCinEr58kloIfs+wP0iNn7W8UIsYa:U6KvDvDqejC6Er58kloIfkPRNn7W8UIw
                                                                                                                                                                                                MD5:CF56F3A41C04830E8BB769BAD576B608
                                                                                                                                                                                                SHA1:49AAF7CF14DC6BB00DFC6C5E216E78CEAB17418E
                                                                                                                                                                                                SHA-256:DA48A7D487A2DDD8A7B8673002DB30AA40629C44744E8D3C3EAEE1EC184605D3
                                                                                                                                                                                                SHA-512:1408BB3AB411A09884DD3C49915E7925ECC54F67E238770E92E1D1CA2B272078504BA57462561A1170D1DD7CB76F3A7F7F40B53CE90555E3B1CDB21F12CBB40F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Visio files... Copyright (C) 2020 dedicatus.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either version 2 of
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                Entropy (8bit):4.993711086926044
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:RJbCX0K5z0mC2z0kz0F3Stje0L6CBxnHRwnfV+f3M15:zbZK5omokoF3SBe4HBxWnt+Ef
                                                                                                                                                                                                MD5:41C871180E6CDDAF7BE40507AF66D75C
                                                                                                                                                                                                SHA1:FA4E77B051B46B05041779E2B0FE6E542A552D6B
                                                                                                                                                                                                SHA-256:C68D5B3A64CC80B2FC08BA9A96404F935954D31EB2B952B1617DE84459CBEB8C
                                                                                                                                                                                                SHA-512:50A539412CB16EBF4B8D957F6D5C42D75AF9132FBA1B5F74633A588354B477F30A8B8F830D125D6015701489569EFD6A92380636B0D189B6D3D40648492EAF23
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>....<implements type="Automation" id="dispatcher">...<property name="PluginEvent">....<get/>...</property>...<property name="PluginDescription">....<get/>...</property>...<property name="PluginExtendedProperties">....<get/>...</property>...<property name="PluginFileFilters">....<get/>...</property>...<method name="InsertDate"/>...<method name="InsertTime"/>..</implements>....<script language="JScript">....function get_PluginEvent() {...return "EDITOR_SCRIPT";..}....function get_PluginDescription() {...return "Date and time insertion function";..}....function get_PluginFileFilters() {...return ".*";..}....function get_PluginExtendedProperties() {...return "InsertDate.MenuCaption=Insert Date;InsertTime.MenuCaption=Insert Time";..}....// transformation functions..function InsertDate(Text) {...return Text + (new Date()).toLocaleDateString();..}....function InsertTime(Text) {...return Text + (new Date()).toLocaleTimeString();..}....</script>..</scriptlet>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):34503
                                                                                                                                                                                                Entropy (8bit):5.118612059167486
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:UqK2D4d3CUnOfqn3tWCk9kj6+I8kloI+duPKNxA1BT0oiD8Urjw:U5QUn4qn7wU8+duPKNb3Q
                                                                                                                                                                                                MD5:6B8B5C550D75510E680D5E776039D660
                                                                                                                                                                                                SHA1:71CBF6965228603AC7894ECBA0C1B8E5AB130546
                                                                                                                                                                                                SHA-256:8F214DA58127DED296C3FBD2CAA9A0F1BB2CDE235D75319D9BA6C18FD66A41E0
                                                                                                                                                                                                SHA-512:471EF8A5B415833B4F488CCE376A0D9DC64C65A8753336FA00377C08899472DCE44312EB2E88AB2C6190EB3E211B2889C71FFF53CD24D8A8C0DD802D3916ED45
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginUnpackedFileExtension">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS Excel files... Copyright (C) 2005-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU Gener
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22862
                                                                                                                                                                                                Entropy (8bit):4.900094552445541
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHbMC1y/KAL41x2RjpLdZbde8MicK6vxa7Y6cWmPMu6POPLkXyPoOvLOaaRBTY:UgZ0x2RRDZMicNiYJsGwXy7YT/UCO7
                                                                                                                                                                                                MD5:C9781B687B8922BFDD40BA4551751151
                                                                                                                                                                                                SHA1:27D4D50F1C80A020FD3A50F184080603DE79A260
                                                                                                                                                                                                SHA-256:C30B40B32152E04EAC978AD1B1A1A9C39E66FF83CB58A3539179346EFA1F8627
                                                                                                                                                                                                SHA-512:10515CF98C943EA09D0466A9232E56CCFE3F42084C481DE47D45D631A2008355E8AB8E632AF718355994F21640EBDB7E1CC91D82EED585468137BC11414D14AD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginArguments">.. <get/>.. <put/>.. </property>.. <property name="PluginVariables">.. <get/>.. <put/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="ExecFilterCommand"/>.. <method name="MakeUpper"/>.. <method name="MakeLower"/>.. <method name="RemoveDuplicates"/>.. <method name="CountDuplicates"/>.. <method name="SortAscending"/>.. <method name="SortDescending"/>.. <method name="ReverseColumns"/>.. <method name="ReverseLines"/>.. <method name="SelectColumns"/>.. <method name="SelectLines"/>.. <method name="Replace" internalName="ReplaceText"/>.. <method name="Tokenize"/>.. <method name="Trim"/>..</imp
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19450
                                                                                                                                                                                                Entropy (8bit):5.167929592463697
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXK+DSmGo3+RwTziNS3q8kloIsDGfPP8NJ2oC8UrxsYa:U6K+DS9RwTzuS3q8kloIsGPENJ2oC8Ui
                                                                                                                                                                                                MD5:F1711CB8222885CBEBCF6E5A169E5B32
                                                                                                                                                                                                SHA1:5AB3B84B4E22EA1B5685B19198B5FF3E5555C246
                                                                                                                                                                                                SHA-256:EDFCC75BF05222849A1AEB3B4565F58C491FBA5642CD49C4A355F3D76A54B898
                                                                                                                                                                                                SHA-512:EC6392BC3CAEA4672EA9F6F55018BF6AC433366E0D69055A2E8481F1B87184C544D116D788FA4144CB8AD0C8FEF7744B0D1A7FAC9ED08FBE736B9A563FC5CB11
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will display the text content of MS PowerPoint files... Copyright (C) 2016-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; ei
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):174184
                                                                                                                                                                                                Entropy (8bit):6.130411111013584
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:oIFnRaH73DmxoWrqg28zF372HW+9IZrIJx8yqUftO0SQDPJ8bH1nkfGXd:Na73DLW2UL2HWuWI2YDybmuN
                                                                                                                                                                                                MD5:982101D523D4CBA30EC1624D24F16BC8
                                                                                                                                                                                                SHA1:2B679342C60D1C05A17952CCFF2180619B8FE04E
                                                                                                                                                                                                SHA-256:CF8CBE11924CE0D1F1872CA3D434A069F5D41D4354634E1D1150CCBB8266733F
                                                                                                                                                                                                SHA-512:61B689331B558848AE49DDB69AE0E4B1D130DF5407FD46D8226871AB9D0C7CF652E2AA2C2F589562532E014CC0F079B59E7B5FD847385FF70F7D57D88AB6507E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....f...(......................................................d~.... ..........................................?......p@..........@.......l.......h(..............T...................0...(...0................................................text....e.......f.................. ..`.rdata..H............j..............@..@.data....#...P.......8..............@....pdata..l............J..............@..@.rsrc...@............d..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12982
                                                                                                                                                                                                Entropy (8bit):5.308012785936211
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:GAcOkiyn3B1jbk1pbFDIO9ia7gDQiJTxnVvlkmPEgRLVZQph1mZ7dv1WZQt1Fpys:y1z2hVg8gs2TxnVv+Ngpt
                                                                                                                                                                                                MD5:6EC2668BA9DE05F631D0C709EFA53294
                                                                                                                                                                                                SHA1:1CD6FE9852B3815C7533EA4FDE92FCA9C7480883
                                                                                                                                                                                                SHA-256:2138B9799D3724463D021FCBFC5975BE39C2A44342A23B470A7D039DEDC275F8
                                                                                                                                                                                                SHA-512:9B1B77DEC491699E2909E598FD3AEDC92CC237C68F2131C62C5A83665331388009E4330F35E8A187EB4CBD80270219B2700DD5173D90AC929BAE6F8300E3BEB2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<plugins>.. <plugin name="HandleSchemeHTTP">.. <event value="URL_PACK_UNPACK" />.. <description value="HTTP URL Scheme Handler with curl. &#xD;&#xA;Arguments: Command line options passed to the curl command." />.. <file-filters value="^http://.*$;^https://.*$" />.. <extended-properties value="ProcessType=URL Handling" />.. <is-automatic value="true" />.. <arguments value="--fail -L " />.. <unpack-file>.. <command>curl ${*} -o "${DST_FILE}" "${SRC_FILE}"</command>.. </unpack-file>.. </plugin>.. <plugin name="HandleSchemeReg">.. <event value="URL_PACK_UNPACK" />.. <description value="Windows Registry URL Scheme Handler. &#xD;&#xA;Arguments: Command line options passed to the reg.exe command." />.. <file-filters value="^reg:.*$" />.. <extended-properties value="ProcessType=URL Handling" />.. <is-automatic value="true" />.. <unpacked-file-extension value=".reg" />.. <arguments value="" />.. <unpack-file>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17965
                                                                                                                                                                                                Entropy (8bit):5.164550570085457
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:UWXKeDxvWtmZftw8kloCzFRZqJ7Z36wZ3w1iYa:U6KeDxvWtm9tw8kloV36wZj
                                                                                                                                                                                                MD5:9DB6608941460DBBA2617D5854B5CDC0
                                                                                                                                                                                                SHA1:DD0BB0C8C11478A8E9B27D42BC5EF1E7A15EBB98
                                                                                                                                                                                                SHA-256:68009DB1C6BE9500E0241407CD2CCCD4EFA80CFEF2661BCEAE1C690C02EB745D
                                                                                                                                                                                                SHA-512:EF2EF0026750DBC896AA146493CF66F9799BBE1C935A4D7F5B8B41B9C075AEBFF76ADD491C00C2A24B47EFD89E0B2FF250E925C1AE6DBEEA7FD99A09CEFC600F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="UnpackFile"/>.. <method name="PackFile"/>.. <method name="IsFolder"/>.. <method name="UnpackFolder"/>.. <method name="PackFolder"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It will apply selected patch to specified file or folder using GNU patch... Copyright (C) 2015-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Softwa
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3158
                                                                                                                                                                                                Entropy (8bit):4.913333479650651
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:UbP8KN8q8F78H8qbax+w+tyQHYZkgefPWSTBt+53v0y8AyOfPmQf:UjbNHM6TVjYcldySOXm6
                                                                                                                                                                                                MD5:10264FB7BBB923F9D4E68DCC7AD85BD1
                                                                                                                                                                                                SHA1:C0317FD2DF0ED86C8D8CB40E496D2B340187A9C2
                                                                                                                                                                                                SHA-256:104578B4B73333839AA5A53B3F827596D98282EB24A55E1E641237B3BD9D5F56
                                                                                                                                                                                                SHA-512:A064E3E43C575A046DCC40A03543A660C4172FD8517F030A0C8188C6AB0ACBFAD9E56E88364E092A41DFE893E2402B174535E15AB2E10721CBA2B80D5B99C642
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PrediffBufferW"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*..+----------------------------------------------------------------------+..| This is a plugin for WinMerge <www.winmerge.org>. |..| It will ignores leading line numbers in text files. |..| Copyright (C) 2007 by Tim Gerundt |..+----------------------------------------------------------------------+..| This program is free software; you can redistribute it and/or modify |..| it under the terms of the GNU Genera
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16637
                                                                                                                                                                                                Entropy (8bit):5.266492744194956
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHbMCbWhkeeN8cWMCD6kRLCAomZrLXwlmIFDi/isobN55ThNDfYjpYa:UfxOD6jngLg6lopjLDwjpYa
                                                                                                                                                                                                MD5:6EE3558516C464A2FF43BDF6F0EF5F2F
                                                                                                                                                                                                SHA1:1CAFB5DB4467AEC4687782CC44F6DF8352BA588D
                                                                                                                                                                                                SHA-256:12707EAAB80F0608E53369D0E8D2ED213124DCB8DFFD65B9573743BAE2BCFB50
                                                                                                                                                                                                SHA-512:FEC1E8A620B435E4480329943F2F7447AFDC233757D8E6B568DD27F7652187730758E38FA2361823BC2A71C4EE083F1E2B0A8A4522EEF98AE6008A754A2FB1EA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginArguments">.. <get/>.. <put/>.. </property>.. <property name="PluginVariables">.. <get/>.. <put/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="AIConvertText"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">....var REGKEY_PATH = "Plugins\\AI.sct/";..var wsh = new ActiveXObject("WScript.Shell");..var fso = new ActiveXObject("Scripting.FileSystemObject");..var pluginArguments = "";..var variables = new Array();..var mergeApp;....function get_PluginEvent() { return "EDITOR_SCRIPT"; }..function get_PluginDescription() { return "AI-assisted text conversion functions"; }..funct
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):174184
                                                                                                                                                                                                Entropy (8bit):6.128025983894254
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:v4gU6RGJ3MLYu2Q/IgE1WNPOlUir8FlY6dnyUu3m0SQg3R+CbyKW+1nkfGXjD:3GFMaKIt1soUir6lfYgfyN1un
                                                                                                                                                                                                MD5:3F9B6394CEE6FCA47696D33E66BFE254
                                                                                                                                                                                                SHA1:8218E8E137360203245880C67F163B71DD07B5EC
                                                                                                                                                                                                SHA-256:C712D6AD1238CB2836552DCB5DE353C8D59BA02D45A47EB849F870421915CB55
                                                                                                                                                                                                SHA-512:F04515297B977E3DF2578BB968498E9F0D149B91A37BC0054B306DC6EFD458DF0DB57F96CA1878AD664E48FD84FEE4B8FAA825886EBEDCF2C0208AB157359833
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....f...(......................................................I.... .........................................`?.......@..........(.......l.......h(..............T.......................(....................................................text...Hd.......f.................. ..`.rdata...............j..............@..@.data....#...P.......8..............@....pdata..l............J..............@..@.rsrc...(............d..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):173160
                                                                                                                                                                                                Entropy (8bit):6.1281484959414785
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:epIp/Rcl3pWU4gM0M2Yy4KUS6XT+TkdxURy0SQJXdJGm1nkfGX2:Vcl3pk8cNKd6j+IYJtUtum
                                                                                                                                                                                                MD5:F7471F10F0D1B908A6A5886AAA7FD8B0
                                                                                                                                                                                                SHA1:41E3BEE7C9E9EC44B3F6A8A771A6630C69F96951
                                                                                                                                                                                                SHA-256:0418CAD9A771E4DF444B03DA6C1F2B0245FBFCEBFF696C3212D91B1F9EA8E51B
                                                                                                                                                                                                SHA-512:8A8B047D2B92F1E26F0FE3B298CD3B88A588A8F261BF83EC1409BDE57E766EF4216FEAFACD1280C22E60FE8638CC1A7B23F82F0BAFAEE63350475CC7FF657CA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.....y...y...y.]....y.]..h.y.]....y.@.}...y.@.z...y.@.|.?.y.......y.......y...x..y.|...y.y...y.....y.......y.{...y.Rich..y.........PE..d.....;d.........." .....b...(............................................................ ..........................................>......l?..................H....|..h(..............T...................P...(...P................................................text....a.......b.................. ..`.rdata..@............f..............@..@.data....#...P.......4..............@....pdata..H............F..............@..@.rsrc................`..............@..@.reloc...............t..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):151656
                                                                                                                                                                                                Entropy (8bit):6.107937984384151
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:rg0ZJbBAa/nEOV/jk6pRX2f6/0Xq7xsjUpZSDJfynl6XWl3+1nkfGX8:xbWa/n5djx2f68GZqJangm11us
                                                                                                                                                                                                MD5:1A5B8F0D04015B8701E567AEF0436A06
                                                                                                                                                                                                SHA1:6D7EEB82DDEB3B8799817238C20D6967040182A4
                                                                                                                                                                                                SHA-256:67D7A521D61216F4D47EB968026145CB6986AF55F41D63D3BA3FF0EABD218075
                                                                                                                                                                                                SHA-512:B74EFD639258E71C960462FD29D071D502CF1F2D1C6F065A9C440005B322E25E1353CD746C7A23E032214EE1020A291BF2AE8B94B8CA08DEEC4F390E716BB3E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8wd.Y.7.Y.7.Y.7...7.Y.7...7.Y.7...7.Y.7.1.6.Y.7.1.6.Y.7.1.6.Y.7.!.7.Y.7.!.7.Y.7.Y.7.Y.7.0.6.Y.7.0.6.Y.7.0.7.Y.7.Y.7.Y.7.0.6.Y.7Rich.Y.7................PE..d.....;d.........." .....(...........{..............................................Jf.... .................................................\...x....P.. ....0..x....(..h(...p..T...`...T............................................@..0............................text...h&.......(.................. ..`.rdata......@.......,..............@..@.data...T"..........................@....pdata..x....0......................@..@.rsrc... ....P......................@..@.reloc..T....p....... ..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16019
                                                                                                                                                                                                Entropy (8bit):5.014576207070997
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:UjhHM60SD2eYGLACDjraBTAG7Y6cWZi/isooLiNb7AeOZXcyo1ToSUGaqdYa:UkSD2T5YZloYebLOZXchToSUGaqdYa
                                                                                                                                                                                                MD5:BF210CD748A78296534C436A735C0D4E
                                                                                                                                                                                                SHA1:815680EDC9568807125A98F7E0D88E672EC6952C
                                                                                                                                                                                                SHA-256:BA61472F28DD8701BC7D69CB41D35FFEA612B68D47892FD11DF293927C2E4148
                                                                                                                                                                                                SHA-512:75CC58DC7EDD8C99646E2C594F2CE1C50C4C21307CB17312B976A4E4B953D820B7A44566704F32A2D1076C4AAD9511B8F27D169CDEEFC692A3CBC66657964D84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<scriptlet>..<implements type="Automation" id="dispatcher">.. <property name="PluginEvent">.. <get/>.. </property>.. <property name="PluginDescription">.. <get/>.. </property>.. <property name="PluginFileFilters">.. <get/>.. </property>.. <property name="PluginIsAutomatic">.. <get/>.. </property>.. <property name="PluginExtendedProperties">.. <get/>.. </property>.. <method name="PluginOnEvent"/>.. <method name="PrediffBufferW"/>.. <method name="ShowSettingsDialog"/>..</implements>....<script language="JScript">..../*.. This is a plugin for WinMerge... It does almost the same thing as Substitution filters... Copyright (C) 2018-2024 Takashi Sawanaka.... This program is free software; you can redistribute it and/or modify.. it under the terms of the GNU General Public License as published by.. the Free Software Foundation; either version 2 of the License, or.. (at your option) any later version..... This program is distributed in the hop
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):231528
                                                                                                                                                                                                Entropy (8bit):6.506056630709445
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:+CZG4+tGZQSUWBCQbYdMOS4vRUmg7ZqSblN7ZqSH6ruN:+8G4+hSU0CosMOSie/6g
                                                                                                                                                                                                MD5:48F286AB3AFD0BC27E7ED7B929D6FE61
                                                                                                                                                                                                SHA1:04AFC07428E16954DB452961CB4B19F5DBD3B50A
                                                                                                                                                                                                SHA-256:775F3855AFA14F54AB9DB1C2587C4B3558A65CE6F98BA818765A3A4462F96777
                                                                                                                                                                                                SHA-512:C422CB6EF070D9A5C92CBBBD95C2B8F1E8E619BCCD6B30F4CD041A9CE071ECE937CDCD1F7F0722803ABDBD17B8DBAB5900BD7419FA278FBDFFE27D30D04230E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......r..@6...6...6.....O.;.....M.......L./...d..$...d..$...d......?.=.0...?.-.'...6..........1......7.....A.7...6.).7......7...Rich6...........................PE..L.../..c...........!.........h......................................................A.....@.................................l...........x............`..h(...p...... ...............................@...@...............8............................text...i........................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):270952
                                                                                                                                                                                                Entropy (8bit):6.235786739473447
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:U9y9rRdn9lYRI5YN9neE1OlGqQMbWdg7ZqSblN7ZqSkulb:U9y99lYR0eoE1MhZWdeX
                                                                                                                                                                                                MD5:67DF5A575E5B257CD500BACA605EA4D1
                                                                                                                                                                                                SHA1:FD9530086765B59E852D57C48193A1D07CA2CE77
                                                                                                                                                                                                SHA-256:77D4DC3911803F369B47A8622191B77F77F8FAC6C7ED7607A6B58F1CFF454AEC
                                                                                                                                                                                                SHA-512:F8EF332CFF398E74EF9247C50EE120D1554C82545C15D617C38AED9D07E35DCC0F84A7B26506EBB09930F1AB80BE59C092142B25866A7DD320C02F50C30F201C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.r.n...n...n....z..i....z.......z..`...<...~...<...f...<...C...g...k...g...o...g.......n..........i......o......o...n..o......o...Richn...........PE..d...>..c.........." .....,...................................................0.......;....`................................................../..........x....p..........h(... ..@....................................................@...............................text....+.......,.................. ..`.rdata..:....@.......0..............@..@.data....$...@.......0..............@....pdata.......p... ...B..............@..@.rsrc...x............b..............@..@.reloc..@.... ......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18327
                                                                                                                                                                                                Entropy (8bit):4.734251349778708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lq2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDT2:lzun1iYWrTXo0UDT2
                                                                                                                                                                                                MD5:537A8603E1EDA9DE80EE34F607C0CB09
                                                                                                                                                                                                SHA1:9871A6FC4895037B02AC04978AB4A21D9BA4030C
                                                                                                                                                                                                SHA-256:D3533C10B656BEC2782600B05B471ABE3AC916E228B27929CDA1F83C49D7E7A5
                                                                                                                                                                                                SHA-512:5DDFA15A89DCF147072A442C05AA16AF6A215FE8A3811E5A71007099D260687929A5505373F96B9F70EF21E101DC7042345CD358150367905C4CBA18E5DA32B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed........ Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free software, we are referring to freedom, not..price. Our General Publi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5890152
                                                                                                                                                                                                Entropy (8bit):6.2624617822339985
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:Ea7Y1TumEKF433tbclfg+H3hPAQ+VX+1/v9WfdYZTqT8B/qGRzftBfKO1:Z7C0QXA4pgsRNKq
                                                                                                                                                                                                MD5:FB54BD8252D68DB9B863CAFF77C82BE8
                                                                                                                                                                                                SHA1:359870716D28C1C2AB5CDF09F2A73EBDCE4169FF
                                                                                                                                                                                                SHA-256:AE0380BF2A7871C5194369A41562253BD290F761DA712BC8BAFFD62DA404CE4B
                                                                                                                                                                                                SHA-512:4641C7D4DD25E4E1CE5B6FCA998DB4C2F1D8FF87D8D4FA7FDE55109AB875901C10595F23065AAEEFDF18BAE822055ADC29CD7F75E983DDF26873EDF55EF72F11
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......c.$.'.J.'.J.'.J.B.I.9.J.B.O...J..W..#.J.u.O.d.J.u.N...J.u.I.*.J.B.N...J.B.K.6.J.'.K...J...C...J...J.&.J.....&.J.'..&.J...H.&.J.Rich'.J.........................PE..d......f.........." ......&...3......_....................................... Z......zZ...`...........................................C.....|.C.......Y.......X.,9....Y.h(....Y..<....@.T...................p.@.(...p.@..............0&..............................text.....&.......&................. ..`.rdata.......0&.......&.............@..@.data...@\... C.. ....C.............@....pdata..,9....X..:...&X.............@..@_RDATA..P.....Y......`Y.............@..@.rsrc.........Y......lY.............@..@.reloc...<....Y..>...zY.............@..B........................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with very long lines (803), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17878
                                                                                                                                                                                                Entropy (8bit):4.695697603212868
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:BIQaInRRSW6sQwCbhwTJ7But8KMyTypHC:BbJWjKt2fRypHC
                                                                                                                                                                                                MD5:1FBED70BE9D970D3DA399F33DAE9CC51
                                                                                                                                                                                                SHA1:FCB646ADBB54442641203F196FA5B4A373AD3508
                                                                                                                                                                                                SHA-256:D51615A1A47F1DDBB027920D60D3FC30A00E1284C795A47857883E641349FADF
                                                                                                                                                                                                SHA-512:E445F64E5CBEE05C28194E56F66B09C27434E4815C9F1AE8089ABCD6F6F327B29A8ECEA5E7D1517D77F43B22443DC4864EA5DC10DDDA9C2C9FE95B4DEBF66198
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GNU General Public License, version 2 (GPL-2.0)..[OSI Approved License]..The GNU General Public License (GPL-2.0)..Version 2, June 1991....Copyright (C) 1989, 1991 Free Software Foundation, Inc...59 Temple Place, Suite 330, Boston, MA 02111-1307 USA....Everyone is permitted to copy and distribute verbatim copies..of this license document, but changing it is not allowed.....Preamble....The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.....When we speak of free software, we are referring t
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5890152
                                                                                                                                                                                                Entropy (8bit):6.2624617822339985
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:Ea7Y1TumEKF433tbclfg+H3hPAQ+VX+1/v9WfdYZTqT8B/qGRzftBfKO1:Z7C0QXA4pgsRNKq
                                                                                                                                                                                                MD5:FB54BD8252D68DB9B863CAFF77C82BE8
                                                                                                                                                                                                SHA1:359870716D28C1C2AB5CDF09F2A73EBDCE4169FF
                                                                                                                                                                                                SHA-256:AE0380BF2A7871C5194369A41562253BD290F761DA712BC8BAFFD62DA404CE4B
                                                                                                                                                                                                SHA-512:4641C7D4DD25E4E1CE5B6FCA998DB4C2F1D8FF87D8D4FA7FDE55109AB875901C10595F23065AAEEFDF18BAE822055ADC29CD7F75E983DDF26873EDF55EF72F11
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......c.$.'.J.'.J.'.J.B.I.9.J.B.O...J..W..#.J.u.O.d.J.u.N...J.u.I.*.J.B.N...J.B.K.6.J.'.K...J...C...J...J.&.J.....&.J.'..&.J...H.&.J.Rich'.J.........................PE..d......f.........." ......&...3......_....................................... Z......zZ...`...........................................C.....|.C.......Y.......X.,9....Y.h(....Y..<....@.T...................p.@.(...p.@..............0&..............................text.....&.......&................. ..`.rdata.......0&.......&.............@..@.data...@\... C.. ....C.............@....pdata..,9....X..:...&X.............@..@_RDATA..P.....Y......`Y.............@..@.rsrc.........Y......lY.............@..@.reloc...<....Y..>...zY.............@..B........................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18327
                                                                                                                                                                                                Entropy (8bit):4.734251349778708
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:lq2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDT2:lzun1iYWrTXo0UDT2
                                                                                                                                                                                                MD5:537A8603E1EDA9DE80EE34F607C0CB09
                                                                                                                                                                                                SHA1:9871A6FC4895037B02AC04978AB4A21D9BA4030C
                                                                                                                                                                                                SHA-256:D3533C10B656BEC2782600B05B471ABE3AC916E228B27929CDA1F83C49D7E7A5
                                                                                                                                                                                                SHA-512:5DDFA15A89DCF147072A442C05AA16AF6A215FE8A3811E5A71007099D260687929A5505373F96B9F70EF21E101DC7042345CD358150367905C4CBA18E5DA32B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.. GNU GENERAL PUBLIC LICENSE.... Version 2, June 1991.... Copyright (C) 1989, 1991 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed........ Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..License is intended to guarantee your freedom to share and change free..software--to make sure the software is free for all its users. This..General Public License applies to most of the Free Software..Foundation's software and to any other program whose authors commit to..using it. (Some other Free Software Foundation software is covered by..the GNU Library General Public License instead.) You can apply it to..your programs, too..... When we speak of free software, we are referring to freedom, not..price. Our General Publi
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with very long lines (803), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17878
                                                                                                                                                                                                Entropy (8bit):4.695697603212868
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:BIQaInRRSW6sQwCbhwTJ7But8KMyTypHC:BbJWjKt2fRypHC
                                                                                                                                                                                                MD5:1FBED70BE9D970D3DA399F33DAE9CC51
                                                                                                                                                                                                SHA1:FCB646ADBB54442641203F196FA5B4A373AD3508
                                                                                                                                                                                                SHA-256:D51615A1A47F1DDBB027920D60D3FC30A00E1284C795A47857883E641349FADF
                                                                                                                                                                                                SHA-512:E445F64E5CBEE05C28194E56F66B09C27434E4815C9F1AE8089ABCD6F6F327B29A8ECEA5E7D1517D77F43B22443DC4864EA5DC10DDDA9C2C9FE95B4DEBF66198
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GNU General Public License, version 2 (GPL-2.0)..[OSI Approved License]..The GNU General Public License (GPL-2.0)..Version 2, June 1991....Copyright (C) 1989, 1991 Free Software Foundation, Inc...59 Temple Place, Suite 330, Boston, MA 02111-1307 USA....Everyone is permitted to copy and distribute verbatim copies..of this license document, but changing it is not allowed.....Preamble....The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.....When we speak of free software, we are referring t
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):122632
                                                                                                                                                                                                Entropy (8bit):6.4016593965630335
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:TOjhZA084Keuiz5xVRmX+OzFYlifJJr95fQcCVK1nlsWjcdqOCXf9yjZUhchRIM:ih2euiFfRi+Gb954VKYqRX1yj0chuM
                                                                                                                                                                                                MD5:0BF44140B929D5B80CF5F3A8FBA33767
                                                                                                                                                                                                SHA1:C8B1D80346C5B1DD9BB76A5BEE624E790BC9C5D9
                                                                                                                                                                                                SHA-256:5A520B3DE6C24FBD81A0281F7B3D3FDB97455F1D5E14880BDE423DD765A2C8B6
                                                                                                                                                                                                SHA-512:3B6D236F48E0BA55D0835E83E940C54E9B81986669C1CA1DD0D1BCC1D11F32C9DF4A2DF657B83EDF9DA09B724E0761D1245F79717571150AAEBE1BC94D3330CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0h..^;..^;..^;...;..^;.;..^;.;..^;.;..^;..;..^;..;..^;.._;..^;...;..^;...;..^;.;..^;...;..^;...;..^;Rich..^;................PE..L....FiU............................e........0....@.......................... .......v....@............................................(...........................`2..8...........................X...@............0...............................text............................... ..`.rdata...m...0...n..................@..@.data....6..........................@....rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):340072
                                                                                                                                                                                                Entropy (8bit):6.236429451655527
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:uqI8aJqnYpaopav9rANh4iH/2mehHD09g7ZqSblN7ZqSeuWG:1I8ayYaooav4ifSw9eGG
                                                                                                                                                                                                MD5:7FA97064B821222911AB56418DDA766F
                                                                                                                                                                                                SHA1:94B700B2700768C350F9CF99C8D56AD06A4AB72C
                                                                                                                                                                                                SHA-256:D4AFC650BE1E06A0F046BEA8E40FE8BA9ADE737F4C04551A47A047F00A0B44A3
                                                                                                                                                                                                SHA-512:24B5811619B784100F353B388210D6FB50A24FD1CCD9323DD2DA06456FD3C7FCACC82F5245B7BC7AA51A2316EDEEDC42E495D6B8BB2C5ED2A4DBDC6EE25AE25C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................{................................................j.......g...H......H.......H........n.....H.......Rich...........PE..d...G..c.........." .........4...............................................P....../X....`.........................................p4.......5..........8}.......'......h(...@..0......p...................@...(...@................................................text...H........................... ..`.rdata..4C.......D..................@..@.data....<...P...(..................@....pdata...'.......(...V..............@..@.rsrc...8}.......~...~..............@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12963
                                                                                                                                                                                                Entropy (8bit):7.925718429173417
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:vow0jei22S1Q6TDcRT/OMsv+9erSN3WJvf3ef9:v1li22bxR7Omsw3wf3w
                                                                                                                                                                                                MD5:7F2D19F0BD3F3D39349A070A9CFAC515
                                                                                                                                                                                                SHA1:C54BD1C6293CB645C272EB8DEB8379AC15A131FC
                                                                                                                                                                                                SHA-256:38E98FD13D730A17F500A23FD57D6625CC1A84F2A198B25528BC943AAEE71DEC
                                                                                                                                                                                                SHA-512:544D10F78071DD19C89CDC5A12ABB7082FC2B2D2192CACD90C9D52EC8A2130163D778A234656837010E5AE47DD06AC16E9D47BB49131B4FAE1A728364B23FF9B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..-.....qG[V................resources.pri.YKo.U.>..#q.<.BB...Z.p&....i...".)E]@..Il.z\)b..._@b..`..%.,Y.`.uV.E.P7.;g<..=c%.....;.w...s....i...A$Qu..@0.h...... T.f..<l=..u,3..*.s`.?.....U.j7,...?....wl...F9...J.....k.v#.N.)./...K...l<..D<.....MA...........|?.........'...l<.k.^.#...?&.4..W.../.....{..Z ..h....H......D2L..0...N...M.`y.,l...[.-..&l...{.F.('..]...Z..g.*...W...}..\^.*b\...x......I..Q.K&w.Y...Z....s...h... .).^...7..j......U^....X...iX...M.t."........;..&0F.X..L.?..34.u...$F...y.<....(.A....|.....}................S1.$.M..D....S...?.q.j..,.gI../..aU..NboS.k.;..N..,..F(^.9...LX...U..r.i5l..B/#....".A......Q.w.C.vQM-....{.l.a...J..{.$7G.....?....F.H+z.LBy.....L.)W..:-...+"...1W.-8.h..[..D{...z..T..B.s.|GTq..........w....x...V....8v..V...i..>h7.h.......^..^.n9...m7...[.{.,..zSxwK..R.w..:v..=AJmn\..y..y./.B{...,>. Q.........i.u?.+....qZ.......3H.<..S.u..{Ux.y..$.I..'3Of..<.y2...).S..0Oa..<.y*.T..#..s.o..a?.~.}...........O....^..i.>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                Entropy (8bit):5.3027942884485455
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd6GyaVic4subiKFNFWZMXKmBwjxlXDhkQwYVkQwYzTpJL36YzTpJsCHDWVWx:TMHdj8iK9Wu3AzIToTrz6oTrsEKVWKQ
                                                                                                                                                                                                MD5:33F4B444448D11D1E9740FB35F5A7241
                                                                                                                                                                                                SHA1:3B94031F9A890979A111447F51B7056B3AE85ED8
                                                                                                                                                                                                SHA-256:9F57ABA99AC13C6CE2E76E29C9D11EC2BBDFD891E93E363EE77B2BE4C5A2DFFA
                                                                                                                                                                                                SHA-512:167D465162E170A84DA8E4A1D7F98D5987EAF5575DEFE3683C7B227053AEB5CE2321B1F5E8DD0A05AAF2341E61EED47E10A964C6427894008CF4C9A24789980E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <VisualElements ForegroundText="dark" BackgroundColor="#ffcc00" ShowNameOnSquare150x150Logo="on" Square150x150Logo="LogoImages\WinMergeLogo.png" Square70x70Logo="LogoImages\WinMergeLogoSmall.png"></VisualElements>..</Application>
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5942376
                                                                                                                                                                                                Entropy (8bit):6.299890332325301
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:bTjoHtA+frPbp1fMaF+1PRw5mstdq9ge6qk+LYoek5eo2wA1LScaXhTW/xIrMMHO:jo7LbHV89cJ6U67p0aa5pR+Fxk/n
                                                                                                                                                                                                MD5:4D8808EB623326E39416F884B2DF745B
                                                                                                                                                                                                SHA1:18E1ADF7FDCA89EC61658053EC30A43A932846DF
                                                                                                                                                                                                SHA-256:5F5662E7931C7FBE47EDC151D82786A77EF6BDC89E2D1841074E52624EFD03B9
                                                                                                                                                                                                SHA-512:91679935F1B83C2011E3E7BD0D915E61B39B3BFC0CFA48803F2A4E97B3D20C4A002B8E06E352B0C4831BDA0670794C8034BA0393CCFF3FC571D717B651DA2D1F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z...z...z...nt..l...nt..y...su.{...1......1...{...s..k...s..s...s.....1...x...1...k...1...T...1...e...z......nt..R..ntw.{...z...{...nt..{...Richz...........................PE..d......f.........."....(../..>+......."........@..............................[......#[...`.................................................H.C.,.....I..r....G.p9....Z.h(...`Z.|...0B=.8....................D=.(... .2.@.............0.X.....C......................text...../......./................. ..`.rdata..n.....0......./.............@..@.data.........C.......C.............@....pdata..p9....G..:....F.............@..@.didat........I.......H.............@....rsrc....r....I..t....H.............@..@.reloc..|....`Z......lY.............@..B................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with very long lines (755), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1487
                                                                                                                                                                                                Entropy (8bit):5.127789429693583
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ECUnezobbOOrYFTVJYrYFTzL6pfBTPZ90432smEOkus8WROL32s3yxtTfy13tT+u:EhOOrYJkrYJzIpPD0432sBG32s3Etm1J
                                                                                                                                                                                                MD5:9C0B1BF4EDDE006A1555AD00FD3FE284
                                                                                                                                                                                                SHA1:7407F5BB872A885E6661CE446BAEFCAABB2FF0B7
                                                                                                                                                                                                SHA-256:91C29D20C6B25189282AADBED84B966FFA15D43DF08F6E49C0219759AC41D6D0
                                                                                                                                                                                                SHA-512:107C3DFC9ADDC7DE0014EBF706EA400095E3F936139FC67C944F1B73BB2C68E5885886BC832C5C64D22D1F01853F759A3BD98155363BA3C5605E761FE879CB85
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:BSD License....Copyright 2022 Takashi Sawanaka....Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:....1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIG
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):860
                                                                                                                                                                                                Entropy (8bit):4.902937000591333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ThCV0SpcI8wr7yAIfSygoIOkHuaAPTbVLoex:ThkiI8wrunKytEH+Vfx
                                                                                                                                                                                                MD5:D5B7BAC1AE57582869ECF8B1F3243D8C
                                                                                                                                                                                                SHA1:A58DDA665AC087FA825BDA1FCEA44E34DAA2D196
                                                                                                                                                                                                SHA-256:FB7FA14CFDFD4BD21D64358765CD79DA2B404B44D49FA1C6B3BEC2242714EE18
                                                                                                                                                                                                SHA-512:A07863830A5958489E582FF9647C2ADFC2603AE97E2EE576E37AAC8D3853D5CDD41D652CD152909EF8AE5560C30F7E2DF1BEFF31320A05C72BB21614CFDDD279
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:/*.. * LibXDiff by Davide Libenzi ( File Differential Library ).. * Copyright (C) 2003 Davide Libenzi.. *.. * This library is free software; you can redistribute it and/or.. * modify it under the terms of the GNU Lesser General Public.. * License as published by the Free Software Foundation; either.. * version 2.1 of the License, or (at your option) any later version... *.. * This library is distributed in the hope that it will be useful,.. * but WITHOUT ANY WARRANTY; without even the implied warranty of.. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.. * Lesser General Public License for more details... *.. * You should have received a copy of the GNU Lesser General Public.. * License along with this library; if not, see.. * <http://www.gnu.org/licenses/>... *.. * Davide Libenzi <davidel@xmailserver.org>.. */..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):670
                                                                                                                                                                                                Entropy (8bit):4.884035919764548
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:wtVJ2jsmsenXezxIbMFuTw7MqL+TU0E+mbo5rHr1knd7FQ+psEP:wtVJo9nMxIbHvqoU0E+1Hr1k11psEP
                                                                                                                                                                                                MD5:45012EF845556A24C0B4DDD3B7F54A05
                                                                                                                                                                                                SHA1:317D02B655E4C5E0E36A98D7C1E172CC4D4D62FC
                                                                                                                                                                                                SHA-256:189C31AF9A4039BC88E2136808E05184DD6BC1FE4C6220E1E0E9CBCBCC1C7147
                                                                                                                                                                                                SHA-512:8DC210FC2A04BB6EC0BC0B89D60290AF10337B22DA4596BEE9A4DE4EDE39BE3F134FE5085D0F1493EFA37AEEC15B786363213E78F111DA6EFC501A331824980D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Tencent is pleased to support the open source community by making RapidJSON available.....Copyright (C) 2015 THL A29 Limited, a Tencent company, and Milo Yip.....Licensed under the MIT License (the "License"); you may not use this file except..in compliance with the License. You may obtain a copy of the License at....http://opensource.org/licenses/MIT....Unless required by applicable law or agreed to in writing, software distributed ..under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR ..CONDITIONS OF ANY KIND, either express or implied. See the License for the ..specific language governing permissions and limitations under the License...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1513
                                                                                                                                                                                                Entropy (8bit):5.136012912152702
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:SDQ3Unz/+bO3rYFT7+JrrYFTkL3DocKBTO9ws43z5Ezku+KWROm3zMyxWTfyJC3q:SDyO3rYJErYJkLDocu87439x3wEWmJC6
                                                                                                                                                                                                MD5:CC79FE00ADA185A51D411C9F952EA4E0
                                                                                                                                                                                                SHA1:05B7C80D0D0AF5295502A1765A6C45A0D42B9F70
                                                                                                                                                                                                SHA-256:24DEADEA987F1C7682753A8CEF4E70BDE8A13CC65684E06CAB9A965469362075
                                                                                                                                                                                                SHA-512:E863E26952F87942B104C513175A981B3DFC935D7CC7F4413810014F6CB4971B84DF0335B0B312AD8FA6F8058A13856204658C89C74CF207951068F6A455B4C3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (C) Microsoft Corporation. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:.... * Redistributions of source code must retain the above copyright..notice, this list of conditions and the following disclaimer... * Redistributions in binary form must reproduce the above..copyright notice, this list of conditions and the following disclaimer..in the documentation and/or other materials provided with the..distribution... * The name of Microsoft Corporation, or the names of its contributors ..may not be used to endorse or promote products derived from this..software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR..A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO E
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1183
                                                                                                                                                                                                Entropy (8bit):4.970653488973928
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:rbDQjrTJHjwH0ydO3gtzL001hzlY9QHbsUv45xHOk4/+M/3oqqFT:rbDYnJclEE/4QHbs55P6/3oDFT
                                                                                                                                                                                                MD5:27E94C0280987AB296B0B8DD02AB9FE5
                                                                                                                                                                                                SHA1:FC3DEFDB0EC07BABC6FA8696113812C5A4CCD74A
                                                                                                                                                                                                SHA-256:DEA9265341829002E2C23A7372393EB2ED6E26085FB623F38A4BA0AF833F30A6
                                                                                                                                                                                                SHA-512:380D4D2A2C7FAAB2B1C5F462B1509B1A65FBD1D3EA8EC467F3C3C57C1A034734AD6988E8F3432D6569FCBC33A76A5A7C2D4E0C2CF2419EA085ABF3BFE7759DFF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: MIT License.... Copyright (c) Microsoft Corporation. All rights reserved..... Permission is hereby granted, free of charge, to any person obtaining a copy.. of this software and associated documentation files (the "Software"), to deal.. in the Software without restriction, including without limitation the rights.. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.. copies of the Software, and to permit persons to whom the Software is.. furnished to do so, subject to the following conditions:.... The above copyright notice and this permission notice shall be included in all.. copies or substantial portions of the Software..... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHE
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):668776
                                                                                                                                                                                                Entropy (8bit):6.328514867434423
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:rvnq5biv9syEtOrklL2vcmY6+9san1ZfA6bnbgbdbUmb4oVtGTAc3Up/eUvuOssP:rvnq5ucx2vnY60Dn8
                                                                                                                                                                                                MD5:F3A37578A408E3EE7F623BE01E269B00
                                                                                                                                                                                                SHA1:6AE747FEE9E23F57A8F4C420B5018ED7122D949E
                                                                                                                                                                                                SHA-256:E98DF6AC7157C70A57C2E641268FF5BA512CE8FE852B4CAAC733F078A22EA33A
                                                                                                                                                                                                SHA-512:466C35C8AD51EFA57389716643B72C156F503171CBFF36D855A990ACA5850C509BB7BCD7AC43BFEF1A5931582ED96F08E22976B2D0F95C94000FFD713C58B8D4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}D..*...*...*..d/.(.*.......*...)...*.../...*..d)...*..d....*..d+...*...+.T.*...*...*..#...*..*...*.....*.......*..(...*.Rich..*.................PE..d....b.e.........." ...&.*...................................................P......>#....`..........................................G......LH...............P...D......h(...@......T1..p....................3..(....S..@............@..p....E..@....................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......L..............@....pdata...D...P...F...(..............@..@_RDATA...............n..............@..@.rsrc................p..............@..@.reloc.......@......................@..B................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):670
                                                                                                                                                                                                Entropy (8bit):4.884035919764548
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:wtVJ2jsmsenXezxIbMFuTw7MqL+TU0E+mbo5rHr1knd7FQ+psEP:wtVJo9nMxIbHvqoU0E+1Hr1k11psEP
                                                                                                                                                                                                MD5:45012EF845556A24C0B4DDD3B7F54A05
                                                                                                                                                                                                SHA1:317D02B655E4C5E0E36A98D7C1E172CC4D4D62FC
                                                                                                                                                                                                SHA-256:189C31AF9A4039BC88E2136808E05184DD6BC1FE4C6220E1E0E9CBCBCC1C7147
                                                                                                                                                                                                SHA-512:8DC210FC2A04BB6EC0BC0B89D60290AF10337B22DA4596BEE9A4DE4EDE39BE3F134FE5085D0F1493EFA37AEEC15B786363213E78F111DA6EFC501A331824980D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Tencent is pleased to support the open source community by making RapidJSON available.....Copyright (C) 2015 THL A29 Limited, a Tencent company, and Milo Yip.....Licensed under the MIT License (the "License"); you may not use this file except..in compliance with the License. You may obtain a copy of the License at....http://opensource.org/licenses/MIT....Unless required by applicable law or agreed to in writing, software distributed ..under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR ..CONDITIONS OF ANY KIND, either express or implied. See the License for the ..specific language governing permissions and limitations under the License...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1183
                                                                                                                                                                                                Entropy (8bit):4.970653488973928
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:rbDQjrTJHjwH0ydO3gtzL001hzlY9QHbsUv45xHOk4/+M/3oqqFT:rbDYnJclEE/4QHbs55P6/3oDFT
                                                                                                                                                                                                MD5:27E94C0280987AB296B0B8DD02AB9FE5
                                                                                                                                                                                                SHA1:FC3DEFDB0EC07BABC6FA8696113812C5A4CCD74A
                                                                                                                                                                                                SHA-256:DEA9265341829002E2C23A7372393EB2ED6E26085FB623F38A4BA0AF833F30A6
                                                                                                                                                                                                SHA-512:380D4D2A2C7FAAB2B1C5F462B1509B1A65FBD1D3EA8EC467F3C3C57C1A034734AD6988E8F3432D6569FCBC33A76A5A7C2D4E0C2CF2419EA085ABF3BFE7759DFF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: MIT License.... Copyright (c) Microsoft Corporation. All rights reserved..... Permission is hereby granted, free of charge, to any person obtaining a copy.. of this software and associated documentation files (the "Software"), to deal.. in the Software without restriction, including without limitation the rights.. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.. copies of the Software, and to permit persons to whom the Software is.. furnished to do so, subject to the following conditions:.... The above copyright notice and this permission notice shall be included in all.. copies or substantial portions of the Software..... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHE
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):860
                                                                                                                                                                                                Entropy (8bit):4.902937000591333
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ThCV0SpcI8wr7yAIfSygoIOkHuaAPTbVLoex:ThkiI8wrunKytEH+Vfx
                                                                                                                                                                                                MD5:D5B7BAC1AE57582869ECF8B1F3243D8C
                                                                                                                                                                                                SHA1:A58DDA665AC087FA825BDA1FCEA44E34DAA2D196
                                                                                                                                                                                                SHA-256:FB7FA14CFDFD4BD21D64358765CD79DA2B404B44D49FA1C6B3BEC2242714EE18
                                                                                                                                                                                                SHA-512:A07863830A5958489E582FF9647C2ADFC2603AE97E2EE576E37AAC8D3853D5CDD41D652CD152909EF8AE5560C30F7E2DF1BEFF31320A05C72BB21614CFDDD279
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:/*.. * LibXDiff by Davide Libenzi ( File Differential Library ).. * Copyright (C) 2003 Davide Libenzi.. *.. * This library is free software; you can redistribute it and/or.. * modify it under the terms of the GNU Lesser General Public.. * License as published by the Free Software Foundation; either.. * version 2.1 of the License, or (at your option) any later version... *.. * This library is distributed in the hope that it will be useful,.. * but WITHOUT ANY WARRANTY; without even the implied warranty of.. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU.. * Lesser General Public License for more details... *.. * You should have received a copy of the GNU Lesser General Public.. * License along with this library; if not, see.. * <http://www.gnu.org/licenses/>... *.. * Davide Libenzi <davidel@xmailserver.org>.. */..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1513
                                                                                                                                                                                                Entropy (8bit):5.136012912152702
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:SDQ3Unz/+bO3rYFT7+JrrYFTkL3DocKBTO9ws43z5Ezku+KWROm3zMyxWTfyJC3q:SDyO3rYJErYJkLDocu87439x3wEWmJC6
                                                                                                                                                                                                MD5:CC79FE00ADA185A51D411C9F952EA4E0
                                                                                                                                                                                                SHA1:05B7C80D0D0AF5295502A1765A6C45A0D42B9F70
                                                                                                                                                                                                SHA-256:24DEADEA987F1C7682753A8CEF4E70BDE8A13CC65684E06CAB9A965469362075
                                                                                                                                                                                                SHA-512:E863E26952F87942B104C513175A981B3DFC935D7CC7F4413810014F6CB4971B84DF0335B0B312AD8FA6F8058A13856204658C89C74CF207951068F6A455B4C3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (C) Microsoft Corporation. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:.... * Redistributions of source code must retain the above copyright..notice, this list of conditions and the following disclaimer... * Redistributions in binary form must reproduce the above..copyright notice, this list of conditions and the following disclaimer..in the documentation and/or other materials provided with the..distribution... * The name of Microsoft Corporation, or the names of its contributors ..may not be used to endorse or promote products derived from this..software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR..A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO E
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:ASCII text, with very long lines (755), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1487
                                                                                                                                                                                                Entropy (8bit):5.127789429693583
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ECUnezobbOOrYFTVJYrYFTzL6pfBTPZ90432smEOkus8WROL32s3yxtTfy13tT+u:EhOOrYJkrYJzIpPD0432sBG32s3Etm1J
                                                                                                                                                                                                MD5:9C0B1BF4EDDE006A1555AD00FD3FE284
                                                                                                                                                                                                SHA1:7407F5BB872A885E6661CE446BAEFCAABB2FF0B7
                                                                                                                                                                                                SHA-256:91C29D20C6B25189282AADBED84B966FFA15D43DF08F6E49C0219759AC41D6D0
                                                                                                                                                                                                SHA-512:107C3DFC9ADDC7DE0014EBF706EA400095E3F936139FC67C944F1B73BB2C68E5885886BC832C5C64D22D1F01853F759A3BD98155363BA3C5605E761FE879CB85
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:BSD License....Copyright 2022 Takashi Sawanaka....Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:....1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIG
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):668776
                                                                                                                                                                                                Entropy (8bit):6.328514867434423
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:rvnq5biv9syEtOrklL2vcmY6+9san1ZfA6bnbgbdbUmb4oVtGTAc3Up/eUvuOssP:rvnq5ucx2vnY60Dn8
                                                                                                                                                                                                MD5:F3A37578A408E3EE7F623BE01E269B00
                                                                                                                                                                                                SHA1:6AE747FEE9E23F57A8F4C420B5018ED7122D949E
                                                                                                                                                                                                SHA-256:E98DF6AC7157C70A57C2E641268FF5BA512CE8FE852B4CAAC733F078A22EA33A
                                                                                                                                                                                                SHA-512:466C35C8AD51EFA57389716643B72C156F503171CBFF36D855A990ACA5850C509BB7BCD7AC43BFEF1A5931582ED96F08E22976B2D0F95C94000FFD713C58B8D4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}D..*...*...*..d/.(.*.......*...)...*.../...*..d)...*..d....*..d+...*...+.T.*...*...*..#...*..*...*.....*.......*..(...*.Rich..*.................PE..d....b.e.........." ...&.*...................................................P......>#....`..........................................G......LH...............P...D......h(...@......T1..p....................3..(....S..@............@..p....E..@....................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......L..............@....pdata...D...P...F...(..............@..@_RDATA...............n..............@..@.rsrc................p..............@..@.reloc.......@......................@..B................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):9087
                                                                                                                                                                                                Entropy (8bit):5.294161224264135
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:pk+y285bYzFCBShKc2cW6tMzG1im8ZOwy2q4CONE6XG:q+mMBhKc2G/8ZOwyN4CONVG
                                                                                                                                                                                                MD5:194C2FD9CF27231E588579683344DC09
                                                                                                                                                                                                SHA1:8F2A75989268609F0F41B6DFB1932E44120921D9
                                                                                                                                                                                                SHA-256:6A29845E6AFAFEF5252F8FE58CA07708620260FD71B3FBB36AD58651DCFA4BEB
                                                                                                                                                                                                SHA-512:C6C1138843585BCD9A990E20887C752D38B6A9F5B51EFB0A995B23AF79097694B6D4AC1D81052979A41A427A73B333CBEED113175B7A80AF194611B7A41B8232
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..People who have contributed to WinMerge..---------------------------------------....Original developer, project admin:..* Dean Grimm <grimmdp@yahoo.com>....Project lead:..* Christian List <list1974@hotmail.com>....Developers:..* Denis Bradford <denisbradford@users.sourceforge.net>..* Tim Gerundt <tim@gerundt.de>..* Marcel Gosselin <marcelgosselin@users.sourceforge.net>..* Gal Hammer <galh@users.sourceforge.net>..* Takashi Sawanaka <sdottaka@users.sourceforge.net>..* Alexander Skinner (Graphic Design) <neonapple@users.sourceforge.net>..* Jochen Tucht <jtuc@users.sourceforge.net>....Inactive/past developers:..* Laurent Ganier..* Dennis Limm..* Chris Mumford..* Perry Rapp..* Christian "Seier" Blackburn (Installer)..* Kimmo Varis <kimmov@winmerge.org>....Localization:..* Arabic:.. Downzen team <https://downzen.com>....* Basque:.. Xabier Aramendi <Azpidatziak@gmail.com> ....* Bulgarian:.. Sld <sld|mail.bg>.. tigertron <ivg_18@yahoo.com>.. Yanko Yankov <yankonik70 at hotmail.com>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5942376
                                                                                                                                                                                                Entropy (8bit):6.299890332325301
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:bTjoHtA+frPbp1fMaF+1PRw5mstdq9ge6qk+LYoek5eo2wA1LScaXhTW/xIrMMHO:jo7LbHV89cJ6U67p0aa5pR+Fxk/n
                                                                                                                                                                                                MD5:4D8808EB623326E39416F884B2DF745B
                                                                                                                                                                                                SHA1:18E1ADF7FDCA89EC61658053EC30A43A932846DF
                                                                                                                                                                                                SHA-256:5F5662E7931C7FBE47EDC151D82786A77EF6BDC89E2D1841074E52624EFD03B9
                                                                                                                                                                                                SHA-512:91679935F1B83C2011E3E7BD0D915E61B39B3BFC0CFA48803F2A4E97B3D20C4A002B8E06E352B0C4831BDA0670794C8034BA0393CCFF3FC571D717B651DA2D1F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......>..z...z...z...nt..l...nt..y...su.{...1......1...{...s..k...s..s...s.....1...x...1...k...1...T...1...e...z......nt..R..ntw.{...z...{...nt..{...Richz...........................PE..d......f.........."....(../..>+......."........@..............................[......#[...`.................................................H.C.,.....I..r....G.p9....Z.h(...`Z.|...0B=.8....................D=.(... .2.@.............0.X.....C......................text...../......./................. ..`.rdata..n.....0......./.............@..@.data.........C.......C.............@....pdata..p9....G..:....F.............@..@.didat........I.......H.............@....rsrc....r....I..t....H.............@..@.reloc..|....`Z......lY.............@..B................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):231528
                                                                                                                                                                                                Entropy (8bit):6.506056630709445
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:+CZG4+tGZQSUWBCQbYdMOS4vRUmg7ZqSblN7ZqSH6ruN:+8G4+hSU0CosMOSie/6g
                                                                                                                                                                                                MD5:48F286AB3AFD0BC27E7ED7B929D6FE61
                                                                                                                                                                                                SHA1:04AFC07428E16954DB452961CB4B19F5DBD3B50A
                                                                                                                                                                                                SHA-256:775F3855AFA14F54AB9DB1C2587C4B3558A65CE6F98BA818765A3A4462F96777
                                                                                                                                                                                                SHA-512:C422CB6EF070D9A5C92CBBBD95C2B8F1E8E619BCCD6B30F4CD041A9CE071ECE937CDCD1F7F0722803ABDBD17B8DBAB5900BD7419FA278FBDFFE27D30D04230E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......r..@6...6...6.....O.;.....M.......L./...d..$...d..$...d......?.=.0...?.-.'...6..........1......7.....A.7...6.).7......7...Rich6...........................PE..L.../..c...........!.........h......................................................A.....@.................................l...........x............`..h(...p...... ...............................@...@...............8............................text...i........................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):340072
                                                                                                                                                                                                Entropy (8bit):6.236429451655527
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:uqI8aJqnYpaopav9rANh4iH/2mehHD09g7ZqSblN7ZqSeuWG:1I8ayYaooav4ifSw9eGG
                                                                                                                                                                                                MD5:7FA97064B821222911AB56418DDA766F
                                                                                                                                                                                                SHA1:94B700B2700768C350F9CF99C8D56AD06A4AB72C
                                                                                                                                                                                                SHA-256:D4AFC650BE1E06A0F046BEA8E40FE8BA9ADE737F4C04551A47A047F00A0B44A3
                                                                                                                                                                                                SHA-512:24B5811619B784100F353B388210D6FB50A24FD1CCD9323DD2DA06456FD3C7FCACC82F5245B7BC7AA51A2316EDEEDC42E495D6B8BB2C5ED2A4DBDC6EE25AE25C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................{................................................j.......g...H......H.......H........n.....H.......Rich...........PE..d...G..c.........." .........4...............................................P....../X....`.........................................p4.......5..........8}.......'......h(...@..0......p...................@...(...@................................................text...H........................... ..`.rdata..4C.......D..................@..@.data....<...P...(..................@....pdata...'.......(...V..............@..@.rsrc...8}.......~...~..............@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                Entropy (8bit):5.3027942884485455
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd6GyaVic4subiKFNFWZMXKmBwjxlXDhkQwYVkQwYzTpJL36YzTpJsCHDWVWx:TMHdj8iK9Wu3AzIToTrz6oTrsEKVWKQ
                                                                                                                                                                                                MD5:33F4B444448D11D1E9740FB35F5A7241
                                                                                                                                                                                                SHA1:3B94031F9A890979A111447F51B7056B3AE85ED8
                                                                                                                                                                                                SHA-256:9F57ABA99AC13C6CE2E76E29C9D11EC2BBDFD891E93E363EE77B2BE4C5A2DFFA
                                                                                                                                                                                                SHA-512:167D465162E170A84DA8E4A1D7F98D5987EAF5575DEFE3683C7B227053AEB5CE2321B1F5E8DD0A05AAF2341E61EED47E10A964C6427894008CF4C9A24789980E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <VisualElements ForegroundText="dark" BackgroundColor="#ffcc00" ShowNameOnSquare150x150Logo="on" Square150x150Logo="LogoImages\WinMergeLogo.png" Square70x70Logo="LogoImages\WinMergeLogoSmall.png"></VisualElements>..</Application>
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1189992
                                                                                                                                                                                                Entropy (8bit):6.415868713769688
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:WtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxytO:WqTytRFk6ek1LP
                                                                                                                                                                                                MD5:364B8FA0269A0789DCB7A9673C7757E4
                                                                                                                                                                                                SHA1:5C79E2DE33A41E75406CADD51C7B19AC46DC36D8
                                                                                                                                                                                                SHA-256:45C892CE5FD9A5A0AEDA80743C816038AEAAEB8A68B8217BDF88351E5B27B43B
                                                                                                                                                                                                SHA-512:F74ECA9DFDE0C9D90E3A0A505B7CE9A193A474881E9565281C77BBF615BC33B6228D70491C2ADC6FD7E6C2EF09E33C8B53DD7C2BD078036014655ACC584A9018
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................w.....@......@..............................@8...0..................h(................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):270952
                                                                                                                                                                                                Entropy (8bit):6.235786739473447
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:U9y9rRdn9lYRI5YN9neE1OlGqQMbWdg7ZqSblN7ZqSkulb:U9y99lYR0eoE1MhZWdeX
                                                                                                                                                                                                MD5:67DF5A575E5B257CD500BACA605EA4D1
                                                                                                                                                                                                SHA1:FD9530086765B59E852D57C48193A1D07CA2CE77
                                                                                                                                                                                                SHA-256:77D4DC3911803F369B47A8622191B77F77F8FAC6C7ED7607A6B58F1CFF454AEC
                                                                                                                                                                                                SHA-512:F8EF332CFF398E74EF9247C50EE120D1554C82545C15D617C38AED9D07E35DCC0F84A7B26506EBB09930F1AB80BE59C092142B25866A7DD320C02F50C30F201C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.r.n...n...n....z..i....z.......z..`...<...~...<...f...<...C...g...k...g...o...g.......n..........i......o......o...n..o......o...Richn...........PE..d...>..c.........." .....,...................................................0.......;....`................................................../..........x....p..........h(... ..@....................................................@...............................text....+.......,.................. ..`.rdata..:....@.......0..............@..@.data....$...@.......0..............@....pdata.......p... ...B..............@..@.rsrc...x............b..............@..@.reloc..@.... ......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12963
                                                                                                                                                                                                Entropy (8bit):7.925718429173417
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:vow0jei22S1Q6TDcRT/OMsv+9erSN3WJvf3ef9:v1li22bxR7Omsw3wf3w
                                                                                                                                                                                                MD5:7F2D19F0BD3F3D39349A070A9CFAC515
                                                                                                                                                                                                SHA1:C54BD1C6293CB645C272EB8DEB8379AC15A131FC
                                                                                                                                                                                                SHA-256:38E98FD13D730A17F500A23FD57D6625CC1A84F2A198B25528BC943AAEE71DEC
                                                                                                                                                                                                SHA-512:544D10F78071DD19C89CDC5A12ABB7082FC2B2D2192CACD90C9D52EC8A2130163D778A234656837010E5AE47DD06AC16E9D47BB49131B4FAE1A728364B23FF9B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..-.....qG[V................resources.pri.YKo.U.>..#q.<.BB...Z.p&....i...".)E]@..Il.z\)b..._@b..`..%.,Y.`.uV.E.P7.;g<..=c%.....;.w...s....i...A$Qu..@0.h...... T.f..<l=..u,3..*.s`.?.....U.j7,...?....wl...F9...J.....k.v#.N.)./...K...l<..D<.....MA...........|?.........'...l<.k.^.#...?&.4..W.../.....{..Z ..h....H......D2L..0...N...M.`y.,l...[.-..&l...{.F.('..]...Z..g.*...W...}..\^.*b\...x......I..Q.K&w.Y...Z....s...h... .).^...7..j......U^....X...iX...M.t."........;..&0F.X..L.?..34.u...$F...y.<....(.A....|.....}................S1.$.M..D....S...?.q.j..,.gI../..aU..NboS.k.;..N..,..F(^.9...LX...U..r.i5l..B/#....".A......Q.w.C.vQM-....{.l.a...J..{.$7G.....?....F.H+z.LBy.....L.)W..:-...+"...1W.-8.h..[..D{...z..T..B.s.|GTq..........w....x...V....8v..V...i..>h7.h.......^..^.n9...m7...[.{.,..zSxwK..R.w..:v..=AJmn\..y..y./.B{...,>. Q.........i.u?.+....qZ.......3H.<..S.u..{Ux.y..$.I..'3Of..<.y2...).S..0Oa..<.y*.T..#..s.o..a?.~.}...........O....^..i.>..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):122632
                                                                                                                                                                                                Entropy (8bit):6.4016593965630335
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:TOjhZA084Keuiz5xVRmX+OzFYlifJJr95fQcCVK1nlsWjcdqOCXf9yjZUhchRIM:ih2euiFfRi+Gb954VKYqRX1yj0chuM
                                                                                                                                                                                                MD5:0BF44140B929D5B80CF5F3A8FBA33767
                                                                                                                                                                                                SHA1:C8B1D80346C5B1DD9BB76A5BEE624E790BC9C5D9
                                                                                                                                                                                                SHA-256:5A520B3DE6C24FBD81A0281F7B3D3FDB97455F1D5E14880BDE423DD765A2C8B6
                                                                                                                                                                                                SHA-512:3B6D236F48E0BA55D0835E83E940C54E9B81986669C1CA1DD0D1BCC1D11F32C9DF4A2DF657B83EDF9DA09B724E0761D1245F79717571150AAEBE1BC94D3330CF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0h..^;..^;..^;...;..^;.;..^;.;..^;.;..^;..;..^;..;..^;.._;..^;...;..^;...;..^;.;..^;...;..^;...;..^;Rich..^;................PE..L....FiU............................e........0....@.......................... .......v....@............................................(...........................`2..8...........................X...@............0...............................text............................... ..`.rdata...m...0...n..................@..@.data....6..........................@....rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):154392
                                                                                                                                                                                                Entropy (8bit):6.410645671172494
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:ch1yOJV6GvMclVIWpkGX1KHgFR1xI+UvaV/IS4a6/YU8ia:ch1PVEfYxKH6RCx/4V
                                                                                                                                                                                                MD5:5712FDE78B6C327C4BCC9292FCC96453
                                                                                                                                                                                                SHA1:80FE537FCFDB3D139287F3D229DB511BFF6F487A
                                                                                                                                                                                                SHA-256:3A1B37A40F949236D15A23A124C64957C7A4A3B74C8E4BA0FD06BDF287E00D12
                                                                                                                                                                                                SHA-512:311AEA3A1BFC63B7550016385C0CF9D0BAE9F7BD12C7E71456BC5C7D80E940F1AC90824DFB63C6123947B03195DA1293D5EEBC03331E25FC952740E9F71C9DEA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...e.zUe.zUe.zU.@.Ua.zU.@.U..zU.@.Uh.zU7..Tn.zU7.~Ti.zU.@.U`.zUe.{U..zU7.yTl.zU7.sTk.zU7.zTd.zU7..Ud.zU7.xTd.zURiche.zU........................PE..d.....0].........." .....>...........d.......................................p............`.....................................................<....@....... ...........A...`..........8............................................P...............................text....<.......>.................. ..`.rdata......P.......B..............@..@.data...............................@....pdata....... ......................@..@.rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:InnoSetup Log 64-bit WinMerge, version 0x418, 61373 bytes, 609290\37\user, C:\Program Files\WinMerge\376\377\377\007
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):61373
                                                                                                                                                                                                Entropy (8bit):3.9380544214008877
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:6ir2aJjJhlUjSaZHRNhB9zLlpWNLvJdCbPIxayvf3n3hYMKhMeHxzwsi30Z/0aRw:6++tmBCbenQ6eHdwsG
                                                                                                                                                                                                MD5:840BE8706685C1345B4385B59FA765CB
                                                                                                                                                                                                SHA1:FC55F65C67EEAB3379A0EA3572043DA37B5769FE
                                                                                                                                                                                                SHA-256:9E42D65C306256EE9D547EB028A526872914CE1D20ACFD44CC63D8799E4C2F30
                                                                                                                                                                                                SHA-512:56F071DF95C560FC718400698ACCA52CB1F369E147B261CE201E9410FE3A859D360A98283DA8049B67F0007B3024BEC2DFD8B4831A9B4C6DBBCC8DC1D72E0B8B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Inno Setup Uninstall Log (b) 64-bit.............................WinMerge........................................................................................................................WinMerge....................................................................................................................................5...............................................................................................................JG..........ro.?......u........6.0.9.2.9.0......f.r.o.n.t.d.e.s.k......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e....................... .....Lc...D...IFPS........Z...........................................................................................................................................................BOOLEAN..............TNEWCHECKLISTBOX....TNEWCHECKLISTBOX.............!OPENARRAYOFCONST..................TMSGBOXTYPE.........TEXECWAIT.............TARRAYOFSTRING.........TWIZARDPAGE....TWIZARDPAGE.........TSETUPSTEP.........TUNINS
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1189992
                                                                                                                                                                                                Entropy (8bit):6.415868713769688
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:WtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxytO:WqTytRFk6ek1LP
                                                                                                                                                                                                MD5:364B8FA0269A0789DCB7A9673C7757E4
                                                                                                                                                                                                SHA1:5C79E2DE33A41E75406CADD51C7B19AC46DC36D8
                                                                                                                                                                                                SHA-256:45C892CE5FD9A5A0AEDA80743C816038AEAAEB8A68B8217BDF88351E5B27B43B
                                                                                                                                                                                                SHA-512:F74ECA9DFDE0C9D90E3A0A505B7CE9A193A474881E9565281C77BBF615BC33B6228D70491C2ADC6FD7E6C2EF09E33C8B53DD7C2BD078036014655ACC584A9018
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................w.....@......@..............................@8...0..................h(................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22665
                                                                                                                                                                                                Entropy (8bit):3.2741518410618657
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Q41EjXgkg3Sqf8sfr69FT0AKanzLYfMa1tzvoZ7Vzo+Fc51USQDz1fbKJUfWo:Q41Elvqf9r6fKVfMmUo+y1USQDzN+o
                                                                                                                                                                                                MD5:C296688D422A0D42726A63F059E66DCA
                                                                                                                                                                                                SHA1:AB9B224C4EC56B9D5A4BA2D6C88551EA0E5BCCEB
                                                                                                                                                                                                SHA-256:188BA40171BECDC1BA52F9D51C19B8BC49BAF8CE0831E42B60CC92E3E08B96FF
                                                                                                                                                                                                SHA-512:BB5FFBD5A5A9A9DD968A3C59C0E5DB31DC36C9BB4F34943F77556C26DD3D0C8D86A6078294313D6D2E74FAB73F0C3B04EF4D104179FAD3852619199BAF60F524
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Inno Setup Messages (5.5.3) (u).....................................<X.....>Z$b&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s... .A.f.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):154392
                                                                                                                                                                                                Entropy (8bit):6.410645671172494
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:ch1yOJV6GvMclVIWpkGX1KHgFR1xI+UvaV/IS4a6/YU8ia:ch1PVEfYxKH6RCx/4V
                                                                                                                                                                                                MD5:5712FDE78B6C327C4BCC9292FCC96453
                                                                                                                                                                                                SHA1:80FE537FCFDB3D139287F3D229DB511BFF6F487A
                                                                                                                                                                                                SHA-256:3A1B37A40F949236D15A23A124C64957C7A4A3B74C8E4BA0FD06BDF287E00D12
                                                                                                                                                                                                SHA-512:311AEA3A1BFC63B7550016385C0CF9D0BAE9F7BD12C7E71456BC5C7D80E940F1AC90824DFB63C6123947B03195DA1293D5EEBC03331E25FC952740E9F71C9DEA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...e.zUe.zUe.zU.@.Ua.zU.@.U..zU.@.Uh.zU7..Tn.zU7.~Ti.zU.@.U`.zUe.{U..zU7.yTl.zU7.sTk.zU7.zTd.zU7..Ud.zU7.xTd.zURiche.zU........................PE..d.....0].........." .....>...........d.......................................p............`.....................................................<....@....... ...........A...`..........8............................................P...............................text....<.......>.................. ..`.rdata......P.......B..............@..@.data...............................@....pdata....... ......................@..@.rsrc........@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 24 09:28:03 2024, mtime=Thu Oct 24 09:28:03 2024, atime=Sun Jul 28 20:00:50 2024, length=1029392, window=hide
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):974
                                                                                                                                                                                                Entropy (8bit):4.471674037722912
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:8mBcMJzcrYXbh96/RiNdpF4yECyAOPbKkX2W7c1X2SiejAvi8gbdpCcstbdpCxkY:8mg6d6bKukAvUdQdEkhYNJcNJtm
                                                                                                                                                                                                MD5:F87556D097EC14E3C65DD7068E7F423D
                                                                                                                                                                                                SHA1:C6CBD2B743E5F47A44DDD0A21DD6B66CB428F7AD
                                                                                                                                                                                                SHA-256:871D46BE17C6BA3A8A086A1F4ADF605FD1CF7E7B91D0724EBE3C0152AE148F6E
                                                                                                                                                                                                SHA-512:BA4892FC254765704B50FDC098BB1E20E02CFAB75B01BFF5ADC29C8373558A5BA408DFBE79504C6B698A2F9FF744D63291DC22ADF8617F0A3A69B6BD412005B7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:L..................F.... ...}.0h.%...a>h.%...m.91................................P.O. .:i.....+00.../C:\.....................1.....XY.S..PROGRA~1..t......O.IXY.c....B...............J.....c.V.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....XY.S..WinMerge..B......XY.SXY.c....S......................!.W.i.n.M.e.r.g.e.....N.1.....XY.S..Docs..:......XY.SXY.S....9M.....................k`.D.o.c.s.....f.2......X.. .WinMerge.chm..J......XY.SXY.S....CM........................W.i.n.M.e.r.g.e...c.h.m.......Z...............-.......Y...........sRs......C:\Program Files\WinMerge\Docs\WinMerge.chm..:.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.D.o.c.s.\.W.i.n.M.e.r.g.e...c.h.m...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.D.o.c.s.`.......X.......609290...........hT..CrF.f4... .../Tc...,......hT..CrF.f4... .../Tc...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 24 09:28:01 2024, mtime=Thu Oct 24 09:28:02 2024, atime=Sun Jul 28 20:11:38 2024, length=5942376, window=hide
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):973
                                                                                                                                                                                                Entropy (8bit):4.553007226032008
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:8mcANofd6zv+t7zAUd7vd9khINJMNJz9nm:8mc3dwoUUd7vd9koJSJ5n
                                                                                                                                                                                                MD5:263FB01AB153718FAD1D3BD6001EFD6F
                                                                                                                                                                                                SHA1:B761D66647C37E6778D6682B7123B148F1FBE58F
                                                                                                                                                                                                SHA-256:B9F2B72423102FA78000F14CAC63F6B6B45412101C88E60A550136BCE683D37D
                                                                                                                                                                                                SHA-512:093391AFBDA43C0A2FEDD57A1EBF94F1827274BDA65540025E0B8D0F004196A77663AB1300B666C49CF76E6BFC43A0BB6B1F22052D8B06594E2CD6CD0062A40C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:L..................F.... ...u.5g.%..y.g.%...a..2...h.Z.....................}....P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.IEW.>....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....XY.S..WinMerge..B......XY.SXY.S....S.....................J.(.W.i.n.M.e.r.g.e.....h.2.h.Z..Xs. .WINMER~1.EXE..L......XY.SXY.S..............................W.i.n.M.e.r.g.e.U...e.x.e.......V...............-.......U...........sRs......C:\Program Files\WinMerge\WinMergeU.exe..6.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.W.i.n.M.e.r.g.e.U...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.`.......X.......609290...........hT..CrF.f4... .../Tc...,......hT..CrF.f4... .../Tc...,.............a...1SPSU(L.y.9K....-...E............2...T.h.i.n.g.a.m.a.h.o.o.c.h.i.e...W.i.n.M.e.r.g.e.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6144
                                                                                                                                                                                                Entropy (8bit):4.720366600008286
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):1189992
                                                                                                                                                                                                Entropy (8bit):6.415868713769688
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:WtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxytO:WqTytRFk6ek1LP
                                                                                                                                                                                                MD5:364B8FA0269A0789DCB7A9673C7757E4
                                                                                                                                                                                                SHA1:5C79E2DE33A41E75406CADD51C7B19AC46DC36D8
                                                                                                                                                                                                SHA-256:45C892CE5FD9A5A0AEDA80743C816038AEAAEB8A68B8217BDF88351E5B27B43B
                                                                                                                                                                                                SHA-512:F74ECA9DFDE0C9D90E3A0A505B7CE9A193A474881E9565281C77BBF615BC33B6228D70491C2ADC6FD7E6C2EF09E33C8B53DD7C2BD078036014655ACC584A9018
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................w.....@......@..............................@8...0..................h(................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................
                                                                                                                                                                                                Process:C:\Program Files\WinMerge\WinMergeU.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3446
                                                                                                                                                                                                Entropy (8bit):3.137666914945143
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:k8dDUocd7kEwkoJSJhzJLy8dDUjd7kEwkoJSJh1JD1:RW3w4dk3w4d
                                                                                                                                                                                                MD5:8E50E35D26AF49C6D754CDF78BDB20A8
                                                                                                                                                                                                SHA1:C786422D0149C9EB65C8ED584BD155234C22E560
                                                                                                                                                                                                SHA-256:B8E2468425E986D8DA3E18EB3C1A2DBD84A7ACCB188CF0F552D82B8D73E050C6
                                                                                                                                                                                                SHA-512:FCF45F46BA543C3A8B003654E86F0CA7C52D9C0A4F389260A3FB5A62F2456C63ECCFD665ADDA57E780AC4281C42AFF634F6E2EED9B1022ABE980E59DD924B5F2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...................................FL..................F.@.. ...u.5g.%...<...&...a..2...h.Z.....................}....P.O. .:i.....+00.../C:\.....................1.....XY.S..PROGRA~1..t......O.IXY.c....B...............J.....c.V.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....XY.c..WinMerge..B......XY.SXY.c....S......................Y..W.i.n.M.e.r.g.e.....h.2.h.Z..Xs. .WINMER~1.EXE..L......XY.SXY.c..............................W.i.n.M.e.r.g.e.U...e.x.e.......V...............-.......U...........sRs......C:\Program Files\WinMerge\WinMergeU.exe..../.n.e.w. ./.t. .t.e.x.t.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.W.i.n.M.e.r.g.e.U...e.x.e.........%ProgramFiles%\WinMerge\WinMergeU.exe...............................................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.%.\.W.i.n.M.e.r.g.e
                                                                                                                                                                                                Process:C:\Program Files\WinMerge\WinMergeU.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3446
                                                                                                                                                                                                Entropy (8bit):3.137666914945143
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:k8dDUocd7kEwkoJSJhzJLy8dDUjd7kEwkoJSJh1JD1:RW3w4dk3w4d
                                                                                                                                                                                                MD5:8E50E35D26AF49C6D754CDF78BDB20A8
                                                                                                                                                                                                SHA1:C786422D0149C9EB65C8ED584BD155234C22E560
                                                                                                                                                                                                SHA-256:B8E2468425E986D8DA3E18EB3C1A2DBD84A7ACCB188CF0F552D82B8D73E050C6
                                                                                                                                                                                                SHA-512:FCF45F46BA543C3A8B003654E86F0CA7C52D9C0A4F389260A3FB5A62F2456C63ECCFD665ADDA57E780AC4281C42AFF634F6E2EED9B1022ABE980E59DD924B5F2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...................................FL..................F.@.. ...u.5g.%...<...&...a..2...h.Z.....................}....P.O. .:i.....+00.../C:\.....................1.....XY.S..PROGRA~1..t......O.IXY.c....B...............J.....c.V.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1.....XY.c..WinMerge..B......XY.SXY.c....S......................Y..W.i.n.M.e.r.g.e.....h.2.h.Z..Xs. .WINMER~1.EXE..L......XY.SXY.c..............................W.i.n.M.e.r.g.e.U...e.x.e.......V...............-.......U...........sRs......C:\Program Files\WinMerge\WinMergeU.exe..../.n.e.w. ./.t. .t.e.x.t.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.M.e.r.g.e.\.W.i.n.M.e.r.g.e.U...e.x.e.........%ProgramFiles%\WinMerge\WinMergeU.exe...............................................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.%.\.W.i.n.M.e.r.g.e
                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Entropy (8bit):7.99789886212631
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                File size:9'992'352 bytes
                                                                                                                                                                                                MD5:694814dfeb6bc886adc91431fa3710f8
                                                                                                                                                                                                SHA1:d4eed6294c367837aa5ad810a79dd807ed2178b5
                                                                                                                                                                                                SHA256:5771f2a0553f53684b0e74161ed8749c4dda270f166edac253982366aee39bd3
                                                                                                                                                                                                SHA512:afaec9e57f3bfed046338bd1c8b0c7d02552cd6ae7cc6faa488121e3352be3573c010a689b72b375edce4036835ea54aac86eb3c6fde53b446e7a662e1a0eebc
                                                                                                                                                                                                SSDEEP:196608:rgsoqq57w8HRfZSpllW4rTpQILLzCkpbPUGByI:MqqBwAp0Ll9SILLzCqfyI
                                                                                                                                                                                                TLSH:74A63380F3CB2934F1154736E090C096AFB3B6B674D1549B3E31CA9D9BBA6C184B57B2
                                                                                                                                                                                                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                                                                                                                                                                Icon Hash:2d2e3797b32b2b99
                                                                                                                                                                                                Entrypoint:0x4117dc
                                                                                                                                                                                                Entrypoint Section:.itext
                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                Time Stamp:0x57051F88 [Wed Apr 6 14:39:04 2016 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                Import Hash:20dd26497880c05caed9305b3c8b9109
                                                                                                                                                                                                Signature Valid:true
                                                                                                                                                                                                Signature Issuer:CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
                                                                                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                Error Number:0
                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                • 10/09/2021 08:15:06 09/09/2024 08:15:05
                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                • E=winmergejp@gmail.com, CN=Takashi Sawanaka, O=Takashi Sawanaka, S=Chiba, C=JP
                                                                                                                                                                                                Version:3
                                                                                                                                                                                                Thumbprint MD5:89B9A22FCEFF02CB4A8B9AECF1E046CF
                                                                                                                                                                                                Thumbprint SHA-1:5CB97E5B154D62641F5C1EB94172EBCC5807D1FF
                                                                                                                                                                                                Thumbprint SHA-256:7C6186C5B702D2D1466A30BE206B464D596DFE03728CC416DEC871E560228F74
                                                                                                                                                                                                Serial:7CC6C06DAC2E59D843F5FD2A3761F340
                                                                                                                                                                                                Instruction
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                add esp, FFFFFFA4h
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                push esi
                                                                                                                                                                                                push edi
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                mov eax, 00410144h
                                                                                                                                                                                                call 00007F723CF2AEFDh
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                push 00411EBEh
                                                                                                                                                                                                push dword ptr fs:[eax]
                                                                                                                                                                                                mov dword ptr fs:[eax], esp
                                                                                                                                                                                                xor edx, edx
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                push 00411E7Ah
                                                                                                                                                                                                push dword ptr fs:[edx]
                                                                                                                                                                                                mov dword ptr fs:[edx], esp
                                                                                                                                                                                                mov eax, dword ptr [00415B48h]
                                                                                                                                                                                                call 00007F723CF33643h
                                                                                                                                                                                                call 00007F723CF33192h
                                                                                                                                                                                                cmp byte ptr [00412ADCh], 00000000h
                                                                                                                                                                                                je 00007F723CF3613Eh
                                                                                                                                                                                                call 00007F723CF33758h
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                call 00007F723CF28F95h
                                                                                                                                                                                                lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                call 00007F723CF301DBh
                                                                                                                                                                                                mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                mov eax, 00418658h
                                                                                                                                                                                                call 00007F723CF2956Ah
                                                                                                                                                                                                push 00000002h
                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                push 00000001h
                                                                                                                                                                                                mov ecx, dword ptr [00418658h]
                                                                                                                                                                                                mov dl, 01h
                                                                                                                                                                                                mov eax, dword ptr [0040C04Ch]
                                                                                                                                                                                                call 00007F723CF30AF2h
                                                                                                                                                                                                mov dword ptr [0041865Ch], eax
                                                                                                                                                                                                xor edx, edx
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                push 00411E26h
                                                                                                                                                                                                push dword ptr fs:[edx]
                                                                                                                                                                                                mov dword ptr fs:[edx], esp
                                                                                                                                                                                                call 00007F723CF336B6h
                                                                                                                                                                                                mov dword ptr [00418664h], eax
                                                                                                                                                                                                mov eax, dword ptr [00418664h]
                                                                                                                                                                                                cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                jne 00007F723CF3617Ah
                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x190000xe04.idata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c0000xb200.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x9850380x2868
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x1b0000x18.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x193040x214.idata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x10000xf2440xf400a33e9ff7181115027d121cd377c28c8fFalse0.5481717469262295data6.3752135040515485IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .itext0x110000xf640x1000caec456c18277b579a94c9508daf36ecFalse0.55859375data5.732200666157372IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .data0x120000xc880xe00746954890499546d73dce0e994642192False0.2533482142857143data2.2967209087898324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .bss0x130000x56bc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .idata0x190000xe040x1000e9b9c0328fd9628ad4d6ab8283dcb20eFalse0.321533203125data4.597812557707959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .tls0x1a0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .rdata0x1b0000x180x2003dffc444ccc131c9dcee18db49ee6403False0.05078125data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rsrc0x1c0000xb2000xb200c7e04a9e8349d31e73af26797deb91e9False0.179906952247191data4.148040484708059IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                RT_ICON0x1c41c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                                                                                                                                RT_ICON0x1c5440x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                                                                                                                                RT_ICON0x1caac0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                                                                                                                                RT_ICON0x1cd940x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                                                                                                                                RT_STRING0x1d63c0x68data0.6538461538461539
                                                                                                                                                                                                RT_STRING0x1d6a40xd4data0.5283018867924528
                                                                                                                                                                                                RT_STRING0x1d7780xa4data0.6524390243902439
                                                                                                                                                                                                RT_STRING0x1d81c0x2acdata0.45614035087719296
                                                                                                                                                                                                RT_STRING0x1dac80x34cdata0.4218009478672986
                                                                                                                                                                                                RT_STRING0x1de140x294data0.4106060606060606
                                                                                                                                                                                                RT_RCDATA0x1e0a80x82e8dataEnglishUnited States0.11261637622344235
                                                                                                                                                                                                RT_RCDATA0x263900x10data1.5
                                                                                                                                                                                                RT_RCDATA0x263a00x150data0.8392857142857143
                                                                                                                                                                                                RT_RCDATA0x264f00x2cdata1.2045454545454546
                                                                                                                                                                                                RT_GROUP_ICON0x2651c0x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                                                                RT_VERSION0x2655c0x4f4dataEnglishUnited States0.333596214511041
                                                                                                                                                                                                RT_MANIFEST0x26a500x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924
                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                                                advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                                                                                                user32.dllGetKeyboardType, LoadStringW, MessageBoxA, CharNextW
                                                                                                                                                                                                kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
                                                                                                                                                                                                kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
                                                                                                                                                                                                user32.dllCreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
                                                                                                                                                                                                kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
                                                                                                                                                                                                advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
                                                                                                                                                                                                comctl32.dllInitCommonControls
                                                                                                                                                                                                kernel32.dllSleep
                                                                                                                                                                                                advapi32.dllAdjustTokenPrivileges
                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                DutchNetherlands
                                                                                                                                                                                                EnglishUnited States
                                                                                                                                                                                                No network behavior found

