Windows Analysis Report
BCompare-5.0.5.30614.exe

Overview

General Information

Sample name: BCompare-5.0.5.30614.exe
Analysis ID: 1592373
MD5: 5f5d610da3aa05fd1097ef63223b1aad
SHA1: 200b7da822bd87d7e1e1f372acb71ae26c5b2e2b
SHA256: 6512d423dd07510507e77c68d1805f6b8d10fd7d5e88e4630fbce0922c1f8bee
Infos:

Detection

Score: 15
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Found direct / indirect Syscall (likely to bypass EDR)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates or modifies windows services
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Classes Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: BCompare-5.0.5.30614.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.LICENSE AGREEMENTYour use of Beyond Compare is governed by the following Terms and Conditions:Acceptance of License AgreementYou ("Customer") should carefully read the following terms and conditions before using Beyond Compare 5 (the "Software"). Unless you have a different license agreement signed by Scooter Software your use of this software indicates your agreement to these terms and conditions. If you do not accept all of these terms and conditions you must cease using the Software immediately.CopyrightCustomer acknowledges that the Software License Key and accompanying user documentation ("Documentation") are copyrighted works owned by Scooter Software and that Customer has no rights in the foregoing except as expressly granted herein.Free 30-Day TrialThis is not free software. Scooter Software hereby grants you a non-exclusive non-transferable limited license to use the Software free of charge for a period of thirty (30) days. Use of the Software beyond the thirty-day (30-day) trial period requires the purchase of a License Key as described below. Use of the Software beyond the thirty-day (30-day) trial period without purchase of a License Key is a violation of U.S. and international copyright laws.License KeyA unique key that will allow you to use the Software beyond the thirty-day (30-day) free trial period ("License Key") may be purchased from the Scooter Software website which is currently https://www.scootersoftware.com. A License Key may be purchased for single or multiple users all users at a named site or an entire enterprise. A License Key is further categorized by feature set (Standard Edition or Pro Edition). A price list on the Scooter Software website details fees for all license options. Upon purchase of a License Key Scooter Software hereby grants you a non-exclusive license to use the Software with the applicable feature set as follows: Per-User License Key: A Per-User License Key may be purchased for a specific quantity of users. Each user of the total quantity may be either (a) a person who has access to the Software on any number of computers or (b) a computer on which the Software will be installed for use by any number of persons one at a time while physically present at the computer. Each person so licensed must be the Customer an employee of the Customer an employee of a Customer's subsidiary company or a third party consultant retained by the Customer to perform information technology functions (each a "Third Party") to use the Software solely for Customer's internal business operations and benefit and for no other purpose whatsoever. Customer shall ensure that such Third Party complies with the terms of this License Agreement and will be responsible for any breach by such Third Party. Site
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.LICENSE AGREEMENTYour use of Beyond Compare is governed by the following Terms and Conditions:Acceptance of License AgreementYou ("Customer") should carefully read the following terms and conditions before using Beyond Compare 5 (the "Software"). Unless you have a different license agreement signed by Scooter Software your use of this software indicates your agreement to these terms and conditions. If you do not accept all of these terms and conditions you must cease using the Software immediately.CopyrightCustomer acknowledges that the Software License Key and accompanying user documentation ("Documentation") are copyrighted works owned by Scooter Software and that Customer has no rights in the foregoing except as expressly granted herein.Free 30-Day TrialThis is not free software. Scooter Software hereby grants you a non-exclusive non-transferable limited license to use the Software free of charge for a period of thirty (30) days. Use of the Software beyond the thirty-day (30-day) trial period requires the purchase of a License Key as described below. Use of the Software beyond the thirty-day (30-day) trial period without purchase of a License Key is a violation of U.S. and international copyright laws.License KeyA unique key that will allow you to use the Software beyond the thirty-day (30-day) free trial period ("License Key") may be purchased from the Scooter Software website which is currently https://www.scootersoftware.com. A License Key may be purchased for single or multiple users all users at a named site or an entire enterprise. A License Key is further categorized by feature set (Standard Edition or Pro Edition). A price list on the Scooter Software website details fees for all license options. Upon purchase of a License Key Scooter Software hereby grants you a non-exclusive license to use the Software with the applicable feature set as follows: Per-User License Key: A Per-User License Key may be purchased for a specific quantity of users. Each user of the total quantity may be either (a) a person who has access to the Software on any number of computers or (b) a computer on which the Software will be installed for use by any number of persons one at a time while physically present at the computer. Each person so licensed must be the Customer an employee of the Customer an employee of a Customer's subsidiary company or a third party consultant retained by the Customer to perform information technology functions (each a "Third Party") to use the Software solely for Customer's internal business operations and benefit and for no other purpose whatsoever. Customer shall ensure that such Third Party complies with the terms of this License Agreement and will be responsible for any breach by such Third Party. Site
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\Packers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-JQNIL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-4MHOG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-B8GAS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-C1RH0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-GGN2U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-K6QSQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-7ONVI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-EC3JI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-BS8MP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-C1132.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-B0TDO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-0TV5D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-FDK6U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-8736U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-NUJ04.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-RE1S8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-N3K06.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-7NT86.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\unins000.msg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1 Jump to behavior