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:06:27:43
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:9'992'352 bytes
                                                                                                                                                                                                MD5 hash:694814DFEB6BC886ADC91431FA3710F8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                Start time:06:27:43
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user~1\AppData\Local\Temp\is-UAN49.tmp\WinMerge-2.16.42.1-x64-Setup.tmp" /SL5="$1045C,9350605,121344,C:\Users\user\Desktop\WinMerge-2.16.42.1-x64-Setup.exe"
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:1'189'992 bytes
                                                                                                                                                                                                MD5 hash:364B8FA0269A0789DCB7A9673C7757E4
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 4%, ReversingLabs
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                Start time:08:24:33
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"
                                                                                                                                                                                                Imagebase:0x7ff6cbcd0000
                                                                                                                                                                                                File size:25'088 bytes
                                                                                                                                                                                                MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                Start time:08:24:33
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServer
                                                                                                                                                                                                Imagebase:0x360000
                                                                                                                                                                                                File size:122'632 bytes
                                                                                                                                                                                                MD5 hash:0BF44140B929D5B80CF5F3A8FBA33767
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                Start time:08:24:34
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Program Files\WinMerge\WinMergeU.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097
                                                                                                                                                                                                Imagebase:0x7ff673b00000
                                                                                                                                                                                                File size:5'942'376 bytes
                                                                                                                                                                                                MD5 hash:4D8808EB623326E39416F884B2DF745B
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                Start time:08:24:39
                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                Path:C:\Program Files\WinMerge\WinMergeU.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Program Files\WinMerge\WinMergeU.exe"
                                                                                                                                                                                                Imagebase:0x7ff673b00000
                                                                                                                                                                                                File size:5'942'376 bytes
                                                                                                                                                                                                MD5 hash:4D8808EB623326E39416F884B2DF745B
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:6.6%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:6.8%
                                                                                                                                                                                                  Total number of Nodes:1952
                                                                                                                                                                                                  Total number of Limit Nodes:100
                                                                                                                                                                                                  execution_graph 9458 36ec25 9459 36ec31 _doexit 9458->9459 9460 36ec68 _doexit 9459->9460 9461 36b996 __lock 59 API calls 9459->9461 9462 36ec45 9461->9462 9466 36cb19 9462->9466 9467 36cb24 ___addlocaleref ___removelocaleref 9466->9467 9469 36cb59 9466->9469 9467->9469 9473 36c89f 9467->9473 9470 36ec6e 9469->9470 9719 36bb00 LeaveCriticalSection 9470->9719 9472 36ec75 9472->9460 9474 36c918 9473->9474 9475 36c8b4 9473->9475 9476 36c965 9474->9476 9477 3666f3 _free 59 API calls 9474->9477 9475->9474 9482 36c8e5 9475->9482 9485 3666f3 _free 59 API calls 9475->9485 9498 36c98e 9476->9498 9543 36e7f4 9476->9543 9479 36c939 9477->9479 9483 3666f3 _free 59 API calls 9479->9483 9481 36c903 9484 3666f3 _free 59 API calls 9481->9484 9482->9481 9492 3666f3 _free 59 API calls 9482->9492 9488 36c94c 9483->9488 9489 36c90d 9484->9489 9490 36c8da 9485->9490 9486 3666f3 _free 59 API calls 9486->9498 9487 36c9ed 9491 3666f3 _free 59 API calls 9487->9491 9493 3666f3 _free 59 API calls 9488->9493 9494 3666f3 _free 59 API calls 9489->9494 9503 36e691 9490->9503 9496 36c9f3 9491->9496 9497 36c8f8 9492->9497 9499 36c95a 9493->9499 9494->9474 9496->9469 9531 36e78d 9497->9531 9498->9487 9501 3666f3 59 API calls _free 9498->9501 9502 3666f3 _free 59 API calls 9499->9502 9501->9498 9502->9476 9504 36e789 9503->9504 9506 36e6a0 9503->9506 9504->9482 9505 36e6b1 9508 36e6c3 9505->9508 9509 3666f3 _free 59 API calls 9505->9509 9506->9505 9507 3666f3 _free 59 API calls 9506->9507 9507->9505 9510 36e6d5 9508->9510 9511 3666f3 _free 59 API calls 9508->9511 9509->9508 9512 36e6e7 9510->9512 9513 3666f3 _free 59 API calls 9510->9513 9511->9510 9514 36e6f9 9512->9514 9515 3666f3 _free 59 API calls 9512->9515 9513->9512 9516 36e70b 9514->9516 9517 3666f3 _free 59 API calls 9514->9517 9515->9514 9518 36e71d 9516->9518 9519 3666f3 _free 59 API calls 9516->9519 9517->9516 9520 36e72f 9518->9520 9521 3666f3 _free 59 API calls 9518->9521 9519->9518 9522 36e741 9520->9522 9523 3666f3 _free 59 API calls 9520->9523 9521->9520 9524 36e753 9522->9524 9525 3666f3 _free 59 API calls 9522->9525 9523->9522 9526 36e765 9524->9526 9527 3666f3 _free 59 API calls 9524->9527 9525->9524 9528 36e777 9526->9528 9529 3666f3 _free 59 API calls 9526->9529 9527->9526 9528->9504 9530 3666f3 _free 59 API calls 9528->9530 9529->9528 9530->9504 9532 36e798 9531->9532 9542 36e7f0 9531->9542 9533 3666f3 _free 59 API calls 9532->9533 9535 36e7a8 9532->9535 9533->9535 9534 36e7ba 9537 36e7cc 9534->9537 9538 3666f3 _free 59 API calls 9534->9538 9535->9534 9536 3666f3 _free 59 API calls 9535->9536 9536->9534 9539 36e7de 9537->9539 9540 3666f3 _free 59 API calls 9537->9540 9538->9537 9541 3666f3 _free 59 API calls 9539->9541 9539->9542 9540->9539 9541->9542 9542->9481 9544 36e803 9543->9544 9545 36c983 9543->9545 9546 3666f3 _free 59 API calls 9544->9546 9545->9486 9547 36e80b 9546->9547 9548 3666f3 _free 59 API calls 9547->9548 9549 36e813 9548->9549 9550 3666f3 _free 59 API calls 9549->9550 9551 36e81b 9550->9551 9552 3666f3 _free 59 API calls 9551->9552 9553 36e823 9552->9553 9554 3666f3 _free 59 API calls 9553->9554 9555 36e82b 9554->9555 9556 3666f3 _free 59 API calls 9555->9556 9557 36e833 9556->9557 9558 3666f3 _free 59 API calls 9557->9558 9559 36e83a 9558->9559 9560 3666f3 _free 59 API calls 9559->9560 9561 36e842 9560->9561 9562 3666f3 _free 59 API calls 9561->9562 9563 36e84a 9562->9563 9564 3666f3 _free 59 API calls 9563->9564 9565 36e852 9564->9565 9566 3666f3 _free 59 API calls 9565->9566 9567 36e85a 9566->9567 9568 3666f3 _free 59 API calls 9567->9568 9569 36e862 9568->9569 9570 3666f3 _free 59 API calls 9569->9570 9571 36e86a 9570->9571 9572 3666f3 _free 59 API calls 9571->9572 9573 36e872 9572->9573 9574 3666f3 _free 59 API calls 9573->9574 9575 36e87a 9574->9575 9576 3666f3 _free 59 API calls 9575->9576 9577 36e882 9576->9577 9578 3666f3 _free 59 API calls 9577->9578 9579 36e88d 9578->9579 9580 3666f3 _free 59 API calls 9579->9580 9581 36e895 9580->9581 9582 3666f3 _free 59 API calls 9581->9582 9583 36e89d 9582->9583 9584 3666f3 _free 59 API calls 9583->9584 9585 36e8a5 9584->9585 9586 3666f3 _free 59 API calls 9585->9586 9587 36e8ad 9586->9587 9588 3666f3 _free 59 API calls 9587->9588 9589 36e8b5 9588->9589 9590 3666f3 _free 59 API calls 9589->9590 9591 36e8bd 9590->9591 9592 3666f3 _free 59 API calls 9591->9592 9593 36e8c5 9592->9593 9594 3666f3 _free 59 API calls 9593->9594 9595 36e8cd 9594->9595 9596 3666f3 _free 59 API calls 9595->9596 9597 36e8d5 9596->9597 9598 3666f3 _free 59 API calls 9597->9598 9599 36e8dd 9598->9599 9600 3666f3 _free 59 API calls 9599->9600 9601 36e8e5 9600->9601 9602 3666f3 _free 59 API calls 9601->9602 9603 36e8ed 9602->9603 9604 3666f3 _free 59 API calls 9603->9604 9605 36e8f5 9604->9605 9606 3666f3 _free 59 API calls 9605->9606 9607 36e8fd 9606->9607 9608 3666f3 _free 59 API calls 9607->9608 9609 36e905 9608->9609 9610 3666f3 _free 59 API calls 9609->9610 9611 36e913 9610->9611 9612 3666f3 _free 59 API calls 9611->9612 9613 36e91e 9612->9613 9614 3666f3 _free 59 API calls 9613->9614 9615 36e929 9614->9615 9616 3666f3 _free 59 API calls 9615->9616 9617 36e934 9616->9617 9618 3666f3 _free 59 API calls 9617->9618 9619 36e93f 9618->9619 9620 3666f3 _free 59 API calls 9619->9620 9621 36e94a 9620->9621 9622 3666f3 _free 59 API calls 9621->9622 9623 36e955 9622->9623 9624 3666f3 _free 59 API calls 9623->9624 9625 36e960 9624->9625 9626 3666f3 _free 59 API calls 9625->9626 9627 36e96b 9626->9627 9628 3666f3 _free 59 API calls 9627->9628 9629 36e976 9628->9629 9630 3666f3 _free 59 API calls 9629->9630 9631 36e981 9630->9631 9632 3666f3 _free 59 API calls 9631->9632 9633 36e98c 9632->9633 9634 3666f3 _free 59 API calls 9633->9634 9635 36e997 9634->9635 9636 3666f3 _free 59 API calls 9635->9636 9637 36e9a2 9636->9637 9638 3666f3 _free 59 API calls 9637->9638 9639 36e9ad 9638->9639 9640 3666f3 _free 59 API calls 9639->9640 9641 36e9b8 9640->9641 9642 3666f3 _free 59 API calls 9641->9642 9643 36e9c6 9642->9643 9644 3666f3 _free 59 API calls 9643->9644 9645 36e9d1 9644->9645 9646 3666f3 _free 59 API calls 9645->9646 9647 36e9dc 9646->9647 9648 3666f3 _free 59 API calls 9647->9648 9649 36e9e7 9648->9649 9650 3666f3 _free 59 API calls 9649->9650 9651 36e9f2 9650->9651 9652 3666f3 _free 59 API calls 9651->9652 9653 36e9fd 9652->9653 9654 3666f3 _free 59 API calls 9653->9654 9655 36ea08 9654->9655 9656 3666f3 _free 59 API calls 9655->9656 9657 36ea13 9656->9657 9658 3666f3 _free 59 API calls 9657->9658 9659 36ea1e 9658->9659 9660 3666f3 _free 59 API calls 9659->9660 9661 36ea29 9660->9661 9662 3666f3 _free 59 API calls 9661->9662 9663 36ea34 9662->9663 9664 3666f3 _free 59 API calls 9663->9664 9665 36ea3f 9664->9665 9666 3666f3 _free 59 API calls 9665->9666 9667 36ea4a 9666->9667 9668 3666f3 _free 59 API calls 9667->9668 9669 36ea55 9668->9669 9670 3666f3 _free 59 API calls 9669->9670 9671 36ea60 9670->9671 9672 3666f3 _free 59 API calls 9671->9672 9673 36ea6b 9672->9673 9674 3666f3 _free 59 API calls 9673->9674 9675 36ea79 9674->9675 9676 3666f3 _free 59 API calls 9675->9676 9677 36ea84 9676->9677 9678 3666f3 _free 59 API calls 9677->9678 9679 36ea8f 9678->9679 9680 3666f3 _free 59 API calls 9679->9680 9681 36ea9a 9680->9681 9682 3666f3 _free 59 API calls 9681->9682 9683 36eaa5 9682->9683 9684 3666f3 _free 59 API calls 9683->9684 9685 36eab0 9684->9685 9686 3666f3 _free 59 API calls 9685->9686 9687 36eabb 9686->9687 9688 3666f3 _free 59 API calls 9687->9688 9689 36eac6 9688->9689 9690 3666f3 _free 59 API calls 9689->9690 9691 36ead1 9690->9691 9692 3666f3 _free 59 API calls 9691->9692 9693 36eadc 9692->9693 9694 3666f3 _free 59 API calls 9693->9694 9695 36eae7 9694->9695 9696 3666f3 _free 59 API calls 9695->9696 9697 36eaf2 9696->9697 9698 3666f3 _free 59 API calls 9697->9698 9699 36eafd 9698->9699 9700 3666f3 _free 59 API calls 9699->9700 9701 36eb08 9700->9701 9702 3666f3 _free 59 API calls 9701->9702 9703 36eb13 9702->9703 9704 3666f3 _free 59 API calls 9703->9704 9705 36eb1e 9704->9705 9706 3666f3 _free 59 API calls 9705->9706 9707 36eb2c 9706->9707 9708 3666f3 _free 59 API calls 9707->9708 9709 36eb37 9708->9709 9710 3666f3 _free 59 API calls 9709->9710 9711 36eb42 9710->9711 9712 3666f3 _free 59 API calls 9711->9712 9713 36eb4d 9712->9713 9714 3666f3 _free 59 API calls 9713->9714 9715 36eb58 9714->9715 9716 3666f3 _free 59 API calls 9715->9716 9717 36eb63 9716->9717 9718 3666f3 _free 59 API calls 9717->9718 9718->9545 9719->9472 9720 368823 9723 368844 9720->9723 9722 36883f 9724 3688ae 9723->9724 9725 36884f 9723->9725 9791 368d95 9724->9791 9725->9724 9727 368854 9725->9727 9728 368859 9727->9728 9730 368872 9727->9730 9737 368f4f 9728->9737 9731 368895 9730->9731 9733 36887c 9730->9733 9778 3688ca 9731->9778 9756 369010 9733->9756 9736 368893 9736->9722 9808 36d7f9 9737->9808 9740 368f94 9743 368fac 9740->9743 9744 368f9c 9740->9744 9741 368f84 9742 367fa3 __cftoa_l 59 API calls 9741->9742 9745 368f89 9742->9745 9820 36d537 9743->9820 9746 367fa3 __cftoa_l 59 API calls 9744->9746 9748 369d0b __cftoa_l 9 API calls 9745->9748 9749 368fa1 9746->9749 9752 368f90 9748->9752 9751 369d0b __cftoa_l 9 API calls 9749->9751 9750 368fdf 9750->9752 9829 368e63 9750->9829 9751->9752 9754 3666e4 __cftof_l 6 API calls 9752->9754 9755 36886d 9754->9755 9755->9722 9757 36d7f9 __fltout2 59 API calls 9756->9757 9758 36903e 9757->9758 9759 369045 9758->9759 9760 369058 9758->9760 9763 367fa3 __cftoa_l 59 API calls 9759->9763 9761 369073 9760->9761 9762 369060 9760->9762 9768 36d537 __fptostr 59 API calls 9761->9768 9765 367fa3 __cftoa_l 59 API calls 9762->9765 9764 36904a 9763->9764 9766 369d0b __cftoa_l 9 API calls 9764->9766 9767 369065 9765->9767 9771 369051 9766->9771 9769 369d0b __cftoa_l 9 API calls 9767->9769 9770 36909f 9768->9770 9769->9771 9770->9771 9772 3690e5 9770->9772 9774 3690bf 9770->9774 9773 3666e4 __cftof_l 6 API calls 9771->9773 9906 368c44 9772->9906 9776 36910b 9773->9776 9777 368e63 __cftof2_l 59 API calls 9774->9777 9776->9736 9777->9771 9779 36879b _LocaleUpdate::_LocaleUpdate 59 API calls 9778->9779 9780 3688ef 9779->9780 9781 368906 9780->9781 9782 36890f 9780->9782 9783 367fa3 __cftoa_l 59 API calls 9781->9783 9785 368918 9782->9785 9788 36892c 9782->9788 9784 36890b 9783->9784 9787 369d0b __cftoa_l 9 API calls 9784->9787 9786 367fa3 __cftoa_l 59 API calls 9785->9786 9786->9784 9790 368927 _memset __alldvrm __cftoa_l _strrchr 9787->9790 9788->9790 9938 368c26 9788->9938 9790->9736 9792 36d7f9 __fltout2 59 API calls 9791->9792 9793 368dc7 9792->9793 9794 368dde 9793->9794 9795 368dce 9793->9795 9796 368de5 9794->9796 9797 368def 9794->9797 9798 367fa3 __cftoa_l 59 API calls 9795->9798 9799 367fa3 __cftoa_l 59 API calls 9796->9799 9802 36d537 __fptostr 59 API calls 9797->9802 9800 368dd3 9798->9800 9799->9800 9801 369d0b __cftoa_l 9 API calls 9800->9801 9803 368dda 9801->9803 9804 368e2f 9802->9804 9805 3666e4 __cftof_l 6 API calls 9803->9805 9804->9803 9806 368c44 __cftoe2_l 59 API calls 9804->9806 9807 368e5f 9805->9807 9806->9803 9807->9736 9809 36d822 ___dtold 9808->9809 9836 36ff4e 9809->9836 9814 36d864 9816 3666e4 __cftof_l 6 API calls 9814->9816 9815 36d87a 9817 369d1b __invoke_watson 8 API calls 9815->9817 9819 368f7d 9816->9819 9818 36d886 9817->9818 9819->9740 9819->9741 9821 36d55f 9820->9821 9822 36d549 9820->9822 9821->9822 9826 36d565 9821->9826 9823 367fa3 __cftoa_l 59 API calls 9822->9823 9824 36d54e 9823->9824 9825 369d0b __cftoa_l 9 API calls 9824->9825 9828 36d558 _memmove _strlen 9825->9828 9827 367fa3 __cftoa_l 59 API calls 9826->9827 9826->9828 9827->9824 9828->9750 9858 36879b 9829->9858 9832 367fa3 __cftoa_l 59 API calls 9833 368e92 9832->9833 9834 369d0b __cftoa_l 9 API calls 9833->9834 9835 368e9c _memset __shift 9834->9835 9835->9752 9839 36ffa3 9836->9839 9837 370015 9840 36cd50 __cftoe2_l 59 API calls 9837->9840 9838 3666e4 __cftof_l 6 API calls 9841 36d83d 9838->9841 9839->9837 9842 37002e 9839->9842 9848 36ffb5 9839->9848 9840->9848 9849 36cd50 9841->9849 9845 36cd50 __cftoe2_l 59 API calls 9842->9845 9843 3708ea 9844 369d1b __invoke_watson 8 API calls 9843->9844 9846 370921 9844->9846 9845->9848 9847 36ffc6 9847->9838 9848->9843 9848->9847 9850 36cd69 9849->9850 9851 36cd5b 9849->9851 9852 367fa3 __cftoa_l 59 API calls 9850->9852 9851->9850 9856 36cd7f 9851->9856 9853 36cd70 9852->9853 9854 369d0b __cftoa_l 9 API calls 9853->9854 9855 36cd7a 9854->9855 9855->9814 9855->9815 9856->9855 9857 367fa3 __cftoa_l 59 API calls 9856->9857 9857->9853 9859 3687ac 9858->9859 9865 3687f9 9858->9865 9866 369e7b 9859->9866 9862 3687d9 9862->9865 9886 36c143 9862->9886 9865->9832 9865->9835 9867 369e93 __getptd_noexit 59 API calls 9866->9867 9868 369e81 9867->9868 9869 3687b2 9868->9869 9870 368089 __lock 59 API calls 9868->9870 9869->9862 9871 36ca99 9869->9871 9870->9869 9872 36caa5 _doexit 9871->9872 9873 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 9872->9873 9875 36caae 9873->9875 9874 36cadd 9877 36b996 __lock 59 API calls 9874->9877 9875->9874 9876 36cac1 9875->9876 9879 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 9876->9879 9878 36cae4 9877->9878 9880 36cb19 __updatetlocinfoEx_nolock 59 API calls 9878->9880 9881 36cac6 9879->9881 9882 36caf8 9880->9882 9884 36cad4 _doexit 9881->9884 9885 368089 __lock 59 API calls 9881->9885 9898 36cb10 9882->9898 9884->9862 9885->9884 9887 36c14f _doexit 9886->9887 9888 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 9887->9888 9889 36c159 9888->9889 9890 36b996 __lock 59 API calls 9889->9890 9894 36c16b 9889->9894 9893 36c189 9890->9893 9891 368089 __lock 59 API calls 9895 36c179 _doexit 9891->9895 9896 3666f3 _free 59 API calls 9893->9896 9897 36c1b6 9893->9897 9894->9891 9894->9895 9895->9865 9896->9897 9902 36c1e0 9897->9902 9901 36bb00 LeaveCriticalSection 9898->9901 9900 36cb17 9900->9881 9901->9900 9905 36bb00 LeaveCriticalSection 9902->9905 9904 36c1e7 9904->9894 9905->9904 9907 36879b _LocaleUpdate::_LocaleUpdate 59 API calls 9906->9907 9908 368c57 9907->9908 9909 368c64 9908->9909 9910 368c6d 9908->9910 9911 367fa3 __cftoa_l 59 API calls 9909->9911 9913 368c82 9910->9913 9916 368c96 __shift 9910->9916 9912 368c69 9911->9912 9915 369d0b __cftoa_l 9 API calls 9912->9915 9914 367fa3 __cftoa_l 59 API calls 9913->9914 9914->9912 9921 368c91 _memmove 9915->9921 9917 36cd50 __cftoe2_l 59 API calls 9916->9917 9918 368d0d 9917->9918 9919 369d1b __invoke_watson 8 API calls 9918->9919 9918->9921 9920 368d94 9919->9920 9922 36d7f9 __fltout2 59 API calls 9920->9922 9921->9771 9923 368dc7 9922->9923 9924 368dde 9923->9924 9925 368dce 9923->9925 9926 368de5 9924->9926 9927 368def 9924->9927 9928 367fa3 __cftoa_l 59 API calls 9925->9928 9929 367fa3 __cftoa_l 59 API calls 9926->9929 9932 36d537 __fptostr 59 API calls 9927->9932 9930 368dd3 9928->9930 9929->9930 9931 369d0b __cftoa_l 9 API calls 9930->9931 9933 368dda 9931->9933 9934 368e2f 9932->9934 9935 3666e4 __cftof_l 6 API calls 9933->9935 9934->9933 9936 368c44 __cftoe2_l 59 API calls 9934->9936 9937 368e5f 9935->9937 9936->9933 9937->9771 9939 368d95 __cftoe_l 59 API calls 9938->9939 9940 368c3f 9939->9940 9940->9790 9942 36aa2b 9945 36953c 9942->9945 9946 369548 _doexit 9945->9946 9946->9945 9948 369e7b 59 API calls _LocaleUpdate::_LocaleUpdate 9946->9948 9949 3695b3 9946->9949 9948->9946 9960 36bc61 DecodePointer 9949->9960 9951 3695b8 9956 3695c3 9951->9956 9961 36bc8a 9951->9961 9953 3695cd IsProcessorFeaturePresent 9954 3695d8 9953->9954 9957 369bae __call_reportfault 7 API calls 9954->9957 9955 368147 _abort 59 API calls 9958 3695f5 9955->9958 9956->9953 9959 3695eb 9956->9959 9957->9959 9959->9955 9960->9951 9965 36bc96 _doexit 9961->9965 9962 36bd00 9963 36bcdd DecodePointer 9962->9963 9969 36bd0f 9962->9969 9968 36bccc _siglookup 9963->9968 9964 36bcc7 9967 369e93 __getptd_noexit 59 API calls 9964->9967 9965->9962 9965->9963 9965->9964 9971 36bcc3 9965->9971 9967->9968 9972 36bd6d 9968->9972 9974 368147 _abort 59 API calls 9968->9974 9976 36bcd5 _doexit 9968->9976 9970 367fa3 __cftoa_l 59 API calls 9969->9970 9973 36bd14 9970->9973 9971->9964 9971->9969 9977 36b996 __lock 59 API calls 9972->9977 9979 36bd78 9972->9979 9975 369d0b __cftoa_l 9 API calls 9973->9975 9974->9972 9975->9976 9976->9956 9977->9979 9978 36bdda EncodePointer 9981 36bdad 9978->9981 9979->9978 9979->9981 9982 36be0b 9981->9982 9983 36be16 9982->9983 9984 36be0f 9982->9984 9983->9976 9986 36bb00 LeaveCriticalSection 9984->9986 9986->9983 9992 36a211 9993 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 9992->9993 9994 36a219 9993->9994 9999 36ac44 9994->9999 9996 36a28c 10009 36a2b9 9996->10009 9998 36a2ab _doexit 10000 36ac50 _doexit 9999->10000 10001 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10000->10001 10006 36ac70 _CallCatchBlock2 10001->10006 10002 36acde 10024 36ad03 10002->10024 10006->10002 10018 369504 10006->10018 10007 36acf4 _doexit 10007->9996 10008 369504 FindHandler 64 API calls 10008->10007 10030 367ab2 10009->10030 10012 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10013 36a2cd 10012->10013 10014 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10013->10014 10015 36a2db 10014->10015 10017 36a322 ___DestructExceptionObject 10015->10017 10038 367b02 10015->10038 10017->9998 10029 369310 10018->10029 10020 369510 DecodePointer 10021 369520 10020->10021 10022 36953c FindHandler 63 API calls 10021->10022 10023 36953b 10022->10023 10025 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10024->10025 10026 36ad08 10025->10026 10027 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10026->10027 10028 36acea 10026->10028 10027->10028 10028->10007 10028->10008 10029->10020 10031 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10030->10031 10032 367abb 10031->10032 10033 367ac6 10032->10033 10034 367ad7 10032->10034 10035 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10033->10035 10036 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10034->10036 10037 367acb 10035->10037 10036->10037 10037->10012 10039 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10038->10039 10040 367b0a 10039->10040 10040->10017 10049 36e003 10056 36e5a4 10049->10056 10052 36e016 10053 3666f3 _free 59 API calls 10052->10053 10055 36e021 10053->10055 10069 36e5ad 10056->10069 10058 36e008 10058->10052 10059 370e35 10058->10059 10060 370e41 _doexit 10059->10060 10061 36b996 __lock 59 API calls 10060->10061 10064 370e4d 10061->10064 10062 370eb2 10110 370ec9 10062->10110 10064->10062 10066 370e86 DeleteCriticalSection 10064->10066 10097 371bd1 10064->10097 10065 370ebe _doexit 10065->10052 10068 3666f3 _free 59 API calls 10066->10068 10068->10064 10070 36e5b9 _doexit 10069->10070 10071 36b996 __lock 59 API calls 10070->10071 10077 36e5c8 10071->10077 10072 36e666 10087 36e688 10072->10087 10075 36e672 _doexit 10075->10058 10077->10072 10078 36e4fa 83 API calls __fflush_nolock 10077->10078 10079 36e069 10077->10079 10084 36e655 10077->10084 10078->10077 10080 36e074 10079->10080 10081 36e08a EnterCriticalSection 10079->10081 10082 36b996 __lock 59 API calls 10080->10082 10081->10077 10083 36e07d 10082->10083 10083->10077 10090 36e0d3 10084->10090 10086 36e663 10086->10077 10096 36bb00 LeaveCriticalSection 10087->10096 10089 36e68f 10089->10075 10091 36e0f4 LeaveCriticalSection 10090->10091 10092 36e0e1 10090->10092 10091->10086 10095 36bb00 LeaveCriticalSection 10092->10095 10094 36e0f1 10094->10086 10095->10094 10096->10089 10098 371bdd _doexit 10097->10098 10099 371bf1 10098->10099 10100 371c09 10098->10100 10101 367fa3 __cftoa_l 59 API calls 10099->10101 10106 371c01 _doexit 10100->10106 10113 36e02a 10100->10113 10102 371bf6 10101->10102 10104 369d0b __cftoa_l 9 API calls 10102->10104 10104->10106 10106->10064 10365 36bb00 LeaveCriticalSection 10110->10365 10112 370ed0 10112->10065 10114 36e05c EnterCriticalSection 10113->10114 10115 36e03a 10113->10115 10117 36e052 10114->10117 10115->10114 10116 36e042 10115->10116 10118 36b996 __lock 59 API calls 10116->10118 10119 371b65 10117->10119 10118->10117 10120 371b74 10119->10120 10121 371b88 10119->10121 10122 367fa3 __cftoa_l 59 API calls 10120->10122 10127 371b84 10121->10127 10138 36e540 10121->10138 10123 371b79 10122->10123 10125 369d0b __cftoa_l 9 API calls 10123->10125 10125->10127 10135 371c40 10127->10135 10131 371ba2 10155 371fe4 10131->10155 10133 371ba8 10133->10127 10134 3666f3 _free 59 API calls 10133->10134 10134->10127 10358 36e099 10135->10358 10137 371c46 10137->10106 10139 36e553 10138->10139 10143 36e577 10138->10143 10140 36e482 __flush 59 API calls 10139->10140 10139->10143 10141 36e570 10140->10141 10181 370fbb 10141->10181 10144 372159 10143->10144 10145 371b9c 10144->10145 10146 372166 10144->10146 10148 36e482 10145->10148 10146->10145 10147 3666f3 _free 59 API calls 10146->10147 10147->10145 10149 36e4a1 10148->10149 10150 36e48c 10148->10150 10149->10131 10151 367fa3 __cftoa_l 59 API calls 10150->10151 10152 36e491 10151->10152 10153 369d0b __cftoa_l 9 API calls 10152->10153 10154 36e49c 10153->10154 10154->10131 10156 371ff0 _doexit 10155->10156 10157 372014 10156->10157 10158 371ffd 10156->10158 10159 37209f 10157->10159 10161 372024 10157->10161 10160 367f6f __free_osfhnd 59 API calls 10158->10160 10162 367f6f __free_osfhnd 59 API calls 10159->10162 10163 372002 10160->10163 10164 372042 10161->10164 10165 37204c 10161->10165 10166 372047 10162->10166 10167 367fa3 __cftoa_l 59 API calls 10163->10167 10169 367f6f __free_osfhnd 59 API calls 10164->10169 10170 371c48 ___lock_fhandle 60 API calls 10165->10170 10171 367fa3 __cftoa_l 59 API calls 10166->10171 10168 372009 _doexit 10167->10168 10168->10133 10169->10166 10172 372052 10170->10172 10173 3720ab 10171->10173 10174 372065 10172->10174 10175 372070 10172->10175 10176 369d0b __cftoa_l 9 API calls 10173->10176 10330 3720bf 10174->10330 10178 367fa3 __cftoa_l 59 API calls 10175->10178 10176->10168 10179 37206b 10178->10179 10345 372097 10179->10345 10182 370fc7 _doexit 10181->10182 10183 370fd4 10182->10183 10184 370feb 10182->10184 10209 367f6f 10183->10209 10185 37108a 10184->10185 10187 370fff 10184->10187 10188 367f6f __free_osfhnd 59 API calls 10185->10188 10191 371027 10187->10191 10192 37101d 10187->10192 10195 371022 10188->10195 10190 367fa3 __cftoa_l 59 API calls 10205 370fe0 _doexit 10190->10205 10212 371c48 10191->10212 10193 367f6f __free_osfhnd 59 API calls 10192->10193 10193->10195 10197 367fa3 __cftoa_l 59 API calls 10195->10197 10196 37102d 10198 371053 10196->10198 10199 371040 10196->10199 10200 371096 10197->10200 10203 367fa3 __cftoa_l 59 API calls 10198->10203 10221 3710aa 10199->10221 10202 369d0b __cftoa_l 9 API calls 10200->10202 10202->10205 10204 371058 10203->10204 10207 367f6f __free_osfhnd 59 API calls 10204->10207 10205->10143 10206 37104c 10280 371082 10206->10280 10207->10206 10210 369e93 __getptd_noexit 59 API calls 10209->10210 10211 367f74 10210->10211 10211->10190 10213 371c54 _doexit 10212->10213 10214 371ca3 EnterCriticalSection 10213->10214 10215 36b996 __lock 59 API calls 10213->10215 10216 371cc9 _doexit 10214->10216 10217 371c79 10215->10217 10216->10196 10218 371c91 10217->10218 10219 3696ac ___lock_fhandle InitializeCriticalSectionAndSpinCount 10217->10219 10283 371ccd 10218->10283 10219->10218 10222 3710b7 __write_nolock 10221->10222 10223 3710f6 10222->10223 10224 371115 10222->10224 10254 3710eb 10222->10254 10225 367f6f __free_osfhnd 59 API calls 10223->10225 10228 37116d 10224->10228 10229 371151 10224->10229 10227 3710fb 10225->10227 10226 3666e4 __cftof_l 6 API calls 10230 37190b 10226->10230 10231 367fa3 __cftoa_l 59 API calls 10227->10231 10232 371186 10228->10232 10287 371de9 10228->10287 10233 367f6f __free_osfhnd 59 API calls 10229->10233 10230->10206 10234 371102 10231->10234 10296 36e4a6 10232->10296 10237 371156 10233->10237 10238 369d0b __cftoa_l 9 API calls 10234->10238 10240 367fa3 __cftoa_l 59 API calls 10237->10240 10238->10254 10239 371194 10241 3714ed 10239->10241 10246 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10239->10246 10242 37115d 10240->10242 10243 371880 WriteFile 10241->10243 10244 37150b 10241->10244 10245 369d0b __cftoa_l 9 API calls 10242->10245 10247 3714e0 GetLastError 10243->10247 10256 3714ad 10243->10256 10248 37162f 10244->10248 10259 371521 10244->10259 10245->10254 10251 3711c0 GetConsoleMode 10246->10251 10247->10256 10249 371724 10248->10249 10250 37163a 10248->10250 10252 3718b9 10249->10252 10249->10256 10266 371799 WideCharToMultiByte 10249->10266 10269 3717e8 WriteFile 10249->10269 10250->10252 10250->10256 10262 37169f WriteFile 10250->10262 10251->10241 10253 3711ff 10251->10253 10252->10254 10255 367fa3 __cftoa_l 59 API calls 10252->10255 10253->10241 10257 37120f GetConsoleCP 10253->10257 10254->10226 10260 3718e7 10255->10260 10256->10252 10256->10254 10261 37160d 10256->10261 10257->10252 10275 37123e 10257->10275 10258 371590 WriteFile 10258->10247 10258->10259 10259->10252 10259->10256 10259->10258 10263 367f6f __free_osfhnd 59 API calls 10260->10263 10264 3718b0 10261->10264 10265 371618 10261->10265 10262->10247 10262->10250 10263->10254 10308 367f82 10264->10308 10267 367fa3 __cftoa_l 59 API calls 10265->10267 10266->10247 10266->10249 10270 37161d 10267->10270 10269->10249 10272 37183b GetLastError 10269->10272 10273 367f6f __free_osfhnd 59 API calls 10270->10273 10272->10249 10273->10254 10274 371f51 61 API calls __write_nolock 10274->10275 10275->10247 10275->10256 10275->10274 10276 371327 WideCharToMultiByte 10275->10276 10278 371f69 WriteConsoleW CreateFileW __putwch_nolock 10275->10278 10279 3713bc WriteFile 10275->10279 10305 36ecb1 10275->10305 10276->10256 10277 371362 WriteFile 10276->10277 10277->10247 10277->10275 10278->10275 10279->10247 10279->10275 10329 371dc3 LeaveCriticalSection 10280->10329 10282 371088 10282->10205 10286 36bb00 LeaveCriticalSection 10283->10286 10285 371cd4 10285->10214 10286->10285 10313 371d5c 10287->10313 10289 371df9 10290 371e12 SetFilePointerEx 10289->10290 10291 371e01 10289->10291 10292 371e2a GetLastError 10290->10292 10294 371e06 10290->10294 10293 367fa3 __cftoa_l 59 API calls 10291->10293 10295 367f82 __dosmaperr 59 API calls 10292->10295 10293->10294 10294->10232 10295->10294 10297 36e4b1 10296->10297 10298 36e4be 10296->10298 10299 367fa3 __cftoa_l 59 API calls 10297->10299 10300 36e4ca 10298->10300 10301 367fa3 __cftoa_l 59 API calls 10298->10301 10303 36e4b6 10299->10303 10300->10239 10302 36e4eb 10301->10302 10304 369d0b __cftoa_l 9 API calls 10302->10304 10303->10239 10304->10303 10326 36ec77 10305->10326 10309 367f6f __free_osfhnd 59 API calls 10308->10309 10310 367f8b _free 10309->10310 10311 367fa3 __cftoa_l 59 API calls 10310->10311 10312 367f9e 10311->10312 10312->10254 10314 371d67 10313->10314 10315 371d7c 10313->10315 10316 367f6f __free_osfhnd 59 API calls 10314->10316 10318 367f6f __free_osfhnd 59 API calls 10315->10318 10321 371da1 10315->10321 10317 371d6c 10316->10317 10320 367fa3 __cftoa_l 59 API calls 10317->10320 10319 371dab 10318->10319 10322 367fa3 __cftoa_l 59 API calls 10319->10322 10323 371d74 10320->10323 10321->10289 10324 371db3 10322->10324 10323->10289 10325 369d0b __cftoa_l 9 API calls 10324->10325 10325->10323 10327 36879b _LocaleUpdate::_LocaleUpdate 59 API calls 10326->10327 10328 36ec88 10327->10328 10328->10275 10329->10282 10331 371d5c __close_nolock 59 API calls 10330->10331 10333 3720cd 10331->10333 10332 372123 10348 371cd6 10332->10348 10333->10332 10335 371d5c __close_nolock 59 API calls 10333->10335 10344 372101 10333->10344 10338 3720f8 10335->10338 10336 371d5c __close_nolock 59 API calls 10339 37210d CloseHandle 10336->10339 10341 371d5c __close_nolock 59 API calls 10338->10341 10339->10332 10342 372119 GetLastError 10339->10342 10340 367f82 __dosmaperr 59 API calls 10343 37214d 10340->10343 10341->10344 10342->10332 10343->10179 10344->10332 10344->10336 10357 371dc3 LeaveCriticalSection 10345->10357 10347 37209d 10347->10168 10349 371d42 10348->10349 10350 371ce2 10348->10350 10351 367fa3 __cftoa_l 59 API calls 10349->10351 10350->10349 10355 371d0b 10350->10355 10352 371d47 10351->10352 10353 367f6f __free_osfhnd 59 API calls 10352->10353 10354 371d33 10353->10354 10354->10340 10354->10343 10355->10354 10356 371d2d SetStdHandle 10355->10356 10356->10354 10357->10347 10359 36e0c7 LeaveCriticalSection 10358->10359 10360 36e0a8 10358->10360 10359->10137 10360->10359 10361 36e0af 10360->10361 10364 36bb00 LeaveCriticalSection 10361->10364 10363 36e0c4 10363->10137 10364->10363 10365->10112 10484 36be8d 10487 36c1e9 10484->10487 10486 36be9c 10488 36c1f5 _doexit 10487->10488 10489 369e7b _LocaleUpdate::_LocaleUpdate 59 API calls 10488->10489 10490 36c1fd 10489->10490 10491 36c143 _LocaleUpdate::_LocaleUpdate 59 API calls 10490->10491 10492 36c207 10491->10492 10512 36bee4 10492->10512 10495 36afb5 __malloc_crt 59 API calls 10496 36c229 10495->10496 10497 36c356 _doexit 10496->10497 10519 36c391 10496->10519 10497->10486 10500 36c366 10500->10497 10503 36c379 10500->10503 10504 3666f3 _free 59 API calls 10500->10504 10501 36c25f 10502 36c27f 10501->10502 10506 3666f3 _free 59 API calls 10501->10506 10502->10497 10507 36b996 __lock 59 API calls 10502->10507 10505 367fa3 __cftoa_l 59 API calls 10503->10505 10504->10503 10505->10497 10506->10502 10509 36c2ae 10507->10509 10508 36c33c 10529 36c35b 10508->10529 10509->10508 10511 3666f3 _free 59 API calls 10509->10511 10511->10508 10513 36879b _LocaleUpdate::_LocaleUpdate 59 API calls 10512->10513 10514 36bef4 10513->10514 10515 36bf15 10514->10515 10516 36bf03 GetOEMCP 10514->10516 10517 36bf2c 10515->10517 10518 36bf1a GetACP 10515->10518 10516->10517 10517->10495 10517->10497 10518->10517 10520 36bee4 getSystemCP 61 API calls 10519->10520 10521 36c3ae 10520->10521 10524 36c3ff IsValidCodePage 10521->10524 10526 36c3b5 setSBCS 10521->10526 10528 36c424 _memset __setmbcp_nolock 10521->10528 10522 3666e4 __cftof_l 6 API calls 10523 36c250 10522->10523 10523->10500 10523->10501 10525 36c411 GetCPInfo 10524->10525 10524->10526 10525->10526 10525->10528 10526->10522 10532 36bfb1 GetCPInfo 10528->10532 10598 36bb00 LeaveCriticalSection 10529->10598 10531 36c362 10531->10497 10533 36c093 10532->10533 10535 36bfe9 10532->10535 10537 3666e4 __cftof_l 6 API calls 10533->10537 10542 36e442 10535->10542 10539 36c13f 10537->10539 10539->10526 10541 36e304 ___crtLCMapStringA 63 API calls 10541->10533 10543 36879b _LocaleUpdate::_LocaleUpdate 59 API calls 10542->10543 10544 36e453 10543->10544 10552 36e34a 10544->10552 10547 36e304 10548 36879b _LocaleUpdate::_LocaleUpdate 59 API calls 10547->10548 10549 36e315 10548->10549 10569 36e100 10549->10569 10553 36e364 10552->10553 10554 36e371 MultiByteToWideChar 10552->10554 10553->10554 10556 36e39d 10554->10556 10564 36e396 10554->10564 10555 3666e4 __cftof_l 6 API calls 10557 36c04a 10555->10557 10558 36e3bf _memset __crtLCMapStringA_stat 10556->10558 10559 36672b _malloc 59 API calls 10556->10559 10557->10547 10560 36e3fb MultiByteToWideChar 10558->10560 10558->10564 10559->10558 10561 36e425 10560->10561 10562 36e415 GetStringTypeW 10560->10562 10565 36db52 10561->10565 10562->10561 10564->10555 10566 36db6d 10565->10566 10567 36db5c 10565->10567 10566->10564 10567->10566 10568 3666f3 _free 59 API calls 10567->10568 10568->10566 10571 36e119 MultiByteToWideChar 10569->10571 10572 36e178 10571->10572 10576 36e17f 10571->10576 10573 3666e4 __cftof_l 6 API calls 10572->10573 10574 36c06b 10573->10574 10574->10541 10575 36e1de MultiByteToWideChar 10577 36e245 10575->10577 10578 36e1f7 10575->10578 10579 36672b _malloc 59 API calls 10576->10579 10582 36e1a7 __crtLCMapStringA_stat 10576->10582 10581 36db52 __freea 59 API calls 10577->10581 10594 36dbe8 10578->10594 10579->10582 10581->10572 10582->10572 10582->10575 10583 36e20b 10583->10577 10584 36e221 10583->10584 10586 36e24d 10583->10586 10584->10577 10585 36dbe8 __crtLCMapStringA_stat LCMapStringW 10584->10585 10585->10577 10589 36672b _malloc 59 API calls 10586->10589 10592 36e275 __crtLCMapStringA_stat 10586->10592 10587 36dbe8 __crtLCMapStringA_stat LCMapStringW 10588 36e2b8 10587->10588 10590 36e2e0 10588->10590 10593 36e2d2 WideCharToMultiByte 10588->10593 10589->10592 10591 36db52 __freea 59 API calls 10590->10591 10591->10577 10592->10577 10592->10587 10593->10590 10595 36dc13 __crtLCMapStringA_stat 10594->10595 10596 36dbf8 10594->10596 10597 36dc2a LCMapStringW 10595->10597 10596->10583 10597->10583 10598->10531 8212 367dee 8213 367dfa _doexit 8212->8213 8249 369689 GetStartupInfoW 8213->8249 8216 367dff 8251 367ff7 GetProcessHeap 8216->8251 8217 367e57 8218 367e62 8217->8218 8328 367f3e 8217->8328 8252 369fb5 8218->8252 8221 367e68 8222 367e73 __RTC_Initialize 8221->8222 8223 367f3e _fast_error_exit 59 API calls 8221->8223 8273 36b1f0 8222->8273 8223->8222 8225 367e82 8226 367e8e GetCommandLineW 8225->8226 8227 367f3e _fast_error_exit 59 API calls 8225->8227 8292 36b8ec GetEnvironmentStringsW 8226->8292 8230 367e8d 8227->8230 8230->8226 8232 367ea8 8233 367eb3 8232->8233 8336 368089 8232->8336 8302 36b6e1 8233->8302 8236 367eb9 8237 367ec4 8236->8237 8238 368089 __lock 59 API calls 8236->8238 8316 3680c3 8237->8316 8238->8237 8240 367ecc 8241 367ed7 __wwincmdln 8240->8241 8242 368089 __lock 59 API calls 8240->8242 8322 3666d0 8241->8322 8242->8241 8245 367efa 8343 3680b4 8245->8343 8248 367eff _doexit 8250 36969f 8249->8250 8250->8216 8251->8217 8346 36815b EncodePointer 8252->8346 8254 369fba 8351 36bac7 8254->8351 8257 369fc3 8355 36a02b 8257->8355 8262 369fe0 8367 36af6d 8262->8367 8265 36a022 8267 36a02b __mtterm 62 API calls 8265->8267 8269 36a027 8267->8269 8268 36a001 8268->8265 8270 36a007 8268->8270 8269->8221 8376 369f02 8270->8376 8272 36a00f GetCurrentThreadId 8272->8221 8274 36b1fc _doexit 8273->8274 8275 36b996 __lock 59 API calls 8274->8275 8276 36b203 8275->8276 8277 36af6d __calloc_crt 59 API calls 8276->8277 8278 36b214 8277->8278 8279 36b27f GetStartupInfoW 8278->8279 8280 36b21f _doexit @_EH4_CallFilterFunc@8 8278->8280 8286 36b294 8279->8286 8289 36b3c3 8279->8289 8280->8225 8281 36b48b 8637 36b49b 8281->8637 8283 36af6d __calloc_crt 59 API calls 8283->8286 8284 36b410 GetStdHandle 8284->8289 8285 36b423 GetFileType 8285->8289 8286->8283 8288 36b2e2 8286->8288 8286->8289 8287 36b316 GetFileType 8287->8288 8288->8287 8288->8289 8290 3696ac ___lock_fhandle InitializeCriticalSectionAndSpinCount 8288->8290 8289->8281 8289->8284 8289->8285 8291 3696ac ___lock_fhandle InitializeCriticalSectionAndSpinCount 8289->8291 8290->8288 8291->8289 8293 367e9e 8292->8293 8294 36b8fd 8292->8294 8298 36b4a4 GetModuleFileNameW 8293->8298 8295 36afb5 __malloc_crt 59 API calls 8294->8295 8296 36b923 _memmove 8295->8296 8297 36b939 FreeEnvironmentStringsW 8296->8297 8297->8293 8300 36b4d8 _wparse_cmdline 8298->8300 8299 36b518 _wparse_cmdline 8299->8232 8300->8299 8301 36afb5 __malloc_crt 59 API calls 8300->8301 8301->8299 8303 36b6f2 8302->8303 8304 36b6fa __NMSG_WRITE 8302->8304 8303->8236 8305 36af6d __calloc_crt 59 API calls 8304->8305 8312 36b723 __NMSG_WRITE 8305->8312 8306 36b77a 8307 3666f3 _free 59 API calls 8306->8307 8307->8303 8308 36af6d __calloc_crt 59 API calls 8308->8312 8309 36b79f 8310 3666f3 _free 59 API calls 8309->8310 8310->8303 8311 367d92 __NMSG_WRITE 59 API calls 8311->8312 8312->8303 8312->8306 8312->8308 8312->8309 8312->8311 8313 36b7b6 8312->8313 8314 369d1b __invoke_watson 8 API calls 8313->8314 8315 36b7c2 8314->8315 8315->8236 8318 3680cf __IsNonwritableInCurrentImage 8316->8318 8641 3692e8 8318->8641 8319 3680ed __initterm_e 8321 36810c _doexit __IsNonwritableInCurrentImage 8319->8321 8644 367d11 8319->8644 8321->8240 8710 366570 8322->8710 8324 3666e0 8324->8245 8325 36832c 8324->8325 9365 3681fd 8325->9365 8327 36833b 8327->8245 8329 367f4f 8328->8329 8330 367f4a 8328->8330 8332 36839d __NMSG_WRITE 59 API calls 8329->8332 8331 368340 __FF_MSGBANNER 59 API calls 8330->8331 8331->8329 8333 367f57 8332->8333 8334 368073 _doexit 3 API calls 8333->8334 8335 367f61 8334->8335 8335->8218 8337 368340 __FF_MSGBANNER 59 API calls 8336->8337 8338 368091 8337->8338 8339 36839d __NMSG_WRITE 59 API calls 8338->8339 8340 368099 8339->8340 9392 368147 8340->9392 8344 3681fd _doexit 59 API calls 8343->8344 8345 3680bf 8344->8345 8345->8248 8347 36816c __init_pointers __initp_misc_winsig 8346->8347 8386 369583 EncodePointer 8347->8386 8349 368184 __init_pointers 8350 36971a 34 API calls 8349->8350 8350->8254 8352 36bad3 8351->8352 8354 369fbf 8352->8354 8387 3696ac 8352->8387 8354->8257 8364 36960b 8354->8364 8356 36a035 8355->8356 8358 36a03b 8355->8358 8390 369629 8356->8390 8359 36b9e0 DeleteCriticalSection 8358->8359 8360 36b9fc 8358->8360 8393 3666f3 8359->8393 8362 36ba08 DeleteCriticalSection 8360->8362 8363 369fc8 8360->8363 8362->8360 8363->8221 8365 369622 TlsAlloc 8364->8365 8366 36961b 8364->8366 8366->8257 8366->8262 8370 36af74 8367->8370 8369 369fed 8369->8265 8373 369667 8369->8373 8370->8369 8372 36af92 8370->8372 8419 36df16 8370->8419 8372->8369 8372->8370 8427 3699b3 Sleep 8372->8427 8374 369681 TlsSetValue 8373->8374 8375 36967d 8373->8375 8374->8268 8375->8268 8377 369f0e _doexit 8376->8377 8430 36b996 8377->8430 8379 369f4b 8437 369fa3 8379->8437 8382 36b996 __lock 59 API calls 8383 369f6c ___addlocaleref 8382->8383 8440 369fac 8383->8440 8385 369f97 _doexit 8385->8272 8386->8349 8388 3696bc 8387->8388 8389 3696c9 InitializeCriticalSectionAndSpinCount 8387->8389 8388->8352 8389->8352 8391 369640 TlsFree 8390->8391 8392 36963c 8390->8392 8391->8358 8392->8358 8394 3666fc HeapFree 8393->8394 8395 366725 _free 8393->8395 8394->8395 8396 366711 8394->8396 8395->8358 8399 367fa3 8396->8399 8402 369e93 GetLastError 8399->8402 8401 366717 GetLastError 8401->8395 8416 369648 8402->8416 8404 369ea8 8405 369ef6 SetLastError 8404->8405 8406 36af6d __calloc_crt 56 API calls 8404->8406 8405->8401 8407 369ebb 8406->8407 8407->8405 8408 369667 __getptd_noexit TlsSetValue 8407->8408 8409 369ecf 8408->8409 8410 369ed5 8409->8410 8411 369eed 8409->8411 8412 369f02 __initptd 56 API calls 8410->8412 8413 3666f3 _free 56 API calls 8411->8413 8414 369edd GetCurrentThreadId 8412->8414 8415 369ef3 8413->8415 8414->8405 8415->8405 8417 36965f TlsGetValue 8416->8417 8418 36965b 8416->8418 8417->8404 8418->8404 8420 36df21 8419->8420 8425 36df3c 8419->8425 8421 36df2d 8420->8421 8420->8425 8423 367fa3 __cftoa_l 58 API calls 8421->8423 8422 36df4c HeapAlloc 8422->8425 8426 36df32 8422->8426 8423->8426 8425->8422 8425->8426 8428 36800c DecodePointer 8425->8428 8426->8370 8427->8372 8429 36801f 8428->8429 8429->8425 8431 36b9a7 8430->8431 8432 36b9ba EnterCriticalSection 8430->8432 8443 36ba1e 8431->8443 8432->8379 8434 36b9ad 8434->8432 8435 368089 __lock 58 API calls 8434->8435 8436 36b9b9 8435->8436 8436->8432 8635 36bb00 LeaveCriticalSection 8437->8635 8439 369f65 8439->8382 8636 36bb00 LeaveCriticalSection 8440->8636 8442 369fb3 8442->8385 8444 36ba2a _doexit 8443->8444 8445 36ba49 8444->8445 8465 368340 8444->8465 8451 36ba6c _doexit 8445->8451 8508 36afb5 8445->8508 8451->8434 8452 36ba3f 8505 368073 8452->8505 8453 36ba76 8456 36b996 __lock 59 API calls 8453->8456 8454 36ba67 8455 367fa3 __cftoa_l 59 API calls 8454->8455 8455->8451 8458 36ba7d 8456->8458 8459 36baa2 8458->8459 8460 36ba8a 8458->8460 8462 3666f3 _free 59 API calls 8459->8462 8461 3696ac ___lock_fhandle InitializeCriticalSectionAndSpinCount 8460->8461 8463 36ba96 8461->8463 8462->8463 8513 36babe 8463->8513 8516 36b7d0 8465->8516 8467 368347 8468 36b7d0 __NMSG_WRITE 59 API calls 8467->8468 8470 368354 8467->8470 8468->8470 8469 36839d __NMSG_WRITE 59 API calls 8471 36836c 8469->8471 8470->8469 8472 368376 8470->8472 8473 36839d __NMSG_WRITE 59 API calls 8471->8473 8474 36839d 8472->8474 8473->8472 8475 3683bb __NMSG_WRITE 8474->8475 8476 3684e2 8475->8476 8478 36b7d0 __NMSG_WRITE 55 API calls 8475->8478 8598 3666e4 8476->8598 8480 3683ce 8478->8480 8479 36854b 8479->8452 8481 3684e7 GetStdHandle 8480->8481 8482 36b7d0 __NMSG_WRITE 55 API calls 8480->8482 8481->8476 8485 3684f5 _strlen 8481->8485 8483 3683df 8482->8483 8483->8481 8484 3683f1 8483->8484 8484->8476 8546 367d92 8484->8546 8485->8476 8487 36852e WriteFile 8485->8487 8487->8476 8489 36841e GetModuleFileNameW 8491 36843e 8489->8491 8496 36844e __NMSG_WRITE 8489->8496 8490 36854f 8492 369d1b __invoke_watson 8 API calls 8490->8492 8493 367d92 __NMSG_WRITE 55 API calls 8491->8493 8494 368559 IsProcessorFeaturePresent 8492->8494 8493->8496 8502 368580 8494->8502 8495 368494 8495->8490 8564 367d26 8495->8564 8496->8490 8496->8495 8555 3673c1 8496->8555 8500 367d26 __NMSG_WRITE 55 API calls 8501 3684cb 8500->8501 8501->8490 8503 3684d2 8501->8503 8502->8452 8573 36c624 EncodePointer 8503->8573 8613 36803f GetModuleHandleExW 8505->8613 8511 36afc3 8508->8511 8510 36aff5 8510->8453 8510->8454 8511->8510 8617 36672b 8511->8617 8633 3699b3 Sleep 8511->8633 8634 36bb00 LeaveCriticalSection 8513->8634 8515 36bac5 8515->8451 8517 36b7da 8516->8517 8518 36b7e4 8517->8518 8519 367fa3 __cftoa_l 59 API calls 8517->8519 8518->8467 8520 36b800 8519->8520 8523 369d0b 8520->8523 8526 369ce0 DecodePointer 8523->8526 8527 369cf3 8526->8527 8532 369d1b IsProcessorFeaturePresent 8527->8532 8530 369ce0 __cftoa_l 8 API calls 8531 369d17 8530->8531 8531->8467 8533 369d26 8532->8533 8538 369bae 8533->8538 8537 369d0a 8537->8530 8539 369bc8 _memset ___raise_securityfailure 8538->8539 8540 369be8 IsDebuggerPresent 8539->8540 8541 3699d6 ___raise_securityfailure SetUnhandledExceptionFilter UnhandledExceptionFilter 8540->8541 8544 369cac ___raise_securityfailure 8541->8544 8542 3666e4 __cftof_l 6 API calls 8543 369ccf 8542->8543 8545 3699c1 GetCurrentProcess TerminateProcess 8543->8545 8544->8542 8545->8537 8547 367dab 8546->8547 8548 367d9d 8546->8548 8549 367fa3 __cftoa_l 59 API calls 8547->8549 8548->8547 8552 367dc4 8548->8552 8550 367db5 8549->8550 8551 369d0b __cftoa_l 9 API calls 8550->8551 8553 367dbf 8551->8553 8552->8553 8554 367fa3 __cftoa_l 59 API calls 8552->8554 8553->8489 8553->8490 8554->8550 8558 3673cf 8555->8558 8556 3673d3 8557 367fa3 __cftoa_l 59 API calls 8556->8557 8559 3673d8 8556->8559 8563 367403 8557->8563 8558->8556 8558->8559 8561 367412 8558->8561 8559->8495 8560 369d0b __cftoa_l 9 API calls 8560->8559 8561->8559 8562 367fa3 __cftoa_l 59 API calls 8561->8562 8562->8563 8563->8560 8565 367d40 8564->8565 8567 367d32 8564->8567 8566 367fa3 __cftoa_l 59 API calls 8565->8566 8568 367d4a 8566->8568 8567->8565 8571 367d6c 8567->8571 8569 369d0b __cftoa_l 9 API calls 8568->8569 8570 367d54 8569->8570 8570->8490 8570->8500 8571->8570 8572 367fa3 __cftoa_l 59 API calls 8571->8572 8572->8568 8574 36c658 ___crtIsPackagedApp 8573->8574 8575 36c717 IsDebuggerPresent 8574->8575 8576 36c667 LoadLibraryExW 8574->8576 8577 36c721 8575->8577 8578 36c73c 8575->8578 8579 36c6a4 GetProcAddress 8576->8579 8580 36c67e GetLastError 8576->8580 8583 36c72f 8577->8583 8584 36c728 OutputDebugStringW 8577->8584 8578->8583 8585 36c741 DecodePointer 8578->8585 8582 36c6b8 7 API calls 8579->8582 8588 36c734 8579->8588 8581 36c68d LoadLibraryExW 8580->8581 8580->8588 8581->8579 8581->8588 8586 36c714 8582->8586 8587 36c700 GetProcAddress EncodePointer 8582->8587 8583->8588 8592 36c768 DecodePointer DecodePointer 8583->8592 8596 36c780 8583->8596 8584->8583 8585->8588 8586->8575 8587->8586 8589 3666e4 __cftof_l 6 API calls 8588->8589 8594 36c806 8589->8594 8590 36c7a4 DecodePointer 8590->8588 8591 36c7b8 DecodePointer 8591->8590 8595 36c7bf 8591->8595 8592->8596 8594->8476 8595->8590 8597 36c7d0 DecodePointer 8595->8597 8596->8590 8596->8591 8597->8590 8599 3666ee IsProcessorFeaturePresent 8598->8599 8600 3666ec 8598->8600 8602 3670be 8599->8602 8600->8479 8605 36706d IsDebuggerPresent 8602->8605 8606 367082 ___raise_securityfailure 8605->8606 8611 3699d6 SetUnhandledExceptionFilter UnhandledExceptionFilter 8606->8611 8609 36708a ___raise_securityfailure 8612 3699c1 GetCurrentProcess TerminateProcess 8609->8612 8610 3670a7 8610->8479 8611->8609 8612->8610 8614 36806f ExitProcess 8613->8614 8615 368058 GetProcAddress 8613->8615 8615->8614 8616 36806a 8615->8616 8616->8614 8618 3667a6 8617->8618 8621 366737 8617->8621 8619 36800c _malloc DecodePointer 8618->8619 8620 3667ac 8619->8620 8622 367fa3 __cftoa_l 58 API calls 8620->8622 8623 368340 __FF_MSGBANNER 58 API calls 8621->8623 8624 36676a HeapAlloc 8621->8624 8626 36839d __NMSG_WRITE 58 API calls 8621->8626 8627 366792 8621->8627 8628 368073 _doexit 3 API calls 8621->8628 8629 36800c _malloc DecodePointer 8621->8629 8631 366790 8621->8631 8625 36679e 8622->8625 8623->8621 8624->8621 8624->8625 8625->8511 8626->8621 8630 367fa3 __cftoa_l 58 API calls 8627->8630 8628->8621 8629->8621 8630->8631 8632 367fa3 __cftoa_l 58 API calls 8631->8632 8632->8625 8633->8511 8634->8515 8635->8439 8636->8442 8640 36bb00 LeaveCriticalSection 8637->8640 8639 36b4a2 8639->8280 8640->8639 8642 3692eb EncodePointer 8641->8642 8642->8642 8643 369305 8642->8643 8643->8319 8647 367c15 8644->8647 8646 367d1c 8646->8321 8648 367c21 _doexit 8647->8648 8655 3681eb 8648->8655 8654 367c48 _doexit 8654->8646 8656 36b996 __lock 59 API calls 8655->8656 8657 367c2a 8656->8657 8658 367c59 DecodePointer DecodePointer 8657->8658 8659 367c86 8658->8659 8660 367c36 8658->8660 8659->8660 8672 369a97 8659->8672 8669 367c53 8660->8669 8662 367c98 8663 367ce9 EncodePointer EncodePointer 8662->8663 8664 367cbd 8662->8664 8679 36affc 8662->8679 8663->8660 8664->8660 8666 36affc __realloc_crt 62 API calls 8664->8666 8667 367cd7 EncodePointer 8664->8667 8668 367cd1 8666->8668 8667->8663 8668->8660 8668->8667 8706 3681f4 8669->8706 8673 369ab5 HeapSize 8672->8673 8674 369aa0 8672->8674 8673->8662 8675 367fa3 __cftoa_l 59 API calls 8674->8675 8676 369aa5 8675->8676 8677 369d0b __cftoa_l 9 API calls 8676->8677 8678 369ab0 8677->8678 8678->8662 8683 36b003 8679->8683 8681 36b040 8681->8664 8683->8681 8684 3699ec 8683->8684 8705 3699b3 Sleep 8683->8705 8685 3699f5 8684->8685 8686 369a00 8684->8686 8687 36672b _malloc 59 API calls 8685->8687 8688 369a08 8686->8688 8697 369a15 8686->8697 8689 3699fd 8687->8689 8690 3666f3 _free 59 API calls 8688->8690 8689->8683 8704 369a10 _free 8690->8704 8691 369a4d 8692 36800c _malloc DecodePointer 8691->8692 8694 369a53 8692->8694 8693 369a1d HeapReAlloc 8693->8697 8693->8704 8695 367fa3 __cftoa_l 59 API calls 8694->8695 8695->8704 8696 369a7d 8699 367fa3 __cftoa_l 59 API calls 8696->8699 8697->8691 8697->8693 8697->8696 8698 36800c _malloc DecodePointer 8697->8698 8701 369a65 8697->8701 8698->8697 8700 369a82 GetLastError 8699->8700 8700->8704 8702 367fa3 __cftoa_l 59 API calls 8701->8702 8703 369a6a GetLastError 8702->8703 8703->8704 8704->8683 8705->8683 8709 36bb00 LeaveCriticalSection 8706->8709 8708 367c58 8708->8654 8709->8708 8711 366580 8710->8711 8712 36658a CoInitialize 8710->8712 8711->8324 8713 36659c 8712->8713 8714 3665bd 8712->8714 8715 3665f4 8713->8715 8716 3665a4 GetModuleHandleW 8713->8716 8717 3665c1 GetCommandLineW 8714->8717 8715->8324 8716->8717 8718 3665b3 8716->8718 8726 366060 8717->8726 8718->8324 8720 3665d3 8721 3665d7 8720->8721 8722 3665e5 8720->8722 8758 3663e0 8721->8758 8722->8715 8725 3665ee CoUninitialize 8722->8725 8725->8715 8767 365f60 8726->8767 8728 36612d 8729 3666e4 __cftof_l 6 API calls 8728->8729 8730 36613c 8729->8730 8730->8720 8731 366190 8734 3661ba 8731->8734 8838 3656e0 8731->8838 8732 366600 6 API calls 8748 36609e 8732->8748 8737 3661c8 8734->8737 8845 366530 8734->8845 8735 3661df 8773 364f30 8735->8773 8738 3666e4 __cftof_l 6 API calls 8737->8738 8741 3661d9 8738->8741 8739 36620e 8746 366222 8739->8746 8823 3655e0 8739->8823 8741->8720 8743 3666e4 __cftof_l 6 API calls 8744 36624c 8743->8744 8744->8720 8745 366151 8832 366300 8745->8832 8746->8743 8748->8728 8748->8731 8748->8732 8748->8735 8748->8745 8750 366124 CharNextW 8748->8750 8753 366142 CharNextW 8748->8753 8754 36611d CharNextW 8748->8754 8750->8728 8750->8748 8751 36616e 8835 3663b0 8751->8835 8753->8728 8753->8748 8754->8748 8754->8750 8756 3666e4 __cftof_l 6 API calls 8757 36618a 8756->8757 8757->8720 9324 366260 8758->9324 8760 3663ee 8761 3663f9 8760->8761 9341 366430 GetMessageW 8760->9341 8762 366419 8761->8762 9345 365690 8761->9345 8762->8722 8765 366408 8765->8762 8766 366410 Sleep 8765->8766 8766->8762 8768 365f9f 8767->8768 8770 365f6d 8767->8770 8768->8748 8769 365f96 CharNextW 8769->8768 8769->8770 8770->8768 8770->8769 8771 365fa6 CharNextW 8770->8771 8772 365f8f CharNextW 8770->8772 8771->8748 8772->8769 8772->8770 8774 364fa2 8773->8774 8775 364f77 8773->8775 8776 364fb6 GetModuleFileNameW 8774->8776 8813 364fe2 8774->8813 8775->8774 8856 3620d0 8775->8856 8777 365003 8776->8777 8778 364fdd 8776->8778 8780 365037 8777->8780 8781 36500a 8777->8781 8873 362a10 GetLastError 8778->8873 8790 365056 GetModuleHandleW 8780->8790 8791 36506d 8780->8791 8884 361d10 8781->8884 8785 3666e4 __cftof_l 6 API calls 8787 364ffd 8785->8787 8787->8739 8789 361e90 60 API calls 8793 365020 8789->8793 8790->8791 8794 365062 8790->8794 8888 365260 8791->8888 8796 3666e4 __cftof_l 6 API calls 8793->8796 8797 3650ee 8794->8797 8800 365031 8796->8800 8848 3622b0 8797->8848 8798 3650c5 8798->8797 8808 36517e 8798->8808 8799 365098 8802 361d10 59 API calls 8799->8802 8800->8739 8805 3650a3 8802->8805 8803 365110 8804 36516c 8803->8804 8806 3622b0 64 API calls 8803->8806 8809 361d10 59 API calls 8804->8809 8807 361e90 60 API calls 8805->8807 8811 36512e 8806->8811 8812 3650ae 8807->8812 8895 3671a5 8808->8895 8809->8813 8811->8804 8816 365167 8811->8816 8817 365150 8811->8817 8815 3666e4 __cftof_l 6 API calls 8812->8815 8875 361e90 8813->8875 8818 3650bf 8815->8818 8892 364cf0 8816->8892 8853 364c90 8817->8853 8818->8739 8822 361d10 59 API calls 8822->8813 8824 3655ec 8823->8824 8828 3655f8 8823->8828 8824->8746 8825 36566b 8826 36567f 8825->8826 9182 365d40 8825->9182 8826->8746 8828->8825 8828->8826 8829 365642 8828->8829 9179 361b90 8828->9179 8829->8826 8829->8828 9204 365a20 8829->9204 8833 364f30 143 API calls 8832->8833 8834 366168 8833->8834 8834->8737 8834->8751 8836 3655e0 160 API calls 8835->8836 8837 366179 8836->8837 8837->8756 8839 3656ec 8838->8839 8843 3656f8 8838->8843 8839->8734 8840 36576b 8841 36577f 8840->8841 9317 365ea0 8840->9317 8841->8734 8843->8840 8843->8841 8844 365a20 76 API calls 8843->8844 8844->8843 8846 364f30 143 API calls 8845->8846 8847 366565 8846->8847 8847->8737 8849 36231a 8848->8849 8850 3622d9 8848->8850 8849->8803 8850->8849 8851 3620d0 64 API calls 8850->8851 8852 3622fb 8851->8852 8852->8803 8898 3642b0 LoadLibraryExW 8853->8898 8857 362230 8856->8857 8858 362106 8856->8858 8857->8775 8858->8857 8858->8858 9119 367318 8858->9119 8860 36214a 8861 367318 60 API calls 8860->8861 8862 362195 8861->8862 8864 3621e5 8862->8864 9123 367342 8862->9123 8864->8775 8865 3621b8 8866 362970 RaiseException 8865->8866 8867 3621be 8866->8867 8868 367342 _memcpy_s 59 API calls 8867->8868 8869 3621cc 8868->8869 8870 362970 RaiseException 8869->8870 8871 3621d2 8870->8871 9137 362060 8871->9137 8874 362a1a 8873->8874 8874->8813 9165 362cf0 8875->9165 8877 361ece 8878 362cf0 60 API calls 8877->8878 8879 361edf 8878->8879 8880 3666f3 _free 59 API calls 8879->8880 8882 361eeb 8879->8882 8880->8882 8881 361f01 8881->8785 8882->8881 8883 3666f3 _free 59 API calls 8882->8883 8883->8881 8885 361d2c 8884->8885 8886 361d18 8884->8886 8885->8789 8886->8885 8887 3666f3 _free 59 API calls 8886->8887 8887->8886 8889 36526a 8888->8889 8890 367342 _memcpy_s 59 API calls 8889->8890 8891 365091 8890->8891 8891->8798 8891->8799 8893 3642b0 135 API calls 8892->8893 8894 364d38 8893->8894 8894->8804 9175 3671b1 IsProcessorFeaturePresent 8895->9175 8899 36433e LoadLibraryExW 8898->8899 8900 36435c FindResourceW 8898->8900 8899->8900 8901 364350 8899->8901 8902 364375 8900->8902 8903 36437f LoadResource 8900->8903 8907 362a10 GetLastError 8901->8907 8904 362a10 GetLastError 8902->8904 8905 364393 8903->8905 8906 36439d SizeofResource 8903->8906 8909 36437a 8904->8909 8908 362a10 GetLastError 8905->8908 8906->8909 8910 3643be 8906->8910 8911 364355 8907->8911 8908->8909 8909->8911 8913 364445 FreeLibrary 8909->8913 8924 362840 8910->8924 8914 364465 8911->8914 8948 363220 8911->8948 8913->8911 8916 3666e4 __cftof_l 6 API calls 8914->8916 8915 3643ce 8915->8909 8919 3643ff MultiByteToWideChar 8915->8919 8918 36448a 8916->8918 8918->8822 8920 36441f 8919->8920 8921 364418 8919->8921 8933 364150 8920->8933 8923 362a10 GetLastError 8921->8923 8923->8909 8925 362855 8924->8925 8926 362879 8924->8926 8925->8926 8927 36285a 8925->8927 8957 362bc0 8926->8957 8929 36286f 8927->8929 8951 362890 8927->8951 8929->8915 8934 36415d __write_nolock 8933->8934 8963 363c50 8934->8963 8936 3641f4 8937 3666e4 __cftof_l 6 API calls 8936->8937 8939 364200 8937->8939 8938 3641e6 CoTaskMemFree 8938->8936 8939->8909 8940 363a10 7 API calls 8944 364187 8940->8944 8941 3641e0 8941->8938 8942 3641c0 lstrcmpiW 8942->8944 8943 364490 107 API calls 8943->8944 8944->8936 8944->8938 8944->8940 8944->8941 8944->8942 8944->8943 8945 36425a 8944->8945 9031 364e90 8944->9031 8988 364490 8945->8988 8949 3666f3 _free 59 API calls 8948->8949 8950 363227 8949->8950 8950->8914 8952 36672b _malloc 59 API calls 8951->8952 8953 36289e 8952->8953 8954 362868 8953->8954 8955 362bc0 RaiseException 8953->8955 8954->8915 8956 3628b6 8955->8956 8960 367712 8957->8960 8959 362bd7 8961 367731 RaiseException 8960->8961 8961->8959 8964 363ef6 8963->8964 8967 363c8e 8963->8967 8965 3666e4 __cftof_l 6 API calls 8964->8965 8966 363f13 8965->8966 8966->8944 8967->8964 8968 363cd8 CoTaskMemAlloc 8967->8968 8983 363ce6 _wcsstr 8967->8983 8968->8983 8969 363e1c CoTaskMemFree 8969->8964 8970 363ed8 CoTaskMemFree 8970->8964 8971 363dfe CharNextW 8971->8983 8972 3628c0 61 API calls 8972->8983 8973 363d92 CharNextW 8975 363da6 CharNextW 8973->8975 8973->8983 9040 3628c0 8975->9040 8976 363e9d CharNextW 8976->8970 8976->8983 8978 363d4c CharNextW CharNextW CharNextW CharNextW 9035 362330 8978->9035 8979 363eb4 CoTaskMemFree 8979->8964 8981 363ec6 CoTaskMemFree 8981->8964 8982 3673c1 __NMSG_WRITE 59 API calls 8982->8983 8983->8969 8983->8970 8983->8971 8983->8972 8983->8973 8983->8976 8983->8978 8983->8979 8983->8981 8983->8982 8984 362330 61 API calls 8983->8984 8987 363e90 CharNextW 8983->8987 9047 364ee0 8983->9047 9053 362970 8983->9053 9062 3639b0 8983->9062 8984->8983 8987->8983 8987->8987 8989 3644ab __write_nolock 8988->8989 9073 363a10 8989->9073 8991 364b85 8992 3666e4 __cftof_l 6 API calls 8991->8992 8995 364b9f 8992->8995 8993 364520 lstrcmpiW lstrcmpiW 9014 36450c 8993->9014 8994 364b7e RegCloseKey 8994->8991 8995->8941 8996 36466f lstrcmpiW 8997 36469d lstrcmpiW 8996->8997 8996->9014 8997->9014 8998 363a10 7 API calls 8998->9014 8999 364818 CharNextW 8999->9014 9000 3645c6 lstrcmpiW 9000->9014 9001 363ba0 GetModuleHandleW GetProcAddress RegOpenKeyExW RegCloseKey 9001->9014 9002 3645a6 CharNextW 9002->9014 9003 364b0d 9005 361e70 RegCloseKey 9003->9005 9004 3673c1 __NMSG_WRITE 59 API calls 9004->9014 9019 364a13 9005->9019 9006 362970 RaiseException 9006->9014 9007 364b1f 9008 361e70 RegCloseKey 9007->9008 9008->9019 9009 364e20 13 API calls 9009->9014 9011 3623e0 75 API calls 9011->9014 9012 364b2c 9013 361e70 RegCloseKey 9012->9013 9013->9019 9014->8991 9014->8993 9014->8996 9014->8997 9014->8998 9014->8999 9014->9000 9014->9001 9014->9002 9014->9003 9014->9004 9014->9006 9014->9007 9014->9009 9014->9011 9014->9012 9015 3647b1 RegDeleteValueW 9014->9015 9016 364b39 9014->9016 9014->9019 9020 363660 RegQueryInfoKeyW 9014->9020 9021 364490 96 API calls 9014->9021 9022 364a89 RegCloseKey 9014->9022 9025 364000 20 API calls 9014->9025 9026 3647c9 9014->9026 9088 362dd0 9014->9088 9098 362be0 9014->9098 9015->9026 9018 361e70 RegCloseKey 9016->9018 9017 3647d6 RegCloseKey 9017->9026 9018->9019 9019->8991 9019->8994 9020->9014 9021->9014 9022->9014 9025->9014 9026->9014 9026->9016 9026->9017 9027 364b51 9026->9027 9103 3630f0 9026->9103 9116 361e70 9026->9116 9029 361e70 RegCloseKey 9027->9029 9030 364b67 9029->9030 9030->9019 9032 364e93 9031->9032 9033 364eb9 9032->9033 9034 364eae CharNextW 9032->9034 9033->8944 9034->9032 9036 362372 9035->9036 9037 36235d 9035->9037 9038 3628c0 61 API calls 9036->9038 9037->8983 9039 36239d 9038->9039 9039->8983 9041 362961 9040->9041 9042 3628d7 9040->9042 9041->8983 9042->9041 9043 362919 9042->9043 9044 36290b CoTaskMemRealloc 9042->9044 9043->9041 9068 365240 9043->9068 9044->9041 9044->9043 9048 364ef0 9047->9048 9049 364eed 9047->9049 9050 364f1b 9048->9050 9051 364f09 CharNextW 9048->9051 9049->8983 9050->8983 9051->9048 9052 364f14 9051->9052 9052->8983 9054 3629a1 9053->9054 9055 36297b 9053->9055 9058 362bc0 RaiseException 9054->9058 9055->9054 9056 362997 9055->9056 9057 362989 9055->9057 9059 362bc0 RaiseException 9055->9059 9060 362bc0 RaiseException 9056->9060 9057->8983 9061 3629ab 9058->9061 9059->9056 9060->9054 9063 3639bf 9062->9063 9067 3639d9 9062->9067 9064 3639c2 lstrcmpiW 9063->9064 9063->9067 9064->9063 9065 3639e2 9064->9065 9066 3639fd RaiseException 9065->9066 9065->9067 9067->8983 9069 367342 _memcpy_s 59 API calls 9068->9069 9070 365254 9069->9070 9071 362970 RaiseException 9070->9071 9072 362948 9071->9072 9072->8983 9074 364e90 CharNextW 9073->9074 9075 363a21 9074->9075 9076 363a2d 9075->9076 9077 363a4f CharNextW 9075->9077 9083 363b00 9075->9083 9076->9014 9087 363a5a 9077->9087 9078 363b1b CharNextW 9080 363b6d 9078->9080 9078->9083 9079 363b5f 9079->9014 9080->9014 9081 363ada 9081->9080 9082 363ae7 CharNextW 9081->9082 9082->9014 9083->9078 9083->9079 9084 363a6d CharNextW 9084->9081 9084->9087 9085 363a86 CharNextW 9085->9080 9085->9087 9086 363a81 CharNextW 9086->9085 9087->9081 9087->9084 9087->9085 9087->9086 9089 362e44 RegCreateKeyExW 9088->9089 9090 362dea 9088->9090 9096 362e3d 9089->9096 9091 362e37 9090->9091 9092 362def GetModuleHandleW 9090->9092 9091->9089 9091->9096 9093 362e05 GetProcAddress 9092->9093 9095 362dfe 9092->9095 9093->9095 9093->9096 9094 362e8b 9094->9014 9095->9096 9096->9094 9097 362e7c RegCloseKey 9096->9097 9097->9094 9099 362bf4 lstrcmpiW 9098->9099 9100 362c14 9099->9100 9101 362bfd 9099->9101 9100->9014 9101->9099 9102 362c08 9101->9102 9102->9014 9104 3630fe 9103->9104 9105 363159 9103->9105 9108 363105 GetModuleHandleW 9104->9108 9109 363138 9104->9109 9106 363162 GetModuleHandleW 9105->9106 9107 36318b 9105->9107 9106->9107 9113 363171 GetProcAddress 9106->9113 9114 3631b4 RegDeleteKeyW 9107->9114 9115 3631a2 9107->9115 9110 363114 GetProcAddress 9108->9110 9111 363124 9108->9111 9109->9111 9112 36313e RegDeleteKeyW 9109->9112 9110->9111 9111->9026 9112->9026 9113->9107 9114->9026 9115->9026 9117 361e86 9116->9117 9118 361e79 RegCloseKey 9116->9118 9117->9014 9118->9117 9120 3672ea __EH_prolog3_catch 9119->9120 9142 369aee 9120->9142 9122 367302 9122->8860 9124 367351 9123->9124 9128 36734d _memmove 9123->9128 9125 367358 9124->9125 9129 36736b _memset 9124->9129 9126 367fa3 __cftoa_l 59 API calls 9125->9126 9127 36735d 9126->9127 9130 369d0b __cftoa_l 9 API calls 9127->9130 9128->8865 9129->9128 9131 3673a2 9129->9131 9132 367399 9129->9132 9130->9128 9131->9128 9135 367fa3 __cftoa_l 59 API calls 9131->9135 9133 367fa3 __cftoa_l 59 API calls 9132->9133 9134 36739e 9133->9134 9136 369d0b __cftoa_l 9 API calls 9134->9136 9135->9134 9136->9128 9156 367281 9137->9156 9139 362074 9140 367281 __recalloc 63 API calls 9139->9140 9141 36207b 9139->9141 9140->9141 9141->8864 9143 369af6 9142->9143 9144 36672b _malloc 59 API calls 9143->9144 9145 369b10 9143->9145 9146 36800c _malloc DecodePointer 9143->9146 9147 369b14 std::exception::exception 9143->9147 9144->9143 9145->9122 9146->9143 9148 367712 __CxxThrowException@8 RaiseException 9147->9148 9149 369b3e 9148->9149 9152 36dd05 9149->9152 9151 369b50 9151->9122 9153 36dda6 9152->9153 9154 3666f3 _free 59 API calls 9153->9154 9155 36ddb7 9153->9155 9154->9155 9155->9151 9157 36728f 9156->9157 9158 3672aa 9156->9158 9157->9158 9159 36729b 9157->9159 9160 3672bc 9158->9160 9163 369a97 __recalloc 60 API calls 9158->9163 9162 367fa3 __cftoa_l 59 API calls 9159->9162 9161 3699ec __recalloc 62 API calls 9160->9161 9164 3672a0 _memset 9161->9164 9162->9164 9163->9160 9164->9139 9166 362d2f 9165->9166 9174 362cfb 9165->9174 9167 3666f3 _free 59 API calls 9166->9167 9169 362d3b 9166->9169 9167->9169 9168 362d51 9168->8877 9169->9168 9171 3666f3 _free 59 API calls 9169->9171 9170 362d67 RaiseException 9172 362cf0 59 API calls 9170->9172 9171->9168 9173 362d8e 9172->9173 9173->8877 9174->9166 9174->9170 9176 3671c5 9175->9176 9177 36706d ___raise_securityfailure 5 API calls 9176->9177 9178 365183 9177->9178 9180 364f30 143 API calls 9179->9180 9181 361ba5 9180->9181 9181->8828 9255 365830 9182->9255 9184 365e5c SysFreeString 9186 3666e4 __cftof_l 6 API calls 9184->9186 9188 365e85 9186->9188 9187 365d83 9187->9184 9189 365dbb SysStringLen 9187->9189 9200 365e02 9187->9200 9188->8826 9193 3673c1 __NMSG_WRITE 59 API calls 9189->9193 9190 365e3a 9192 365e3f RegisterTypeLib SysFreeString 9190->9192 9191 365e1b GetModuleHandleW 9191->9190 9194 365e2a GetProcAddress 9191->9194 9192->9184 9195 365dda 9193->9195 9194->9190 9194->9192 9196 362970 RaiseException 9195->9196 9197 365de0 9196->9197 9289 3657e0 9197->9289 9199 365df5 9199->9200 9201 365e8b 9199->9201 9200->9190 9200->9191 9202 3671a5 6 API calls 9201->9202 9203 365e90 9202->9203 9205 365a4c 9204->9205 9206 365d04 9204->9206 9205->9206 9207 365a7b CoCreateInstance 9205->9207 9208 3666e4 __cftof_l 6 API calls 9206->9208 9207->9206 9211 365a9e 9207->9211 9210 365d25 9208->9210 9209 365b1c StringFromGUID2 9212 367d92 __NMSG_WRITE 59 API calls 9209->9212 9210->8829 9211->9206 9211->9209 9213 365b48 9212->9213 9214 362970 RaiseException 9213->9214 9215 365b4e 9214->9215 9216 367d26 __NMSG_WRITE 59 API calls 9215->9216 9217 365b66 9216->9217 9218 362970 RaiseException 9217->9218 9219 365b6c 9218->9219 9220 367d26 __NMSG_WRITE 59 API calls 9219->9220 9221 365b82 9220->9221 9222 362970 RaiseException 9221->9222 9223 365b88 9222->9223 9304 363ba0 9223->9304 9226 365c23 9229 367d92 __NMSG_WRITE 59 API calls 9226->9229 9227 365bdf RegQueryInfoKeyW 9314 362da0 9227->9314 9231 365c39 9229->9231 9230 365c05 9230->9226 9234 3630f0 6 API calls 9230->9234 9232 362970 RaiseException 9231->9232 9233 365c3f 9232->9233 9235 367d26 __NMSG_WRITE 59 API calls 9233->9235 9234->9226 9236 365c57 9235->9236 9237 362970 RaiseException 9236->9237 9238 365c5d 9237->9238 9239 367d26 __NMSG_WRITE 59 API calls 9238->9239 9240 365c73 9239->9240 9241 362970 RaiseException 9240->9241 9242 365c79 9241->9242 9243 363ba0 4 API calls 9242->9243 9244 365c98 9243->9244 9245 365ce3 9244->9245 9246 365c9c RegQueryInfoKeyW 9244->9246 9248 361e70 RegCloseKey 9245->9248 9247 362da0 RegCloseKey 9246->9247 9250 365cc5 9247->9250 9249 365cee 9248->9249 9251 361e70 RegCloseKey 9249->9251 9250->9245 9254 3630f0 6 API calls 9250->9254 9252 365cf9 9251->9252 9253 361d10 59 API calls 9252->9253 9253->9206 9254->9245 9256 365a05 9255->9256 9257 36585f 9255->9257 9259 3666e4 __cftof_l 6 API calls 9256->9259 9257->9256 9258 365867 GetModuleFileNameW 9257->9258 9260 3658a7 9258->9260 9261 36588d 9258->9261 9262 365a16 9259->9262 9264 3658af 9260->9264 9265 3658c9 9260->9265 9263 362a10 GetLastError 9261->9263 9262->9187 9267 365892 9263->9267 9268 3666e4 __cftof_l 6 API calls 9264->9268 9294 365790 9265->9294 9270 3666e4 __cftof_l 6 API calls 9267->9270 9271 3658c3 9268->9271 9269 3658d5 9272 365933 LoadTypeLib 9269->9272 9276 365981 9269->9276 9299 3666b0 9269->9299 9273 3658a1 9270->9273 9271->9187 9274 3659ca SysAllocString 9272->9274 9275 36594b 9272->9275 9273->9187 9282 3659dd 9274->9282 9275->9276 9277 36599b 9275->9277 9280 3666e4 __cftof_l 6 API calls 9276->9280 9278 367d92 __NMSG_WRITE 59 API calls 9277->9278 9281 3659ad 9278->9281 9279 3666e4 __cftof_l 6 API calls 9283 3659ff 9279->9283 9284 365995 9280->9284 9285 362970 RaiseException 9281->9285 9282->9279 9283->9187 9284->9187 9286 3659b3 LoadTypeLib 9285->9286 9286->9274 9286->9282 9290 3657eb 9289->9290 9293 3657f2 9289->9293 9290->9199 9291 365823 9291->9199 9292 365800 CharNextW 9292->9293 9293->9291 9293->9292 9295 36579a 9294->9295 9297 36579c 9294->9297 9295->9269 9296 3657ce 9296->9269 9297->9296 9298 3657c3 CharNextW 9297->9298 9298->9296 9298->9297 9300 367d92 __NMSG_WRITE 59 API calls 9299->9300 9301 3666c1 9300->9301 9302 362970 RaiseException 9301->9302 9303 365930 9302->9303 9303->9272 9305 363c07 RegOpenKeyExW 9304->9305 9306 363bba 9304->9306 9309 363c00 9305->9309 9307 363bbf GetModuleHandleW 9306->9307 9308 363bfa 9306->9308 9310 363bd5 GetProcAddress 9307->9310 9311 363bce 9307->9311 9308->9305 9308->9309 9312 363c26 RegCloseKey 9309->9312 9313 363c35 9309->9313 9310->9309 9310->9311 9311->9309 9312->9313 9313->9226 9313->9227 9315 362dbf 9314->9315 9316 362da9 RegCloseKey 9314->9316 9315->9230 9316->9230 9318 365830 66 API calls 9317->9318 9320 365ec8 9318->9320 9321 365eea GetModuleHandleW 9320->9321 9322 365f0b SysFreeString 9320->9322 9321->9322 9323 365ef9 GetProcAddress 9321->9323 9322->8841 9323->9322 9350 365590 9324->9350 9326 366272 9327 3662ee 9326->9327 9328 3662d0 CoResumeClassObjects 9326->9328 9329 366281 9326->9329 9327->8760 9330 3662d8 9328->9330 9355 366490 CreateEventW 9329->9355 9330->9327 9333 365690 CoRevokeClassObject 9330->9333 9332 366288 9334 3662a5 CoResumeClassObjects 9332->9334 9335 36628e 9332->9335 9338 3662e6 9333->9338 9336 3662c7 CloseHandle 9334->9336 9337 3662b1 SetEvent WaitForSingleObject 9334->9337 9339 365690 CoRevokeClassObject 9335->9339 9336->9330 9337->9336 9338->8760 9340 36629d 9339->9340 9340->8760 9342 36647c 9341->9342 9343 36644d 9341->9343 9342->8761 9344 366460 TranslateMessage DispatchMessageW GetMessageW 9343->9344 9344->9342 9344->9344 9346 36569b 9345->9346 9348 3656a5 9345->9348 9346->8765 9347 3656d6 9347->8765 9348->9347 9349 3656cb CoRevokeClassObject 9348->9349 9349->9348 9351 3655a5 9350->9351 9352 36559b 9350->9352 9353 3655d5 9351->9353 9360 366340 9351->9360 9352->9326 9353->9326 9356 3664b1 CreateThread 9355->9356 9357 3664ac 9355->9357 9358 3664ce CloseHandle 9356->9358 9359 3664da 9356->9359 9357->9332 9358->9359 9359->9332 9361 366356 9360->9361 9362 36635d 9360->9362 9361->9351 9363 366372 CoRegisterClassObject 9362->9363 9364 36638c 9362->9364 9363->9364 9364->9351 9366 368209 _doexit 9365->9366 9367 36b996 __lock 52 API calls 9366->9367 9368 368210 9367->9368 9369 3682c9 _doexit 9368->9369 9370 36823e DecodePointer 9368->9370 9385 368317 9369->9385 9370->9369 9372 368255 DecodePointer 9370->9372 9374 368265 9372->9374 9374->9369 9377 368272 EncodePointer 9374->9377 9381 368282 DecodePointer EncodePointer 9374->9381 9376 368326 _doexit 9376->8327 9377->9374 9378 36830e 9379 368073 _doexit 3 API calls 9378->9379 9380 368317 9379->9380 9382 368324 9380->9382 9390 36bb00 LeaveCriticalSection 9380->9390 9383 368294 DecodePointer DecodePointer 9381->9383 9382->8327 9383->9374 9386 3682f7 9385->9386 9387 36831d 9385->9387 9386->9376 9389 36bb00 LeaveCriticalSection 9386->9389 9391 36bb00 LeaveCriticalSection 9387->9391 9389->9378 9390->9382 9391->9386 9393 3681fd _doexit 59 API calls 9392->9393 9394 3680a4 9393->9394 11273 3643d6 11274 3643e8 11273->11274 11275 3643ff MultiByteToWideChar 11274->11275 11282 3643f8 11274->11282 11276 36441f 11275->11276 11277 364418 11275->11277 11278 364150 127 API calls 11276->11278 11281 362a10 GetLastError 11277->11281 11278->11282 11279 364445 FreeLibrary 11280 36444c 11279->11280 11283 364465 11280->11283 11285 363220 59 API calls 11280->11285 11281->11282 11282->11279 11282->11280 11284 3666e4 __cftof_l 6 API calls 11283->11284 11286 36448a 11284->11286 11285->11283 10961 369d46 10962 369d52 _doexit 10961->10962 10963 369d6b 10962->10963 10965 369e5a _doexit 10962->10965 10966 3666f3 _free 59 API calls 10962->10966 10964 369d7a 10963->10964 10967 3666f3 _free 59 API calls 10963->10967 10968 369d89 10964->10968 10969 3666f3 _free 59 API calls 10964->10969 10966->10963 10967->10964 10970 3666f3 _free 59 API calls 10968->10970 10971 369d98 10968->10971 10969->10968 10970->10971 10972 369da7 10971->10972 10974 3666f3 _free 59 API calls 10971->10974 10973 369db6 10972->10973 10975 3666f3 _free 59 API calls 10972->10975 10976 369dc5 10973->10976 10977 3666f3 _free 59 API calls 10973->10977 10974->10972 10975->10973 10978 369dd7 10976->10978 10979 3666f3 _free 59 API calls 10976->10979 10977->10976 10980 36b996 __lock 59 API calls 10978->10980 10979->10978 10983 369ddf 10980->10983 10981 369e02 10993 369e66 10981->10993 10983->10981 10985 3666f3 _free 59 API calls 10983->10985 10985->10981 10986 36b996 __lock 59 API calls 10991 369e16 ___removelocaleref 10986->10991 10987 369e47 10996 369e72 10987->10996 10990 3666f3 _free 59 API calls 10990->10965 10991->10987 10992 36c89f ___freetlocinfo 59 API calls 10991->10992 10992->10987 10999 36bb00 LeaveCriticalSection 10993->10999 10995 369e0f 10995->10986 11000 36bb00 LeaveCriticalSection 10996->11000 10998 369e54 10998->10990 10999->10995 11000->10998 11288 367bc7 11291 367b9b 11288->11291 11290 367bd2 11294 36aefc 11291->11294 11293 367ba7 11293->11290 11295 36af08 _doexit 11294->11295 11296 36b996 __lock 59 API calls 11295->11296 11299 36af0f 11296->11299 11297 36af49 11304 36af64 11297->11304 11299->11297 11300 36af40 11299->11300 11303 3666f3 _free 59 API calls 11299->11303 11302 3666f3 _free 59 API calls 11300->11302 11301 36af5a _doexit 11301->11293 11302->11297 11303->11300 11307 36bb00 LeaveCriticalSection 11304->11307 11306 36af6b 11306->11301 11307->11306

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 355 3642b0-36433c LoadLibraryExW 356 36433e-36434e LoadLibraryExW 355->356 357 36435c-364373 FindResourceW 355->357 356->357 358 364350-364357 call 362a10 356->358 359 364375-36437a call 362a10 357->359 360 36437f-364391 LoadResource 357->360 374 36444c-364458 358->374 370 36443f 359->370 362 364393-364398 call 362a10 360->362 363 36439d-3643b2 SizeofResource 360->363 362->370 367 3643b4-3643b9 363->367 368 3643be-3643f6 call 362840 363->368 372 364441-364443 367->372 384 3643ff-364416 MultiByteToWideChar 368->384 385 3643f8-3643fd 368->385 370->372 372->374 375 364445-364446 FreeLibrary 372->375 376 364470-36448d call 3666e4 374->376 377 36445a-364465 call 363220 374->377 375->374 377->376 386 36441f-36443a call 364150 384->386 387 364418-36441d call 362a10 384->387 385->372 386->370 387->370
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000060,C1C9A069), ref: 00364330
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 00364342
                                                                                                                                                                                                  • FindResourceW.KERNEL32(00000000,?,?), ref: 00364369
                                                                                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000), ref: 00364381
                                                                                                                                                                                                    • Part of subcall function 00362A10: GetLastError.KERNEL32(0036441D), ref: 00362A10
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 00364446
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LibraryLoad$Resource$ErrorFindFreeLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 328770362-0
                                                                                                                                                                                                  • Opcode ID: ef3f3eb920e6cbb64b996a1c2edd4d8b1b0250b5c0a5d7a42ef56b16b4a9ba90
                                                                                                                                                                                                  • Instruction ID: 5b4b2265c1b3c695b85b90d53cca5f263748d6214812cb94b3e322ac4621c864
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef3f3eb920e6cbb64b996a1c2edd4d8b1b0250b5c0a5d7a42ef56b16b4a9ba90
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 384183B1D00228DBCB23DF55CC45BAEBBB8EF48710F11C0A9E909A7245DB704E849FA5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: :7
                                                                                                                                                                                                  • API String ID: 0-2032529386
                                                                                                                                                                                                  • Opcode ID: 46155c6c8b47b9464e6a1e6217092b2684f92c4b22d83982f5313e8ffea1de71
                                                                                                                                                                                                  • Instruction ID: cb6fcbed60c708ae4a3191fb56c3bfd736e847c8f34536b65bdeb66b2b7d2100
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46155c6c8b47b9464e6a1e6217092b2684f92c4b22d83982f5313e8ffea1de71
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AB0127510010C538A027D91A4439167EAD8641350B408012FB06052565A43AC7064B6