Source: BCompare-5.0.5.30614.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 72.32.90.250:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: BCompare-5.0.5.30614.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\WinRAR\rar\build\unrardll64\Release\UnRAR64.pdb source: BCompare.exe, 00000006.00000002.2968535949.00007FFE115B4000.00000002.00000001.01000000.0000000B.sdmp, is-EC3JI.tmp.1.dr
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6634614C FindFirstFileW,FindFirstFileW,free, 6_2_6634614C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1158A190 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 6_2_00007FFE1158A190
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115AE080 FindFirstFileExA, 6_2_00007FFE115AE080
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then movzx eax, byte ptr [rsp+rcx+20h] 6_2_6643E660
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then add rbp, 10h 6_2_66444670
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov edx, dword ptr [rsp+40h] 6_2_66444670
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov r10, qword ptr [r11-08h] 6_2_66476410
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov dword ptr [rax+78h], edx 6_2_66472260
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov rax, r8 6_2_6646A330
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then inc edx 6_2_6646A1C0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then movzx eax, byte ptr [r15+rsi] 6_2_664621A0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov qword ptr [rcx], rbx 6_2_66476ED0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov ecx, dword ptr [rdi+70h] 6_2_6646EA10
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov rax, qword ptr [rdi+40h] 6_2_6643EAB0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov byte ptr [rsp+70h], bpl 6_2_6643EAB0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov byte ptr [rax-01h], bl 6_2_66444B00
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov rdx, rsi 6_2_664773E0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then movzx eax, byte ptr [rcx] 6_2_66443F60
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov r9d, ebx 6_2_66469FE0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov rbx, rdi 6_2_66475FF0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov r9, qword ptr [rdi+40h] 6_2_6646DB70
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then add rcx, rcx 6_2_66461B00
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then movzx eax, byte ptr [rdx] 6_2_6646B840
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 4x nop then mov qword ptr [rsp+rax*8+30h], FFFFFFFFFFFFFFFFh 6_2_6646B840
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /checkupdates.php?product=bc5&minor=0&maint=5&auth=30.15&build=30614&edition=prodebug&cpuarch=x86_64&platform=win32&lang=silent HTTP/1.1Accept: */*User-Agent: BeyondCompare/5.0 (Windows NT 10.0; Win64; x64)Host: www.scootersoftware.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic DNS traffic detected: DNS query: www.scootersoftware.com
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: BCompare.exe, 00000006.00000002.2967105677.00000286A39C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOSHA256CodeSigningCA.crl0w
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000002.2186041323.000000000039C000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://gnuwin32.sourceforge.net
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com0&
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://ocsp.digicert.com0
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: http://ocsp.sectigo.com0&
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A145F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/chart03H
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/chartDrawing
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A145F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/main03H
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/drawingml/spreadsheetDrawing
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/customProperties
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp, BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/customXml
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/customXmlDataProps
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/docPropsVTypes
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/extendedProperties
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/chart
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/chartUserShapes
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/chartsheet
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/comments
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/connections
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A13B5000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customProperties
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customXml
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/customXmlProps
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/dialogsheet
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/drawing
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A13B5000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/extendedProperties
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/externalLink
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/externalLinkPath
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/hyperlink
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/image
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/metadata/thumbnail
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp, BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocument
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/oleObject
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheDefinition
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/pivotTable
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/printerSettings
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/queryTable
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/sharedStrings
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/sheetMetadata
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/styles
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/table
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/tableSingleCells
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/theme
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/worksheet
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/xmlMaps
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/spreadsheetml/
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://purl.oclc.org/ooxml/spreadsheetml/mainx64
Source: BCompare.exe, 00000006.00000000.2114018440.00000000009C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903#SignedProperties
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.1.1#
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.1.1#SignedProperties