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 364490-364510 call 367b70 call 363a10 5 364516-36451a 0->5 6 364b87-364ba2 call 3666e4 0->6 8 364b74-364b7c 5->8 9 364520-364549 lstrcmpiW * 2 5->9 10 364b85 8->10 11 364b7e-364b7f RegCloseKey 8->11 13 364553-364563 call 363a10 9->13 14 36454b-36454d 9->14 10->6 11->10 13->8 23 364569-36456d 13->23 14->13 15 36466f-364683 lstrcmpiW 14->15 17 364685-364697 call 363a10 15->17 18 36469d-3646ab lstrcmpiW 15->18 17->8 17->18 21 3646b1-3646c3 call 363a10 18->21 22 364808-364810 18->22 21->8 43 3646c9-3646d5 call 363a10 21->43 24 364812-364816 22->24 25 364833-364837 22->25 23->15 28 364573-364599 23->28 29 36482b-36482d 24->29 30 364818-364827 CharNextW 24->30 31 36491f-364923 25->31 32 36483d-364857 call 363ba0 25->32 34 3645c1 28->34 35 36459b 28->35 29->25 41 364b18-364b1d 29->41 30->24 39 364829 30->39 37 364944 31->37 38 364925-364940 call 363ba0 31->38 59 364891-36489d call 363a10 32->59 60 364859-36486d call 363ba0 32->60 40 3645c6-3645d1 lstrcmpiW 34->40 36 3645a0-3645a4 35->36 44 3645a6-3645b5 CharNextW 36->44 45 3645b9-3645bb 36->45 49 364949 37->49 38->49 63 364942 38->63 39->25 47 3645d3-3645dc 40->47 48 364628-36462a 40->48 41->8 43->8 69 3646db-3646df 43->69 44->36 52 3645b7 44->52 45->34 53 364b0d-364b13 call 361e70 45->53 47->40 55 3645de-364605 call 364000 47->55 57 364665 48->57 58 36462c-36463e call 363a10 48->58 56 364950-36497d call 3673c1 call 362970 call 363a10 49->56 52->34 53->41 71 36460a-36461e 55->71 56->8 114 364983-364993 call 364e20 56->114 57->15 80 364644-364650 call 364e20 58->80 81 364b1f-364b2a call 361e70 58->81 59->8 78 3648a3-3648a7 59->78 60->59 82 36486f-364884 call 362dd0 60->82 63->56 69->41 75 3646e5-3646e9 69->75 71->48 76 364760-364764 75->76 77 3646eb-364720 call 3623e0 75->77 85 3647f1-3647fd call 364e20 76->85 86 36476a-364771 76->86 95 364725-364747 77->95 87 3648c4-3648c8 78->87 88 3648a9-3648b5 call 3623e0 78->88 80->81 104 364656-364660 80->104 81->8 93 364889-36488b 82->93 85->8 113 364803 85->113 86->85 96 364773-3647ab call 363ba0 86->96 98 364b01-364b05 87->98 99 3648ce-3648d0 87->99 109 3648ba-3648be 88->109 93->59 105 364b69 93->105 106 364b2c-364b37 call 361e70 95->106 107 36474d-36475b 95->107 121 3647b1-3647c7 RegDeleteValueW 96->121 122 364b39-364b4f call 362a30 call 361e70 96->122 98->9 111 364b0b 98->111 110 3648d3-3648dc 99->110 104->87 112 364b6a-364b72 call 362a30 105->112 106->8 107->87 109->8 109->87 110->110 117 3648de-3648e5 110->117 111->8 112->8 113->98 114->8 130 364999-36499d 114->130 117->98 123 3648eb-3648f9 call 364490 117->123 127 3647d2-3647d4 121->127 128 3647c9-3647cc 121->128 122->8 134 3648fe-364902 123->134 132 3647d6-3647dd RegCloseKey 127->132 133 3647e7 127->133 128->122 128->127 135 3649f5-364a01 130->135 136 36499f-3649a1 130->136 132->133 133->85 134->8 138 364908-364914 call 363a10 134->138 135->98 139 364a07-364a09 135->139 141 3649a4-3649ad 136->141 138->8 148 36491a 138->148 143 364a0b-364a0d 139->143 144 364a19-364a21 139->144 141->141 146 3649af-3649b6 141->146 143->98 147 364a13-364a14 143->147 149 364a23-364a32 call 363660 144->149 150 364a6e-364a87 call 363660 144->150 146->135 151 3649b8-3649d3 call 364490 146->151 147->112 148->98 149->150 160 364a34-364a44 call 362be0 149->160 158 364a98-364aa4 150->158 159 364a89-364a92 RegCloseKey 150->159 161 3649d5-3649d9 151->161 162 3649df-3649ef call 363a10 151->162 158->105 163 364aaa-364ab0 158->163 159->158 160->98 170 364a4a-364a51 160->170 161->8 161->162 162->8 162->135 163->98 166 364ab2-364ab4 163->166 166->98 169 364ab6-364af4 call 3630f0 166->169 175 364af6-364afc call 361e70 169->175 176 364b51-364b67 call 362a30 call 361e70 169->176 170->98 172 364a57-364a69 call 364000 170->172 172->98 175->98 176->8
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,Delete,00000000), ref: 00364530
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,ForceRemove), ref: 00364541
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000), ref: 003645A7
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,L57,?,?,00000000), ref: 003645C9
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,NoRemove,00000000), ref: 00364675
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,Val), ref: 003646A3
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000), ref: 00364B7F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrcmpi$CharCloseNext
                                                                                                                                                                                                  • String ID: Delete$ForceRemove$L57$NoRemove$Val
                                                                                                                                                                                                  • API String ID: 2333018020-1193777305
                                                                                                                                                                                                  • Opcode ID: d358bc1d46d5a2d54ffb4e54cdec6ca37a34cf70d622e21b3001819d7b9f0f6a
                                                                                                                                                                                                  • Instruction ID: 48e450b618656b8a7090b8d24abf3d8dbeacde7a596a93a027256d228f89e930
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d358bc1d46d5a2d54ffb4e54cdec6ca37a34cf70d622e21b3001819d7b9f0f6a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1402B471D01229A7DF379FA4CC58BAEB6B4AF45704F0181A9E806A7284DB75CE84CF91

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 183 366060-3660a5 call 365f60 186 36612d-36613f call 3666e4 183->186 187 3660ab 183->187 188 3660b1-3660c1 call 366600 187->188 193 3660c7-3660d7 call 366600 188->193 194 36619d-3661a4 188->194 202 3661df-366212 call 364f30 193->202 203 3660dd-3660ed call 366600 193->203 195 3661a6-3661aa 194->195 196 3661ac-3661b5 call 3656e0 194->196 195->196 201 3661ba-3661be 195->201 196->201 205 3661c0-3661c8 call 366530 201->205 206 3661ca-3661dc call 3666e4 201->206 213 366214-36621d call 3655e0 202->213 214 36623d-36624f call 3666e4 202->214 216 3660f3-366103 call 366600 203->216 217 366190-366197 203->217 205->206 222 366222-366224 213->222 224 366105-366109 216->224 225 366151-36616c call 366300 216->225 217->194 226 366226-36622e 222->226 227 36623b 222->227 224->186 228 36610b-36610e 224->228 225->206 236 36616e-36618d call 3663b0 call 3666e4 225->236 226->227 229 366230-366238 226->229 227->214 231 366110-366116 228->231 229->227 233 366124-36612b CharNextW 231->233 234 366118-36611b 231->234 233->186 233->224 238 366142-366149 CharNextW 234->238 239 36611d-366122 CharNextW 234->239 238->188 241 36614f 238->241 239->231 239->233 241->186
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00365F60: CharNextW.USER32(?), ref: 00365F90
                                                                                                                                                                                                    • Part of subcall function 00365F60: CharNextW.USER32(?), ref: 00365F97
                                                                                                                                                                                                    • Part of subcall function 00366600: CharUpperW.USER32(00000000,75A3A7D0,00000000,?,?,003660BC,00000000,UnregServer), ref: 00366613
                                                                                                                                                                                                    • Part of subcall function 00366600: CharUpperW.USER32(8508C483,?,003660BC,00000000,UnregServer), ref: 0036661F
                                                                                                                                                                                                    • Part of subcall function 00366600: CharNextW.USER32(00000000,?,003660BC,00000000,UnregServer), ref: 00366642
                                                                                                                                                                                                    • Part of subcall function 00366600: CharNextW.USER32(003660BC,?,003660BC,00000000,UnregServer), ref: 0036664D
                                                                                                                                                                                                    • Part of subcall function 00366600: CharUpperW.USER32(?,?,003660BC,00000000,UnregServer), ref: 0036665A
                                                                                                                                                                                                    • Part of subcall function 00366600: CharUpperW.USER32(?,?,?,003660BC,00000000,UnregServer), ref: 00366666
                                                                                                                                                                                                  • CharNextW.USER32(?), ref: 0036611E
                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 00366125
                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 00366143
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Char$Next$Upper
                                                                                                                                                                                                  • String ID: APPID$RegServer$RegServerPerUser$UnregServer$UnregServerPerUser${88BC89DA-E4D9-43C1-9474-88FD6A96D9B1}
                                                                                                                                                                                                  • API String ID: 2585046617-2651597401
                                                                                                                                                                                                  • Opcode ID: c4701f693216ee05923a74f8c981b50038d8d08a1910547042dfd35655ac4b81
                                                                                                                                                                                                  • Instruction ID: 553774f17a3dc75a06956642d623ab80c0da2cd2bb526f4112b7a8775d3480f5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4701f693216ee05923a74f8c981b50038d8d08a1910547042dfd35655ac4b81
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54511971A0061597DF23AF64DC43BAEB7E8AF52390F01806AE905AB285EB75D940C7E1