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#BER
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#CER
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#DER
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#PER
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#SignedProperties
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#XER
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.3.2#
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/01903/v1.4.1#
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/02231/TSLTag
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/02231/v1.1.1#
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/02231/v2#
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/02231/v2#SH
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/02231/v2/additionaltypes#
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/19612/TSLTag
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/ACA
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/AdESGeneration
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/AdESValidation
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/Archiv
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/Archiv/nothavingPKIid
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/CA/PKC
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/CA/QC
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/Certstatus/CRL
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/Certstatus/CRL/QC
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/EDS
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/EDS/Q
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/EDS/REM
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/EDS/REM/Q
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/IdV
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/IdV/nothavingPKIid
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/KEscrow
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/KEscrow/nothavingPKIid
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/NationalRootCA-QC
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/PPwd
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/PPwd/nothavingPKIid
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/PSES
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/PSES/Q
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/QESValidation/Q
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/RA
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/RA/nothavingPKIid
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/RemoteQSCDManagement/Q
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/SignaturePolicyAuthority
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/TLIssuer
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/TSA
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-AdESQCandQES
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-QC
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/Svctype/unspecified
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/recognisedatnationallevel
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/recognisedatnationallevelUH
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/recognisedatnationallevelUWVSH
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUgeneric
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUlistofthelists
Source: is-EC3JI.tmp.1.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://www.ebics.org/H003
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://www.ghisler.com/plugins.htm
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000002.2186041323.000000000039C000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/software/patch/patch.htmlDVarFileInfo$
Source: BCompare.exe, 00000006.00000000.2114018440.00000000009C1000.00000020.00000001.01000000.0000000A.sdmp, BCompare.exe, 00000006.00000002.2958303068.00000286A145F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ietf.org/rfc/rfc3075.txt
Source: BCompare.exe, 00000006.00000000.2114018440.00000000009C1000.00000020.00000001.01000000.0000000A.sdmp, BCompare.exe, 00000006.00000002.2958303068.00000286A145F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ietf.org/rfc/rfc3275.txt
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://www.totalcmd.net/directory/packer.html
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1360000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000000.2141040356.0000000002908000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: http://www.xpdfreader.com/index.html
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: http://x.ss2.us/x.cer
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://api.dropbox.com/oauth2/token?
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://api.dropboxapi.com/
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://api.dropboxapi.com/2/
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://content.dropboxapi.com/2/files/
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://content.dropboxapi.com/2/files/download
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://ec.europa.eu/tools/lotl/eu-lotl.xml
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/token
Source: BCompare-5.0.5.30614.exe String found in binary or memory: https://scootersoftware.com/kb/netsetupSetupU
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D52000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, is-7ONVI.tmp.1.dr, is-4MHOG.tmp.1.dr, BCompare-5.0.5.30614.tmp.0.dr, is-BS8MP.tmp.1.dr, BCShellEx.dll.1.dr String found in binary or memory: https://sectigo.com/CPS0
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.dropbox.com/oauth2/authorize?response_type=code&token_access_type=offline&client_id=ftp1
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007F87B000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003720000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000000.1693345022.00000000005D1000.00000020.00000001.01000000.00000004.sdmp, BCompare-5.0.5.30614.tmp.0.dr String found in binary or memory: https://www.innosetup.com/
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007F87B000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003720000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000000.1693345022.00000000005D1000.00000020.00000001.01000000.00000004.sdmp, BCompare-5.0.5.30614.tmp.0.dr String found in binary or memory: https://www.remobjects.com/ps
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.2181663945.000000000281B000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp, BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp, BCompare.exe, 00000006.00000002.2964266512.00000286A2FFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com
Source: BCompare-5.0.5.30614.tmp, 00000001.00000002.2187193317.0000000000D8B000.00000004.00000020.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.1825550777.0000000000DBB000.00000004.00000020.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2184346123.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2184396439.0000000000D87000.00000004.00000020.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2184396439.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2180501409.00000000038D2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com.