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 244 365d40-365d87 call 365830 247 365e5c-365e64 244->247 248 365d8d-365daf 244->248 249 365e66-365e68 247->249 250 365e6c-365e88 SysFreeString call 3666e4 247->250 253 365e12-365e19 248->253 254 365db1-365db9 248->254 249->250 257 365e3a 253->257 258 365e1b-365e28 GetModuleHandleW 253->258 254->253 256 365dbb-365dfc SysStringLen call 3673c1 call 362970 call 3657e0 254->256 267 365e02-365e0a 256->267 268 365e8b-365e90 call 3671a5 256->268 259 365e3f-365e56 RegisterTypeLib SysFreeString 257->259 258->257 261 365e2a-365e38 GetProcAddress 258->261 259->247 261->257 261->259 267->253
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00365830: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?), ref: 00365881
                                                                                                                                                                                                  • SysStringLen.OLEAUT32(?), ref: 00365DBC
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(OLEAUT32.DLL), ref: 00365E20
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00365E30
                                                                                                                                                                                                  • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00365E4C
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00365E56
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00365E72
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: String$FreeModule$AddressFileHandleNameProcRegisterType
                                                                                                                                                                                                  • String ID: OLEAUT32.DLL$RegisterTypeLibForUser
                                                                                                                                                                                                  • API String ID: 940515025-2666564778
                                                                                                                                                                                                  • Opcode ID: 0fe28f18d9f378b1999947afce22d5d3933f0365651a1480140016b4c972e571
                                                                                                                                                                                                  • Instruction ID: 61dc6dbf0750e5c303ec0a81511918a8c51a86134ad5f1ebef23d22f169a9c5a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fe28f18d9f378b1999947afce22d5d3933f0365651a1480140016b4c972e571
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5316171A40219ABCF22EFA5CC4DBDAB7BDAF94700F0085A8A41DD7250DA759E81DF60