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.1821334331.0000000003660000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2181663945.00000000028CC000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000002.2186041323.000000000039C000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.2191926141.000000000327C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/)
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.2181663945.00000000028CC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/1
Source: BCompare.exe, 00000006.00000002.2956427761.000002869F913000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/2
Source: BCompare.exe, 00000006.00000002.2964266512.00000286A2FA7000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2967105677.00000286A39B0000.00000004.00000020.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp, checkupdates[1].htm.6.dr String found in binary or memory: https://www.scootersoftware.com/BCompare-5.0.5.30614.exe
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.2191926141.000000000327C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/Y
Source: BCompare.exe, 00000006.00000000.2141040356.00000000038D1000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/bugRepMailer.php
Source: BCompare.exe, 00000006.00000002.2956427761.000002869F899000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/bugRepMailer.phpe
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/buybc5?bld=%d
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/buybc5?bld=%d8
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A13F9000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/buybc5?bld=30614
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A1381000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/buybc5?bld=3061446
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, BCompare-5.0.5.30614.tmp, 00000001.00000002.2186041323.000000000039C000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/buynow
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/checkupdates.php?product=bc5&minor=
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A13BC000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2956427761.000002869F913000.00000004.00000020.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2956427761.000002869F969000.00000004.00000020.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2960128800.00000286A2D4B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/checkupdates.php?product=bc5&minor=0&maint=5&auth=30.15&build=30614&
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/colors_win5
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/download.php
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/expiring?code=%s
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/formats_win5
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp, BCompare.exe, 00000006.00000002.2958303068.00000286A145F000.00000004.00001000.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2958303068.00000286A1429000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/forums
Source: BCompare.exe, 00000006.00000002.2956427761.000002869F913000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/j
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/support.php
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/support.php?keyword=%s&version=BC5&platform=Windows
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/upgrade
Source: BCompare.exe, 00000006.00000000.2114018440.00000000013C1000.00000020.00000001.01000000.0000000A.sdmp String found in binary or memory: https://www.scootersoftware.com/upgradeSH
Source: BCompare.exe, 00000006.00000000.2114018440.0000000001DC1000.00000020.00000001.01000000.0000000A.sdmp, BCompare.exe, 00000006.00000002.2958303068.00000286A13CB000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/videos_win5
Source: BCompare.exe, 00000006.00000002.2958303068.00000286A145F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.scootersoftware.com/videos_win503H
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown HTTPS traffic detected: 72.32.90.250:443 -> 192.168.2.4:49740 version: TLS 1.2
Contains functionality to communicate with device drivers
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157F8F0: CreateFileW,CloseHandle,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SetFileSecurityW,GetLastError,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task, 6_2_00007FFE1157F8F0
Detected potential crypto function
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6643E660 6_2_6643E660
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66444670 6_2_66444670
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6637672C 6_2_6637672C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66378714 6_2_66378714
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663B0748 6_2_663B0748
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6646A730 6_2_6646A730
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663EA79C 6_2_663EA79C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66368414 6_2_66368414
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6635244C 6_2_6635244C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6637A534 6_2_6637A534
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66372564 6_2_66372564
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663845A8 6_2_663845A8
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66392234 6_2_66392234
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663D8278 6_2_663D8278
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66394274 6_2_66394274
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663E62F8 6_2_663E62F8
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663602D8 6_2_663602D8
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6638E2C0 6_2_6638E2C0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6639C36C 6_2_6639C36C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6647A330 6_2_6647A330
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663BC398 6_2_663BC398
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_664783E0 6_2_664783E0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6636E38C 6_2_6636E38C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663F03F0 6_2_663F03F0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6636C0FC 6_2_6636C0FC
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663AA0E0 6_2_663AA0E0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6639C0D8 6_2_6639C0D8
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66458150 6_2_66458150
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66348168 6_2_66348168
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66480130 6_2_66480130
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6647A1B0 6_2_6647A1B0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663D6E64 6_2_663D6E64
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663E2E44 6_2_663E2E44