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 271 362dd0-362de8 272 362e44-362e5e RegCreateKeyExW 271->272 273 362dea-362ded 271->273 274 362e64-362e66 272->274 275 362e37-362e3b 273->275 276 362def-362dfc GetModuleHandleW 273->276 280 362e9b-362ea1 274->280 281 362e68-362e6d 274->281 275->272 279 362e3d-362e42 275->279 277 362e05-362e13 GetProcAddress 276->277 278 362dfe-362e03 276->278 277->279 282 362e15-362e35 277->282 278->274 279->274 283 362e74-362e7a 281->283 284 362e6f-362e72 281->284 282->274 285 362e7c-362e85 RegCloseKey 283->285 286 362e8b-362e98 283->286 284->283 285->286 286->280
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,?,?,00000000,?,00364889,?,00000000,00000000,00000000,0002001F,00000000,00000000,?,00000000), ref: 00362DF4
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00362E0B
                                                                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?D6,?,00000000,?D6,00000000,?,?,00000000,?,00364889,?), ref: 00362E5E
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,00364889,?,00000000,00000000,00000000,0002001F,00000000,00000000,?,00000000,00020019,?,00000000,0002001F), ref: 00362E7D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressCloseCreateHandleModuleProc
                                                                                                                                                                                                  • String ID: ?D6$Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                                                  • API String ID: 1765684683-1827373078
                                                                                                                                                                                                  • Opcode ID: 6d0c81c5d1e3ce5a9bd89852e266bdf7ac20343875147acae946586ad28b7cfc
                                                                                                                                                                                                  • Instruction ID: 51befbf458a832dd7126b7665a78d82e1b54c2ad6cde5897c90d3a229b7c9f69
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d0c81c5d1e3ce5a9bd89852e266bdf7ac20343875147acae946586ad28b7cfc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C214C7160060AEFDF26CF55DC44FAB7BA9EF18340F118429F90996164D772DE60EB60

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 288 364f30-364f75 289 364f77-364f7b 288->289 290 364fa2-364fb4 288->290 289->290 291 364f7d 289->291 296 364fb6-364fdb GetModuleFileNameW 290->296 297 364fe4-365000 call 361e90 call 3666e4 290->297 292 364f80-364f85 291->292 294 364f87-364f89 292->294 295 364f98-364fa0 292->295 294->295 298 364f8b-364f93 call 3620d0 294->298 295->290 295->292 299 365003-365008 296->299 300 364fdd-364fe2 call 362a10 296->300 298->295 302 365037-365054 call 3631d0 299->302 303 36500a-365034 call 361d10 call 361e90 call 3666e4 299->303 300->297 315 365056-365060 GetModuleHandleW 302->315 316 36506d-365096 call 365260 302->316 315->316 319 365062-365068 315->319 323 3650c5-3650e8 call 3652b0 316->323 324 365098-3650c2 call 361d10 call 361e90 call 3666e4 316->324 322 3650fe-365114 call 3622b0 319->322 330 365116-365132 call 3622b0 322->330 331 36516e-365179 call 361d10 322->331 336 36517e-365183 call 3671a5 323->336 337 3650ee-3650f8 323->337 330->331 344 365134-36514e 330->344 331->297 337->322 346 365167-36516c call 364cf0 344->346 347 365150 call 364c90 344->347 346->331 351 365155-365162 call 361d10 347->351 351->297
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00360000,?,00000104), ref: 00364FD3
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 00365058
                                                                                                                                                                                                    • Part of subcall function 003620D0: _memcpy_s.LIBCMT ref: 003621B3
                                                                                                                                                                                                    • Part of subcall function 003620D0: _memcpy_s.LIBCMT ref: 003621C7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Module_memcpy_s$FileHandleName
                                                                                                                                                                                                  • String ID: Module$Module_Raw$REGISTRY$t67
                                                                                                                                                                                                  • API String ID: 2255713474-1615377200
                                                                                                                                                                                                  • Opcode ID: 6ba23d0c777a4f17e2ef35924ab561ad64f0fe83ffaad33cf121d04c37570bd3
                                                                                                                                                                                                  • Instruction ID: a2953821a5f50a69d5ff80de99c25b5dd4a0aa38b7fd586ac31370e5a28ba5c3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ba23d0c777a4f17e2ef35924ab561ad64f0fe83ffaad33cf121d04c37570bd3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8651D572A012289BCB22DB54DC41BEEB3B8AF55310F0585AAF80DAB145DB74DF44CF92

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 391 363ba0-363bb8 392 363c07-363c14 RegOpenKeyExW 391->392 393 363bba-363bbd 391->393 396 363c1a-363c1c 392->396 394 363bbf-363bcc GetModuleHandleW 393->394 395 363bfa-363bfe 393->395 397 363bd5-363be3 GetProcAddress 394->397 398 363bce-363bd3 394->398 395->392 399 363c00-363c05 395->399 400 363c45-363c4b 396->400 401 363c1e-363c24 396->401 397->399 404 363be5-363bf8 397->404 398->396 399->396 402 363c26-363c2f RegCloseKey 401->402 403 363c35-363c42 401->403 402->403 403->400 404->396
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,?,?,00364058,?,00000000,?), ref: 00363BC4
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00363BDB
                                                                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,?,?,?,00364058,?,00000000,?), ref: 00363C14
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,00364058,?,00000000,?), ref: 00363C27
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressCloseHandleModuleOpenProc
                                                                                                                                                                                                  • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                                                  • API String ID: 823179699-3913318428
                                                                                                                                                                                                  • Opcode ID: a2d83c03f96af94e46e04587346867a7431dcbf8a4a714581b19a45d30f53648
                                                                                                                                                                                                  • Instruction ID: 3ae4410803ed86eaf58e1978002d3d8509da6b25545c8cb19e5f2d96ea3e9031
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2d83c03f96af94e46e04587346867a7431dcbf8a4a714581b19a45d30f53648
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01118E71700205FBEB268F55CC44FAA7BACEB94700F108029F50AE6154D771DB80EB64

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 406 365830-365859 407 365a05-365a19 call 3666e4 406->407 408 36585f-365861 406->408 408->407 409 365867-36588b GetModuleFileNameW 408->409 411 3658a7-3658ad 409->411 412 36588d-3658a4 call 362a10 call 3666e4 409->412 415 3658af-3658c6 call 3666e4 411->415 416 3658c9-3658e6 call 365790 411->416 423 365933-365945 LoadTypeLib 416->423 424 3658e8-3658ed 416->424 427 3659ca-3659db SysAllocString 423->427 428 36594b-36597f 423->428 426 3658f3-3658fc 424->426 426->426 429 3658fe-36590b 426->429 430 3659f0-365a02 call 3666e4 427->430 431 3659dd-3659ea 427->431 432 365981-365998 call 3666e4 428->432 433 36599b-3659c8 call 367d92 call 362970 LoadTypeLib 428->433 429->432 435 36590d-36590f 429->435 431->430 433->427 433->430 435->432 439 365911-365916 435->439 439->432 444 365918-365930 call 3666b0 439->444 444->423
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?), ref: 00365881
                                                                                                                                                                                                    • Part of subcall function 00362A10: GetLastError.KERNEL32(0036441D), ref: 00362A10
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                  • String ID: .tlb
                                                                                                                                                                                                  • API String ID: 2776309574-1487266626
                                                                                                                                                                                                  • Opcode ID: b49ebc64047683ca188a1ee939cc08c1c4827299b55f7153cac9489f49103515
                                                                                                                                                                                                  • Instruction ID: f5f2ccae40dd8dadac7765e4afdad1b36e6743c65230a8b4d4b0478c1697fd5b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b49ebc64047683ca188a1ee939cc08c1c4827299b55f7153cac9489f49103515
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A51B976A005199BCB21DFA8D885BAEB7F8EB48310F5185BAEC09D7245D735DE40CB90

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 448 366570-36657e 449 366580-366587 448->449 450 36658a-36659a CoInitialize 448->450 451 36659c-3665a2 450->451 452 3665bd 450->452 453 3665f4-3665fb 451->453 454 3665a4-3665b1 GetModuleHandleW 451->454 455 3665c1-3665d5 GetCommandLineW call 366060 452->455 454->455 456 3665b3-3665ba 454->456 459 3665d7-3665e3 call 3663e0 455->459 460 3665e5 455->460 462 3665e8-3665ec 459->462 460->462 462->453 464 3665ee CoUninitialize 462->464 464->453
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 0036658D
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Mscoree.dll), ref: 003665A9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleInitializeModule
                                                                                                                                                                                                  • String ID: Mscoree.dll
                                                                                                                                                                                                  • API String ID: 2866158306-4150509846
                                                                                                                                                                                                  • Opcode ID: 2f1af05b74452aa141b04991a540b1e361563d51a67a90103f90b061d74a187b
                                                                                                                                                                                                  • Instruction ID: 5e548ee1870531c7743f70c93e4cb2acd7b79f19ceffe19a0f047de0786b020e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f1af05b74452aa141b04991a540b1e361563d51a67a90103f90b061d74a187b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A014972B04115ABCB2397A8980776DFB5C9B127E1F10416AFE0AD3358DA618E5093E1

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 465 3623e0-362457 call 367b70 call 363a10 470 36245d-362475 call 365190 465->470 471 362789-3627a4 call 3666e4 465->471 476 362477-36247c 470->476 477 362481-362498 call 364e90 call 363a10 470->477 476->471 477->471 482 36249e-3624a8 477->482 483 36266e-362673 482->483 484 3624ae 482->484 485 362773-362787 call 363a10 483->485 486 362679-36267f 483->486 487 362614-36263a VarUI4FromStr 484->487 488 3624b4-3624b7 484->488 485->471 491 362682-36268b 486->491 493 36264e-362669 call 364d50 call 361d10 487->493 494 36263c-362649 call 361d10 487->494 489 3625fc-362608 call 364dd0 488->489 490 3624bd-3624c0 488->490 503 36260d-36260f 489->503 490->485 495 3624c6-3624cf 490->495 491->491 496 36268d-3626d1 call 3627f0 491->496 515 36275e 493->515 494->471 501 3624d0-3624d9 495->501 517 362744 496->517 518 3626d3-3626e1 496->518 501->501 507 3624db-3624e8 501->507 509 362764-362766 503->509 511 3624ea-362542 call 3627b0 507->511 512 362559-36255e 507->512 509->485 514 362768-362771 call 362a30 509->514 530 362544-36254c 511->530 531 362563-362573 call 366e10 511->531 512->471 514->471 515->509 520 362749-362751 517->520 522 3626e3-3626e9 518->522 523 36271f-362742 call 364d70 518->523 520->515 525 362753 520->525 527 3626f0-3626f9 CharNextW 522->527 523->520 525->515 529 362759 call 363220 525->529 532 362710-362716 527->532 533 3626fb-3626ff 527->533 529->515 530->512 535 36254e-362554 call 363220 530->535 541 362575 531->541 542 3625b9-3625e6 RegSetValueExW 531->542 538 362719-36271d 532->538 533->532 536 362701-36270e CharNextW 533->536 535->512 536->538 538->523 538->527 543 362580-3625b1 call 362c20 541->543 542->515 544 3625ec-3625f7 call 363220 542->544 549 3625b3 543->549 544->515 549->542
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1586166983-0
                                                                                                                                                                                                  • Opcode ID: 8ac2de3a0bcd681a65cd1a88e40b140d7de89898ce9917074bb3caf87d21db9c
                                                                                                                                                                                                  • Instruction ID: d5bada6397c4f8acd942ca155f53c1dac0179cb53c572642cf41f289480d2670
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ac2de3a0bcd681a65cd1a88e40b140d7de89898ce9917074bb3caf87d21db9c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5691F871D00619CBCB36DF14CC49BEEB7B8AF24300F068099EA09A7245DB349E95CFA1

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 550 364000-364053 call 363ba0 552 364058-36405c 550->552 553 364062-364096 RegEnumKeyExW 552->553 554 364120-364128 552->554 557 3640e7-3640ef 553->557 558 364098 553->558 555 364131-364141 call 3666e4 554->555 556 36412a-36412b RegCloseKey 554->556 556->555 561 364102-36411d call 3630f0 557->561 562 3640f1-3640f8 RegCloseKey 557->562 560 3640a0-3640b6 call 364000 558->560 568 36411f 560->568 569 3640b8-3640e5 RegEnumKeyExW 560->569 561->568 562->561 568->554 569->557 569->560
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00363BA0: GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,?,?,00364058,?,00000000,?), ref: 00363BC4
                                                                                                                                                                                                    • Part of subcall function 00363BA0: RegCloseKey.ADVAPI32(00000000,?,00364058,?,00000000,?), ref: 00363C27
                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,?,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000), ref: 00364092
                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,?), ref: 003640E1
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 003640F2
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000000), ref: 0036412B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Close$Enum$HandleModule
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2852649468-0
                                                                                                                                                                                                  • Opcode ID: 7c15a746db88e91afc1a6cc0056c0beae41005e7fd2cc12467f9f9d5cf727a7d
                                                                                                                                                                                                  • Instruction ID: c1772f081914458da9ac5477f4abd19b992894fb28160e0a8e34c0c9fd4dcaf1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c15a746db88e91afc1a6cc0056c0beae41005e7fd2cc12467f9f9d5cf727a7d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B3118B194122DABDB32EB15DC48BDABBBCEF15350F0081D5A90DA2255DB709F848EA1

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 570 364150-36418b call 367b70 call 363c50 575 3641f4-364203 call 3666e4 570->575 576 36418d-36419a 570->576 578 3641e6-3641f2 CoTaskMemFree 576->578 579 36419c-36419d 576->579 578->575 580 3641a0-3641b2 call 363a10 579->580 584 3641b4-3641b8 580->584 585 3641e5 580->585 586 3641c0-3641d5 lstrcmpiW 584->586 585->578 587 364206-36420f 586->587 588 3641d7-3641de 586->588 589 3641e0 587->589 590 364211-364223 call 363a10 587->590 588->586 588->589 589->585 590->585 593 364225-364231 590->593 593->589 594 364233-36423a 593->594 595 36423c-36424f call 364490 594->595 596 36427a-36428f call 364490 594->596 599 364254-364258 595->599 596->585 601 364295-3642a3 call 364e90 596->601 599->601 602 36425a-364275 call 364490 599->602 601->580 607 3642a9 601->607 602->585 607->585
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00363C50: CoTaskMemAlloc.OLE32(-00000002,C1C9A069,00000000,00000000), ref: 00363CD9
                                                                                                                                                                                                    • Part of subcall function 00363C50: _wcsstr.LIBCMT ref: 00363D3A
                                                                                                                                                                                                    • Part of subcall function 00363C50: CharNextW.USER32(?,00000000), ref: 00363D4D
                                                                                                                                                                                                    • Part of subcall function 00363C50: CharNextW.USER32(00000000,?,00000000), ref: 00363D52
                                                                                                                                                                                                    • Part of subcall function 00363C50: CharNextW.USER32(00000000,?,00000000), ref: 00363D57
                                                                                                                                                                                                    • Part of subcall function 00363C50: CharNextW.USER32(00000000,?,00000000), ref: 00363D5C
                                                                                                                                                                                                  • lstrcmpiW.KERNELBASE(?,00373700,?,00000000,00000000,00000000,00000000), ref: 003641CD
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,00000000,00000000,00000000), ref: 003641EC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext$Task$AllocFree_wcsstrlstrcmpi
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1643784097-0
                                                                                                                                                                                                  • Opcode ID: d6673faf4d24cea5f902e0fbe00f736aadd7113041964b9a249886af9be01c77
                                                                                                                                                                                                  • Instruction ID: 28d266db31fd85c5f3d1554234446ff75861e8f4ac4bbd6abaf90e982383fc4a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6673faf4d24cea5f902e0fbe00f736aadd7113041964b9a249886af9be01c77
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9931FE75E002289BDF27DF54DC95B9E77A8EF55710F0181A9F909DB245DA30DE80CB90

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 608 368073-368082 call 36803f ExitProcess
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ___crtCorExitProcess.LIBCMT ref: 00368079
                                                                                                                                                                                                    • Part of subcall function 0036803F: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,0036807E,00000000,?,00366758,000000FF,0000001E,00000000,00000000,00000000,?,0036AFCB), ref: 0036804E
                                                                                                                                                                                                    • Part of subcall function 0036803F: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00368060
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00368082
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2427264223-0
                                                                                                                                                                                                  • Opcode ID: 7961cf0b6c0e4877159882b71188e1c40433069d2d02e972e1852907991f21a6
                                                                                                                                                                                                  • Instruction ID: cff3d580bf7d568e32f9565d469efb86c6dce0ee89bca626840a094691f06f29
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7961cf0b6c0e4877159882b71188e1c40433069d2d02e972e1852907991f21a6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34B09230000109BBCB162F11DC0A8883F6DEB003D0B009020F8090A032DFB2AA92AA90

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 611 364dd0-364ddb 612 364de5-364deb 611->612 613 364ddd-364de2 611->613 614 364df0-364df9 612->614 614->614 615 364dfb-364e1b RegSetValueExW 614->615
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegSetValueExW.KERNELBASE(00000000,00000001,00000000,00000000,?,?,00000000,?,?,0036260D,00000000,?,00000001,?), ref: 00364E12
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                  • Opcode ID: 3a7de9e35b2cc3d17345c6d26d0966fd3badc89dee5bf490240ec88e9b0e54cc
                                                                                                                                                                                                  • Instruction ID: 4a6be53a75ac87cdb2e084ce211a4b8cb054a6763d9783ce13ecc97c2a6300ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a7de9e35b2cc3d17345c6d26d0966fd3badc89dee5bf490240ec88e9b0e54cc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6F08236500109DBD7218F88EC10EEBB36DEBD4790F04C126F90587015D631E910D790

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 616 36832c-368336 call 3681fd 618 36833b-36833f 616->618
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _doexit.LIBCMT ref: 00368336
                                                                                                                                                                                                    • Part of subcall function 003681FD: __lock.LIBCMT ref: 0036820B
                                                                                                                                                                                                    • Part of subcall function 003681FD: DecodePointer.KERNEL32(00378E78,0000001C,00368156,00000000,00000001,00000000,?,003680A4,000000FF,?,0036B9B9,00000011,00000000,?,00369F4B,0000000D), ref: 0036824A
                                                                                                                                                                                                    • Part of subcall function 003681FD: DecodePointer.KERNEL32(?,003680A4,000000FF,?,0036B9B9,00000011,00000000,?,00369F4B,0000000D), ref: 0036825B
                                                                                                                                                                                                    • Part of subcall function 003681FD: EncodePointer.KERNEL32(00000000,?,003680A4,000000FF,?,0036B9B9,00000011,00000000,?,00369F4B,0000000D), ref: 00368274
                                                                                                                                                                                                    • Part of subcall function 003681FD: DecodePointer.KERNEL32(-00000004,?,003680A4,000000FF,?,0036B9B9,00000011,00000000,?,00369F4B,0000000D), ref: 00368284
                                                                                                                                                                                                    • Part of subcall function 003681FD: EncodePointer.KERNEL32(00000000,?,003680A4,000000FF,?,0036B9B9,00000011,00000000,?,00369F4B,0000000D), ref: 0036828A
                                                                                                                                                                                                    • Part of subcall function 003681FD: DecodePointer.KERNEL32(?,003680A4,000000FF,?,0036B9B9,00000011,00000000,?,00369F4B,0000000D), ref: 003682A0
                                                                                                                                                                                                    • Part of subcall function 003681FD: DecodePointer.KERNEL32(?,003680A4,000000FF,?,0036B9B9,00000011,00000000,?,00369F4B,0000000D), ref: 003682AB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2158581194-0
                                                                                                                                                                                                  • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                  • Instruction ID: d0851e4bf9b71395aa8dad2c4e6babb431ca631a496b9b3c43fbd6d1d37d805f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFB0123158030C33D9122741EC03F153B8C4741B90F104060FA0C1C1F2A993756140CD
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?), ref: 003614EE
                                                                                                                                                                                                  • CoCreateInstance.OLE32(?,?,00000017,00373C58,00000000), ref: 00361514
                                                                                                                                                                                                  • PathMatchSpecW.SHLWAPI(?,*.ocx), ref: 0036152D
                                                                                                                                                                                                  • PathMatchSpecW.SHLWAPI(?,*.dll), ref: 0036153D
                                                                                                                                                                                                  • PathIsContentTypeW.SHLWAPI(?,text/scriptlet), ref: 0036156D
                                                                                                                                                                                                  • PathMatchSpecW.SHLWAPI(?,*.sct), ref: 0036157D
                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000010,00373C58,00000000), ref: 0036164C
                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 003616AB
                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000010,00373C58,00000000), ref: 003616D3
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000800,?,00000000,00000000), ref: 0036191A
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00002500,Error 0x%1!lX!,00000000,00000800,00000000,00000000,?), ref: 00361945
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00361969
                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,00000000,00000000,00002010), ref: 0036197F
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00361986
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Path$MatchMessageSpec$FormatFreeLocalObject$ContentCreateExecuteFromInstanceProgShellType
                                                                                                                                                                                                  • String ID: %1%2$*.dll$*.ocx$*.sct$047$<$<47$Error 0x%1!lX!$p37$script:$text/scriptlet
                                                                                                                                                                                                  • API String ID: 1259344951-938762168
                                                                                                                                                                                                  • Opcode ID: fb10299d1fb848153298131a845f9e8b74de4103083346551873ed40bc0223d7
                                                                                                                                                                                                  • Instruction ID: 9698068f05e017ece9c29c73177c37a05fbc93f1227572461ea3a2d0197a7f80
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb10299d1fb848153298131a845f9e8b74de4103083346551873ed40bc0223d7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1D19475A002259FDB72DB54CC88BAAB7B8EF49300F5981E9E90DE7254DB309E41DF50
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,0036708A,00373C7C,00000001,?,003671A1,00373C7C,00000017), ref: 003699DB
                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(00373C7C,?,0036708A,00373C7C,00000001,?,003671A1,00373C7C,00000017), ref: 003699E4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                  • Opcode ID: 79836d9084b048eeeb15deafd4b2b152b5d5109914b2e219de3e6f748d2c8f41
                                                                                                                                                                                                  • Instruction ID: 427ddfc92c62824963cc6fe1f54b2996671019ff004f1cb85da444225e9cc312
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79836d9084b048eeeb15deafd4b2b152b5d5109914b2e219de3e6f748d2c8f41
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EB09231248208BBCA123BA1EC09B887F2CEB09762F804010F68D844618B72D690AA91
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(?), ref: 003699AB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                  • Opcode ID: e4b060cac3ec2d9c6cd11941c59b6ba9685cba51a81358ce6ab035152c17bd4d
                                                                                                                                                                                                  • Instruction ID: a583ae39b30e33519cd2318ae069a660dc5cf6eb22a429e07151bb8b6d55a457
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4b060cac3ec2d9c6cd11941c59b6ba9685cba51a81358ce6ab035152c17bd4d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58A0123000410CB78A012B41EC044843F1CD604271B400010F40C40420872295905580
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _memcpy_s
                                                                                                                                                                                                  • String ID: t67
                                                                                                                                                                                                  • API String ID: 2001391462-2635607524
                                                                                                                                                                                                  • Opcode ID: 1bff35e2835a53bf8d124e2e47603abc91a011f89231d5511ebf6bcd09b87322
                                                                                                                                                                                                  • Instruction ID: c4186257898d7baea320698b46608d9e324e315df3358d1e7423433e0f67365a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bff35e2835a53bf8d124e2e47603abc91a011f89231d5511ebf6bcd09b87322
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2018F72644548EBC715CF54D801F9AB7A8E704710F10C21DE829C7780DB3E9900CB54
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00367E57,00378E58,00000014), ref: 00367FF7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                  • Opcode ID: 6fb36d27e4d946ee0877cfd389f01ca31076727568e221601812970e014ff0e1
                                                                                                                                                                                                  • Instruction ID: 0bc98d2302b302a90b2e90a7f47d8bab44846ce2b2e9891c429907938105c38f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6fb36d27e4d946ee0877cfd389f01ca31076727568e221601812970e014ff0e1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65B012B030210247C75A5B3C7C1410977FC670C301F40403D700BC1560EF30C590EE01
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoTaskMemAlloc.OLE32(-00000002,C1C9A069,00000000,00000000), ref: 00363CD9
                                                                                                                                                                                                  • _wcsstr.LIBCMT ref: 00363D3A
                                                                                                                                                                                                  • CharNextW.USER32(?,00000000), ref: 00363D4D
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,00000000), ref: 00363D52
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,00000000), ref: 00363D57
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,00000000), ref: 00363D5C
                                                                                                                                                                                                  • CharNextW.USER32(?,?,00000000,00000001,C1C9A069,00000000,00000000), ref: 00363D93
                                                                                                                                                                                                  • CharNextW.USER32(?,?,00000000,00000001,C1C9A069,00000000,00000000), ref: 00363DA8
                                                                                                                                                                                                  • CharNextW.USER32(00000000,}},?,00000000,00000001,C1C9A069,00000000,00000000), ref: 00363DFF
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,C1C9A069,00000000,00000000), ref: 00363E24
                                                                                                                                                                                                  • CharNextW.USER32(?,00000000,?,?,?,?,?,?,00000000), ref: 00363E92
                                                                                                                                                                                                  • CharNextW.USER32(?,00000000,00000001,C1C9A069,00000000,00000000), ref: 00363E9F
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,00000000), ref: 00363EBC
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,00000000), ref: 00363ECE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext$Task$Free$Alloc_wcsstr
                                                                                                                                                                                                  • String ID: }}$HKCR$HKCU{Software{Classes
                                                                                                                                                                                                  • API String ID: 1632296858-1142484189
                                                                                                                                                                                                  • Opcode ID: 52a43bbaed58d0582d087bbf88bc190b0abec3d5b0c238abfae4a890ec6b7e03
                                                                                                                                                                                                  • Instruction ID: de2becc5443689bfe80bc6787b29e02dd48563147a09329c4a7ed9277bc03b2d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52a43bbaed58d0582d087bbf88bc190b0abec3d5b0c238abfae4a890ec6b7e03
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E391C871E043859FDF229FA4C855BAEBBF8EF15300F15842DE985EB248E7758A44CB20
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • TlsAlloc.KERNEL32 ref: 003610E6
                                                                                                                                                                                                  • TlsSetValue.KERNEL32(FFFFFFFF,?), ref: 003610FA
                                                                                                                                                                                                  • StrRChrA.SHLWAPI(?,00000000,0000003B), ref: 00361119
                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(00000001), ref: 00361125
                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00361140
                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,00000000,00042014), ref: 00361157
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00361164
                                                                                                                                                                                                  • PathFindFileNameA.SHLWAPI(?), ref: 00361171
                                                                                                                                                                                                  • StrChrA.SHLWAPI(?,0000002A), ref: 00361186
                                                                                                                                                                                                  • StrChrA.SHLWAPI(00000000,00000029), ref: 00361195
                                                                                                                                                                                                  • lstrcpynA.KERNEL32(?,00000001,00000000), ref: 003611A9
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 003611B6
                                                                                                                                                                                                  • StrChrA.SHLWAPI(00000000,0000003B), ref: 003611C7
                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00361202
                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,?,?,00042014), ref: 0036121F
                                                                                                                                                                                                  • StrChrA.SHLWAPI(00000001,0000002A), ref: 0036123C
                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?), ref: 0036124F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileMessageModuleName$AddressAllocExitFindHandleLibraryLoadPathProcProcessValuelstrcpynwsprintf
                                                                                                                                                                                                  • String ID: %s:%s%s
                                                                                                                                                                                                  • API String ID: 1428029404-113327331
                                                                                                                                                                                                  • Opcode ID: 2d9297395876f2bb64e467a5840854eec8af5452a9355f0bde924b8922647b40
                                                                                                                                                                                                  • Instruction ID: 948e5f5c5abda3bd7e80d394bd5517377c7a916a527d90433aa66ebb52531c0c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d9297395876f2bb64e467a5840854eec8af5452a9355f0bde924b8922647b40
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3418C71900228ABDB369B64DC48FAA77BDEB58310F044695F60EE3250DB719B84DF60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,00364AE0,?), ref: 0036310A
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 0036311A
                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 00363142
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,00364AE0,?), ref: 00363167
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00363177
                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 003631B9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                                                  • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                                                                                                                                                                                                  • API String ID: 588496660-1053001802
                                                                                                                                                                                                  • Opcode ID: 2010fc0b7f3ddcb3378ab3b77c5f5348765553f07b8108713cd9f55c53dfe59d
                                                                                                                                                                                                  • Instruction ID: 1365860f4e5d3f4294bd724967e10459d51948fcf1f58d76c34d2a193999c581
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2010fc0b7f3ddcb3378ab3b77c5f5348765553f07b8108713cd9f55c53dfe59d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F021DE32340204FBDB33AF99EC08F95BBACEB51761F048436F249D21A4C7719690EB61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CharNextW.USER32(?,?,00000000,x>6,00363E78,?,?,?,?,?,?,00000000), ref: 00363A56
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>6,00363E78,?,?,?,?,?,?,00000000), ref: 00363A6E
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>6,00363E78,?,?,?,?,?,?,00000000), ref: 00363A82
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>6,00363E78,?,?,?,?,?,?,00000000), ref: 00363A8C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext
                                                                                                                                                                                                  • String ID: x>6$x>6
                                                                                                                                                                                                  • API String ID: 3213498283-2839012780
                                                                                                                                                                                                  • Opcode ID: 84e9dc13b2bdc3fa10181e951149d2bc929c9c05c3bcc5983fe920865ee0d229
                                                                                                                                                                                                  • Instruction ID: 0e2e663ed05e8bb28808b3180f281453fcff26888947263117ecd56f6d0a06ad
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84e9dc13b2bdc3fa10181e951149d2bc929c9c05c3bcc5983fe920865ee0d229
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5641E132700215CFCB22DFACD890679B3F6EF99310B9185AAD845CB358E770AE41CB91
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoCreateInstance.OLE32(00373C68,00000000,00000001,00373A08,?,?,?,?), ref: 00365A90
                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000040,?,?,?), ref: 00365B26
                                                                                                                                                                                                  • RegQueryInfoKeyW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,80000000,?,00020019), ref: 00365BF6
                                                                                                                                                                                                  • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000000,?,00020019), ref: 00365CB6
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoQuery$CreateFromInstanceString
                                                                                                                                                                                                  • String ID: CLSID\$\Implemented Categories$\Required Categories
                                                                                                                                                                                                  • API String ID: 468587507-4092563799
                                                                                                                                                                                                  • Opcode ID: 850b3656d6c53397661499adc7aa3dfc86fb30030d08e739c360674b7ae3f4ed
                                                                                                                                                                                                  • Instruction ID: c624865c1e726b30f59ef628d2031d59ee2b89151ade38ddb142b3f496317d4a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 850b3656d6c53397661499adc7aa3dfc86fb30030d08e739c360674b7ae3f4ed
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B815E71A00618AFDB72DF60CC85FEAB3BCAF15700F5184A9E649AB145DB70AE85CF50
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0037B690,C1C9A069,?,;7), ref: 003633CA
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00000104), ref: 00363441
                                                                                                                                                                                                  • LoadTypeLib.OLEAUT32(?,00000000), ref: 00363472
                                                                                                                                                                                                  • LoadRegTypeLib.OLEAUT32(?,?,?,?,00000000), ref: 0036349C
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0037B690), ref: 003635B2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalLoadSectionType$EnterFileLeaveModuleName
                                                                                                                                                                                                  • String ID: m26$;7
                                                                                                                                                                                                  • API String ID: 2487232618-2103433379
                                                                                                                                                                                                  • Opcode ID: c45f15b51258d2554a91255620ff6f517969388d92c55cd58c9a8526ac71aba4
                                                                                                                                                                                                  • Instruction ID: cdbb8edb791c2fd7824548a7cf8c03de292834427bc011a0630e76d61f708b2c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c45f15b51258d2554a91255620ff6f517969388d92c55cd58c9a8526ac71aba4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75716270500218EFDB22DF94D848BAAB7F8EF59314F148499E50AD7250DB75DE85CF60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000010,00373C58,00000000), ref: 0036164C
                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 003616AB
                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000010,00373C58,00000000), ref: 003616D3
                                                                                                                                                                                                  • LoadTypeLib.OLEAUT32(?,?), ref: 0036176B
                                                                                                                                                                                                  • StrCmpIW.SHLWAPI(?,?), ref: 00361820
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0036185E
                                                                                                                                                                                                  • PathMatchSpecW.SHLWAPI(?,*.dll), ref: 003618C2
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000800,?,00000000,00000000), ref: 0036191A
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00002500,Error 0x%1!lX!,00000000,00000800,00000000,00000000,?), ref: 00361945
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00361969
                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,00000000,00000000,00002010), ref: 0036197F
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00361986
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FreeMessage$FormatLocalObject$ExecuteLoadMatchPathShellSpecStringType
                                                                                                                                                                                                  • String ID: 047$<$<47
                                                                                                                                                                                                  • API String ID: 1733510067-1562473189
                                                                                                                                                                                                  • Opcode ID: 069181b12da445de1b2d9a53b005a50d77fb97e4350068c8551943d2ad9b0b25
                                                                                                                                                                                                  • Instruction ID: 05bdf83f00f39e842a1c5eb36396c9aa8de68989835ffd9456bd2cff1b3f1940
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 069181b12da445de1b2d9a53b005a50d77fb97e4350068c8551943d2ad9b0b25
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7931B47590015A8ADF32EF64C948BEAB3B8EF04344F5581EAD90AE7110E7749E85CF90
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _malloc.LIBCMT ref: 003699F8
                                                                                                                                                                                                    • Part of subcall function 0036672B: __FF_MSGBANNER.LIBCMT ref: 00366742
                                                                                                                                                                                                    • Part of subcall function 0036672B: __NMSG_WRITE.LIBCMT ref: 00366749
                                                                                                                                                                                                    • Part of subcall function 0036672B: HeapAlloc.KERNEL32(00F10000,00000000,00000001,00000000,00000000,00000000,?,0036AFCB,00000000,00000000,00000000,00000000,?,0036BA60,00000018,003790F8), ref: 0036676E
                                                                                                                                                                                                  • _free.LIBCMT ref: 00369A0B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocHeap_free_malloc
                                                                                                                                                                                                  • String ID: !6
                                                                                                                                                                                                  • API String ID: 2734353464-2803111142
                                                                                                                                                                                                  • Opcode ID: 9724fb851e7f5aaaf81a6da9f9cba4f1fdce3412ffb32c86072ac0292ee1d1a4
                                                                                                                                                                                                  • Instruction ID: ec06a0411586362c1c653b9d9c165a69fb9893285093a182900000f1fde195a5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9724fb851e7f5aaaf81a6da9f9cba4f1fdce3412ffb32c86072ac0292ee1d1a4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2118232908215AACB337FB4EC05B5A3BECAF04764F21C527F9599E159EF748980D6A0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __init_pointers.LIBCMT ref: 00369FB5
                                                                                                                                                                                                    • Part of subcall function 0036815B: EncodePointer.KERNEL32(00000000,?,00369FBA,00367E68,00378E58,00000014), ref: 0036815E
                                                                                                                                                                                                    • Part of subcall function 0036815B: __initp_misc_winsig.LIBCMT ref: 00368179
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00369721
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00369735
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00369748
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0036975B
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0036976E
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00369781
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00369794
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 003697A7
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 003697BA
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 003697CD
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 003697E0
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 003697F3
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00369806
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00369819
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0036982C
                                                                                                                                                                                                    • Part of subcall function 0036815B: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0036983F
                                                                                                                                                                                                  • __mtinitlocks.LIBCMT ref: 00369FBA
                                                                                                                                                                                                  • __mtterm.LIBCMT ref: 00369FC3
                                                                                                                                                                                                    • Part of subcall function 0036A02B: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00369FC8,00367E68,00378E58,00000014), ref: 0036B9E1
                                                                                                                                                                                                    • Part of subcall function 0036A02B: _free.LIBCMT ref: 0036B9E8
                                                                                                                                                                                                    • Part of subcall function 0036A02B: DeleteCriticalSection.KERNEL32(0037A270,?,?,00369FC8,00367E68,00378E58,00000014), ref: 0036BA0A
                                                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 00369FE8
                                                                                                                                                                                                  • __initptd.LIBCMT ref: 0036A00A
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0036A011
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3567560977-0
                                                                                                                                                                                                  • Opcode ID: d8fff2bd10b68fc89692a6ebdeb8c1bbc7de95efb0d319d710a7b74b2e6f0479
                                                                                                                                                                                                  • Instruction ID: 8d2ac700662f5f1440abb606a2f8b3b73b4a79d20da474812b72f5582811f914
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8fff2bd10b68fc89692a6ebdeb8c1bbc7de95efb0d319d710a7b74b2e6f0479
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72F03632119B1159E63777747C0375B268C8F46771F23C61AF465DD0DEEF2188824556
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CharUpperW.USER32(00000000,75A3A7D0,00000000,?,?,003660BC,00000000,UnregServer), ref: 00366613
                                                                                                                                                                                                  • CharUpperW.USER32(8508C483,?,003660BC,00000000,UnregServer), ref: 0036661F
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,003660BC,00000000,UnregServer), ref: 00366642
                                                                                                                                                                                                  • CharNextW.USER32(003660BC,?,003660BC,00000000,UnregServer), ref: 0036664D
                                                                                                                                                                                                  • CharUpperW.USER32(?,?,003660BC,00000000,UnregServer), ref: 0036665A
                                                                                                                                                                                                  • CharUpperW.USER32(?,?,?,003660BC,00000000,UnregServer), ref: 00366666
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Char$Upper$Next
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3006421506-0
                                                                                                                                                                                                  • Opcode ID: cdd3e42c433fd108b6dabdc80701a678d688a85178631ca2d8dbc04d014d751d
                                                                                                                                                                                                  • Instruction ID: 2b96caf52a26ac2623648a945bb19ae5718e5b73983747a2dfb92d3077cc508e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdd3e42c433fd108b6dabdc80701a678d688a85178631ca2d8dbc04d014d751d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B11863B4001105ACF365BBEEC896B5B7A8FE447A1FD98127FC48D3194D638CC959A31
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AdjustPointer_memmove
                                                                                                                                                                                                  • String ID: :e3
                                                                                                                                                                                                  • API String ID: 1721217611-1834617153
                                                                                                                                                                                                  • Opcode ID: 94ad88664add74dc1b13b0d43aec6f43688203e92634ab8d7f79c2040b0356e7
                                                                                                                                                                                                  • Instruction ID: 1463b31ea4c32d0469edd82190b7eb51a2d936443f96082fe4b3d80f868b3c1c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94ad88664add74dc1b13b0d43aec6f43688203e92634ab8d7f79c2040b0356e7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C411535608B425EEB2B6E24E851B6637F5AF01310F25C45EF841EF5D9EB71DC80EA12
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00365830: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?), ref: 00365881
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(OLEAUT32.DLL), ref: 00365EEF
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00365EFF
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00365F45
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Module$AddressFileFreeHandleNameProcString
                                                                                                                                                                                                  • String ID: OLEAUT32.DLL$UnRegisterTypeLibForUser
                                                                                                                                                                                                  • API String ID: 815855407-2196524522
                                                                                                                                                                                                  • Opcode ID: 8fe0e4e6679b8047ced7bd5a3ee9902288e75b76278d26fccc8a8bede671f650
                                                                                                                                                                                                  • Instruction ID: f3dfca3ff8e608892cd7a7904998cbf9ba4860ac9f7503db66594dd7d2151109
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fe0e4e6679b8047ced7bd5a3ee9902288e75b76278d26fccc8a8bede671f650
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3211F75A00114EFDB22DFA4CC44AAA7BB9EF44715F1081A4FD05DB254DB31DE42DBA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>6,00363E78,?,?,?,?,?,?,00000000), ref: 00363A6E
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>6,00363E78,?,?,?,?,?,?,00000000), ref: 00363A82
                                                                                                                                                                                                  • CharNextW.USER32(00000000,?,?,00000000,x>6,00363E78,?,?,?,?,?,?,00000000), ref: 00363A8C
                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,x>6,00363E78,?,?,?,?,?,?,00000000), ref: 00363AEE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext
                                                                                                                                                                                                  • String ID: x>6$x>6
                                                                                                                                                                                                  • API String ID: 3213498283-2839012780
                                                                                                                                                                                                  • Opcode ID: 209edbe5d21157046711f3442a9b7a2de5e8f2391480020e4c713c69aba6af38
                                                                                                                                                                                                  • Instruction ID: 8b87b68d84e28f7605b2cbb27edff5be65474aa95e1895fcbb34cece1c2eafe7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 209edbe5d21157046711f3442a9b7a2de5e8f2391480020e4c713c69aba6af38
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5018C3460020ADFCF22DFA8C8907A973B6FF95300F928458D4868B358E770EE81DB81
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _malloc.LIBCMT ref: 00369B06
                                                                                                                                                                                                    • Part of subcall function 0036672B: __FF_MSGBANNER.LIBCMT ref: 00366742
                                                                                                                                                                                                    • Part of subcall function 0036672B: __NMSG_WRITE.LIBCMT ref: 00366749
                                                                                                                                                                                                    • Part of subcall function 0036672B: HeapAlloc.KERNEL32(00F10000,00000000,00000001,00000000,00000000,00000000,?,0036AFCB,00000000,00000000,00000000,00000000,?,0036BA60,00000018,003790F8), ref: 0036676E
                                                                                                                                                                                                  • std::exception::exception.LIBCMT ref: 00369B24
                                                                                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 00369B39
                                                                                                                                                                                                    • Part of subcall function 00367712: RaiseException.KERNEL32(?,?,?,?), ref: 00367767
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                                                                  • String ID: (J7$0J7
                                                                                                                                                                                                  • API String ID: 1059622496-1709980256
                                                                                                                                                                                                  • Opcode ID: 5e362b3c03304988a1c0ab3490336d5507afdd93c4fd92ce127dc0f23f54a114
                                                                                                                                                                                                  • Instruction ID: 21fdc9459dc7cee4709d9fa48afca1db5102c0814d0a8d4623142ac65087be5d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e362b3c03304988a1c0ab3490336d5507afdd93c4fd92ce127dc0f23f54a114
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDF0A43594421D66CB13BB98EC06EEE7BACDF01354F10C566FD089B189EBB0AA5492A4
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • MessageBoxA.USER32(00000000,DLLPROXY,00042014,003610A0), ref: 00361282
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 0036128F
                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 0036129B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExitMessageProcessValue
                                                                                                                                                                                                  • String ID: DLLPROXY$27
                                                                                                                                                                                                  • API String ID: 1376494668-2229863747
                                                                                                                                                                                                  • Opcode ID: cab94d95f3e6a128c4d3f996e5b216c01968ddaf77707ba7008b9186c1d42e37
                                                                                                                                                                                                  • Instruction ID: 38813f8a19fb785d7e50a2aa7b9e50365149203e2a4d5e15135039363d6c3407
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cab94d95f3e6a128c4d3f996e5b216c01968ddaf77707ba7008b9186c1d42e37
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BED0C970240201ABDB372B90EC0EB983A69B744702F548800F24E9A0B196628691FB22
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoResumeClassObjects.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,003663EE,?), ref: 003662D0
                                                                                                                                                                                                    • Part of subcall function 00366490: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00366288), ref: 0036649F
                                                                                                                                                                                                  • CoResumeClassObjects.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,003663EE,?), ref: 003662A5
                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,003663EE,?), ref: 003662B4
                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,003663EE,?), ref: 003662C1
                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,003663EE,?), ref: 003662C8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ClassEventObjectsResume$CloseCreateHandleObjectSingleWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1208342592-0
                                                                                                                                                                                                  • Opcode ID: a3d9b83d21447adb6083016243edd3993ad342bc43c10c15a3ab006d4406a848
                                                                                                                                                                                                  • Instruction ID: 91fd6cf0add781a1ed0fc35015a373185c2d4eece12fd7185249edba18792985
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3d9b83d21447adb6083016243edd3993ad342bc43c10c15a3ab006d4406a848
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5014537341A1257C7236728DC5AB9A275D9BD13A2F41C83AFB05DE20ADA75C8409764
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SysFreeString.OLEAUT32 ref: 0036390D
                                                                                                                                                                                                  • SysStringLen.OLEAUT32(00000000), ref: 0036391A
                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00363941
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: String$Free
                                                                                                                                                                                                  • String ID: ;7
                                                                                                                                                                                                  • API String ID: 1391021980-1614732971
                                                                                                                                                                                                  • Opcode ID: abd2f08fba30c5b1fcacc792cf12b8d54383ad82797c1d09102ec78ef5bddc7e
                                                                                                                                                                                                  • Instruction ID: 129b9c6be2193e958776a50f9e35b6bd381cc780b14e526415c66c449a427a9b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: abd2f08fba30c5b1fcacc792cf12b8d54383ad82797c1d09102ec78ef5bddc7e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5512C75A04205AFDB15CFA4C885BAEBBF4EF08750F10852DF916E7350E775A940CB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _free.LIBCMT ref: 00362D36
                                                                                                                                                                                                  • _free.LIBCMT ref: 00362D4C
                                                                                                                                                                                                  • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,00361ECE,C1C9A069,00000000,t67,00000000,003722C3,000000FF,?,00364FEF), ref: 00362D72
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$ExceptionRaise
                                                                                                                                                                                                  • String ID: O6
                                                                                                                                                                                                  • API String ID: 1710698773-1550471887
                                                                                                                                                                                                  • Opcode ID: 59199926a6b87d32e4d9e64af28eaf0a6af9f13bbf4ec2783ab7bc7543775292
                                                                                                                                                                                                  • Instruction ID: ad0158257e0a540085a52edc8d63e5d102edf9387c95c64a1f20f4e8f2afad7b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59199926a6b87d32e4d9e64af28eaf0a6af9f13bbf4ec2783ab7bc7543775292
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E11C4B1500912BBEB22AF58D846F47F7A8BF00704F12C426E9299F558DB31F861CBD2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00362CF0: _free.LIBCMT ref: 00362D36
                                                                                                                                                                                                    • Part of subcall function 00362CF0: _free.LIBCMT ref: 00362D4C
                                                                                                                                                                                                  • _free.LIBCMT ref: 00361EE6
                                                                                                                                                                                                    • Part of subcall function 003666F3: HeapFree.KERNEL32(00000000,00000000,?,00361355,?), ref: 00366707
                                                                                                                                                                                                    • Part of subcall function 003666F3: GetLastError.KERNEL32(00000000,?,00361355,?), ref: 00366719
                                                                                                                                                                                                  • _free.LIBCMT ref: 00361EFC
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID: t67$O6
                                                                                                                                                                                                  • API String ID: 776569668-1666557347
                                                                                                                                                                                                  • Opcode ID: f39ae0405fb1d473d00d727a3a0f03584de3547125d4df1de7edeb50b82d4065
                                                                                                                                                                                                  • Instruction ID: 14431000fd7829701a9f6fbe633093ee65bc16eb5fd111c679109754e8b852ba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f39ae0405fb1d473d00d727a3a0f03584de3547125d4df1de7edeb50b82d4065
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 000192B19046049BDB22CF54C801B5BB7ECEB04B00F00892EE8159B784D7B6A9008BD1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00371E92
                                                                                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 00371EC0
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 00371EEE
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 00371F24
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                                                                                  • Opcode ID: 6870415f4b6c9033a8350024f641e2eb9b09409df3b18263a3019ad98322e15b
                                                                                                                                                                                                  • Instruction ID: 42b7c7f1be988f7b37a89a685b49f910de653e610f3fe205abfaeb9116f9e6bd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6870415f4b6c9033a8350024f641e2eb9b09409df3b18263a3019ad98322e15b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C31D032600206EFDB328F39C844BAA7BB9FF44310F168129F8598B5A0D734E950EB90
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                                                  • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                                                                  • Instruction ID: 2956e4394d2c565f07a34a5fbc03044064e9e897d58eabc040bd1c546841213e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8014B7200014AFBCF135F94CC058EE3F66BB1D350B998625FA185A079DB36C9B2AB81
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ___BuildCatchObject.LIBCMT ref: 0036A38F
                                                                                                                                                                                                    • Part of subcall function 0036A9A6: ___AdjustPointer.LIBCMT ref: 0036A9EF
                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 0036A3A6
                                                                                                                                                                                                  • ___FrameUnwindToState.LIBCMT ref: 0036A3B8
                                                                                                                                                                                                  • CallCatchBlock.LIBCMT ref: 0036A3DC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2633735394-0
                                                                                                                                                                                                  • Opcode ID: 3ccd33e8189221602fdd2563f65e9cfb148c863d3a4afad10963a067523ca293
                                                                                                                                                                                                  • Instruction ID: 43d2d85549716ede1be3af2701022daed387c4fc4565dab17ca87d97cc574b24
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ccd33e8189221602fdd2563f65e9cfb148c863d3a4afad10963a067523ca293
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4012932000509BBCF139F55CC01EDA7BBAEF49754F158014FA5865224D376E961EFA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00366447
                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00366464
                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 0036646A
                                                                                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00366476
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$DispatchTranslate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1706434739-0
                                                                                                                                                                                                  • Opcode ID: d292c2b9d6489360a06f437057f28893a3129491cdaae3a0dafd9235a0af9780
                                                                                                                                                                                                  • Instruction ID: 1491cc1caa9cbca6cf1fdb3780c5cb8f21370593bdb395e980f5ff1528bb05ca
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d292c2b9d6489360a06f437057f28893a3129491cdaae3a0dafd9235a0af9780
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43F0A772E4030D76E621E6E99D83FDA73BCAB04B40F504012FB04E7084D6A4F9054BF4
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _memset.LIBCMT ref: 003619F9
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000147,00000000,00000000,00000000,00000000,?), ref: 00361A3A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • HRESULT(NTAPI*DllGetClassObject)(REFCLSID,REFIID,IClassFactory**);, xrefs: 003619CE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiWide_memset
                                                                                                                                                                                                  • String ID: HRESULT(NTAPI*DllGetClassObject)(REFCLSID,REFIID,IClassFactory**);
                                                                                                                                                                                                  • API String ID: 2800726579-184858184
                                                                                                                                                                                                  • Opcode ID: 08b7e9be920b97fcb73ada59cd629738b5e85979e01fc810c5aef56fe3d4fab8
                                                                                                                                                                                                  • Instruction ID: 569f3f4d650cd9ac9c7c698296947e87d9bce98af43705c672f858e3298c1ee7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b7e9be920b97fcb73ada59cd629738b5e85979e01fc810c5aef56fe3d4fab8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5318071A00659EBDB21CF54CC89FDAB7B8EB85305F0045D5E90DAF290C6716E898F90
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,x>6,75A3A7D0,?,00000000,?,00363E78,?,?,?,?,?,?,00000000), ref: 003639C9
                                                                                                                                                                                                  • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00000000,?,00363E78,?,?,?,?,?,?,00000000), ref: 00363A08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionRaiselstrcmpi
                                                                                                                                                                                                  • String ID: x>6
                                                                                                                                                                                                  • API String ID: 1543425345-735866398
                                                                                                                                                                                                  • Opcode ID: fb28a73a3f051e2562d36af3cb933149c5049216d50c5d5ca7edb3bf7582b9fe
                                                                                                                                                                                                  • Instruction ID: d50d2041022e4198920e13471cd5d74388867b663d89126ed98f8c9d6b8a4a95
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb28a73a3f051e2562d36af3cb933149c5049216d50c5d5ca7edb3bf7582b9fe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BF0A432200525ABD6229B8DD881F59F7A8FF04720F118227EA959B594C7B1F991CEA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00372213: _memset.LIBCMT ref: 00372220
                                                                                                                                                                                                    • Part of subcall function 003636B0: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,003721EF,?,?,?,0036107A), ref: 003636B3
                                                                                                                                                                                                    • Part of subcall function 003636B0: GetLastError.KERNEL32(?,?,?,0036107A), ref: 003636BD
                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,0036107A), ref: 003721F3
                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0036107A), ref: 00372202
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 003721FD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.1475091796.0000000000361000.00000020.00000001.01000000.00000009.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475056405.0000000000360000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475145675.0000000000373000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475168907.000000000037A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000C.00000002.1475197710.000000000037E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_360000_WinMerge32BitPluginProxy.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString_memset
                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                  • API String ID: 436010757-631824599
                                                                                                                                                                                                  • Opcode ID: c2c9610ba75c84b8f66f64b6264dcb753a835b784a9027e3dc1a2595530b874b
                                                                                                                                                                                                  • Instruction ID: 29305b2cdcb005d62abf868c36e860125e824d73cf27afe61f3ec3d4c785445b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2c9610ba75c84b8f66f64b6264dcb753a835b784a9027e3dc1a2595530b874b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9E06D702047008FD372AF24D948743BBE4AF04700F00C91DE49EC6645DBB8E584CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000E.00000002.1491886060.00007FF673B01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF673B00000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1491840020.00007FF673B00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1492794144.00007FF673E01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1492794144.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1498852281.00007FF673F3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1499185311.00007FF673F4C000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1499259813.00007FF673F5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1499284174.00007FF673F60000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1499311022.00007FF673F6D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1499311022.00007FF673F76000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000E.00000002.1499379423.00007FF673F79000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_7ff673b00000_WinMergeU.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c44208432c50ff899021ccbcfd5bb54785d6ce1aebe9cd5bdba27c5997c1deab
                                                                                                                                                                                                  • Instruction ID: 103864e2cf723e4e561a188ac31e67e7b16d14116fe38ca0c8ebc9c6f5eb1be2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c44208432c50ff899021ccbcfd5bb54785d6ce1aebe9cd5bdba27c5997c1deab
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF111827B24B058AEB00CF70E8562A833A4FB19768F441E31EA6D967A4EF7CD1948340
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000F.00000002.2522195427.00007FF673B01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF673B00000, based on PE: true
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522155893.00007FF673B00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522446697.00007FF673E01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522446697.00007FF673E31000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522585909.00007FF673F3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522610009.00007FF673F4C000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522635868.00007FF673F5F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522661780.00007FF673F60000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522689341.00007FF673F6D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522689341.00007FF673F76000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 0000000F.00000002.2522738342.00007FF673F79000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff673b00000_WinMergeU.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                  • Opcode ID: c44208432c50ff899021ccbcfd5bb54785d6ce1aebe9cd5bdba27c5997c1deab
                                                                                                                                                                                                  • Instruction ID: 103864e2cf723e4e561a188ac31e67e7b16d14116fe38ca0c8ebc9c6f5eb1be2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c44208432c50ff899021ccbcfd5bb54785d6ce1aebe9cd5bdba27c5997c1deab
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF111827B24B058AEB00CF70E8562A833A4FB19768F441E31EA6D967A4EF7CD1948340