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66476ED0 6_2_66476ED0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6635AE90 6_2_6635AE90
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66358C24 6_2_66358C24
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6639EC5C 6_2_6639EC5C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6638ECD0 6_2_6638ECD0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663FCD1C 6_2_663FCD1C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663C4D08 6_2_663C4D08
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663A8DB4 6_2_663A8DB4
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66388DE4 6_2_66388DE4
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663B6DC4 6_2_663B6DC4
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663AAA30 6_2_663AAA30
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663CCA00 6_2_663CCA00
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6646EA10 6_2_6646EA10
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66394A8C 6_2_66394A8C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66476AF0 6_2_66476AF0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66370AE8 6_2_66370AE8
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6643EAB0 6_2_6643EAB0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66480B50 6_2_66480B50
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66458B30 6_2_66458B30
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6636E8D4 6_2_6636E8D4
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66468910 6_2_66468910
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6637E968 6_2_6637E968
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663FA948 6_2_663FA948
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663DE9B8 6_2_663DE9B8
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663B89C0 6_2_663B89C0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66363624 6_2_66363624
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6635D670 6_2_6635D670
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6637F678 6_2_6637F678
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6639F664 6_2_6639F664
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66397644 6_2_66397644
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6635169C 6_2_6635169C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663676FC 6_2_663676FC
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66341770 6_2_66341770
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663D57B0 6_2_663D57B0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663F77CC 6_2_663F77CC
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6647F470 6_2_6647F470
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6638B400 6_2_6638B400
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6646D430 6_2_6646D430
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663EF49C 6_2_663EF49C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66473540 6_2_66473540
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663C155C 6_2_663C155C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663755F0 6_2_663755F0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663A92A8 6_2_663A92A8
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66393280 6_2_66393280
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6636B310 6_2_6636B310
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_664473D0 6_2_664473D0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_664773E0 6_2_664773E0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6637D3C4 6_2_6637D3C4
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6643F030 6_2_6643F030
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6640103C 6_2_6640103C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663B50BC 6_2_663B50BC
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663A7124 6_2_663A7124
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6637B160 6_2_6637B160
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663E5190 6_2_663E5190
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66403E88 6_2_66403E88
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6639BEC0 6_2_6639BEC0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66351F20 6_2_66351F20
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663ABF24 6_2_663ABF24
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66443F60 6_2_66443F60
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6646DFC0 6_2_6646DFC0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663C7FA8 6_2_663C7FA8
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663FBC34 6_2_663FBC34
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663D3C14 6_2_663D3C14
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66355CB0 6_2_66355CB0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6639FCAC 6_2_6639FCAC
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66453D50 6_2_66453D50
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663E7D0C 6_2_663E7D0C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66397D94 6_2_66397D94
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66363DFC 6_2_66363DFC
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66395DDC 6_2_66395DDC
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6646FDA0 6_2_6646FDA0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663F1DC4 6_2_663F1DC4
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6635FA68 6_2_6635FA68
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663C1B14 6_2_663C1B14
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66461B00 6_2_66461B00
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6646B840 6_2_6646B840
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_66357874 6_2_66357874
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663EF874 6_2_663EF874
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663A785C 6_2_663A785C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663F197C 6_2_663F197C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6637D980 6_2_6637D980
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663F39E4 6_2_663F39E4
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157B1A0 6_2_00007FFE1157B1A0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157C230 6_2_00007FFE1157C230
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11584210 6_2_00007FFE11584210
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1158E1F0 6_2_00007FFE1158E1F0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115860F0 6_2_00007FFE115860F0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157B360 6_2_00007FFE1157B360
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115923D0 6_2_00007FFE115923D0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115A42A0 6_2_00007FFE115A42A0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1159027A 6_2_00007FFE1159027A
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115B2328 6_2_00007FFE115B2328
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11572300 6_2_00007FFE11572300
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1158D300 6_2_00007FFE1158D300
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1158B2F0 6_2_00007FFE1158B2F0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115892C0 6_2_00007FFE115892C0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1159C2C0 6_2_00007FFE1159C2C0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157E2D0 6_2_00007FFE1157E2D0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157C570 6_2_00007FFE1157C570
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1158B540 6_2_00007FFE1158B540
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115A25F0 6_2_00007FFE115A25F0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115905C6 6_2_00007FFE115905C6
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1159C750 6_2_00007FFE1159C750
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115946B0 6_2_00007FFE115946B0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11591730 6_2_00007FFE11591730
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1158C6C0 6_2_00007FFE1158C6C0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157C9A0 6_2_00007FFE1157C9A0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157B980 6_2_00007FFE1157B980
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1159A970 6_2_00007FFE1159A970
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11590940 6_2_00007FFE11590940
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1159B940 6_2_00007FFE1159B940
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115729E0 6_2_00007FFE115729E0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115999ED 6_2_00007FFE115999ED
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157A9D0 6_2_00007FFE1157A9D0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11596860 6_2_00007FFE11596860
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115A4900 6_2_00007FFE115A4900
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157F8F0 6_2_00007FFE1157F8F0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11586B60 6_2_00007FFE11586B60
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1159CB40 6_2_00007FFE1159CB40
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1159BC00 6_2_00007FFE1159BC00
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157ABC0 6_2_00007FFE1157ABC0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11577AA0 6_2_00007FFE11577AA0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11591AE0 6_2_00007FFE11591AE0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1157BDB0 6_2_00007FFE1157BDB0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11591DE0 6_2_00007FFE11591DE0
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11571000 6_2_00007FFE11571000
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11595C90 6_2_00007FFE11595C90
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115A1D30 6_2_00007FFE115A1D30
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11575F90 6_2_00007FFE11575F90
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115ADE74 6_2_00007FFE115ADE74
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1159BE40 6_2_00007FFE1159BE40
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11598F20 6_2_00007FFE11598F20
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11577F30 6_2_00007FFE11577F30
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11599F10 6_2_00007FFE11599F10
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115ABED8 6_2_00007FFE115ABED8
Found potential string decryption / allocating functions
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: String function: 6634221C appears 46 times
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: String function: 663432D8 appears 65 times
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: String function: 663442CC appears 57 times
PE file contains executable resources (Code or Archives)
Source: BCompare-5.0.5.30614.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-JQNIL.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-B8GAS.tmp.1.dr Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: is-B8GAS.tmp.1.dr Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: is-B8GAS.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: is-B8GAS.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: is-B8GAS.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\031TVfsArchivePasswordDialog\030VfsArchivePasswordDialog\007Caption\006\016Enter Password\014ClientHeight\003\224'
PE file contains more sections than normal
Source: BCompare-5.0.5.30614.exe Static PE information: Number of sections : 11 > 10
Source: is-B8GAS.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: BCompare-5.0.5.30614.tmp.0.dr Static PE information: Number of sections : 11 > 10
Source: is-JQNIL.tmp.1.dr Static PE information: Number of sections : 11 > 10
PE file contains strange resources
Source: is-B8GAS.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: Delphi compiled form '\024TPixFullScreenDialog\023PixFullScreenDialog\013BorderStyle\007\006bsNone\014ClientHeight\003\300\001\013ClientWidth\003\300\001\005Color\004..#'
PE file does not import any functions
Source: is-K6QSQ.tmp.1.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691899255.000000007FBCC000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs BCompare-5.0.5.30614.exe
Source: BCompare-5.0.5.30614.exe, 00000000.00000000.1689594927.000000000053D000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs BCompare-5.0.5.30614.exe
Source: BCompare-5.0.5.30614.exe, 00000000.00000003.1691467612.0000000003890000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs BCompare-5.0.5.30614.exe
Source: BCompare-5.0.5.30614.exe Binary or memory string: OriginalFileName vs BCompare-5.0.5.30614.exe
Uses 32bit PE files
Source: BCompare-5.0.5.30614.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: is-K6QSQ.tmp.1.dr Static PE information: Section .rsrc
Source: BCompare.exe, 00000006.00000002.2964266512.00000286A2FF3000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: (*.bas;*.cls;*.ctl;*.frm;*.vb;*.vbp;*.vbs
Source: BCompare.exe, 00000006.00000000.2141040356.0000000002908000.00000002.00000001.01000000.0000000A.sdmp Binary or memory string: <Mask Value="*.bas;*.cls;*.ctl;*.frm;*.vb;*.vbp;*.vbs"/>
Source: classification engine Classification label: clean15.evad.winEXE@5/48@1/1
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11582760 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle, 6_2_00007FFE11582760
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1158B990 CoCreateInstance,SysAllocString,SysFreeString,CoSetProxyBlanket,SysFreeString,SysFreeString,VariantClear, 6_2_00007FFE1158B990
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Users\Public\Desktop\Beyond Compare 5.lnk Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1c84
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Mutant created: NULL
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$1c84
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\BeyondCompare5
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Mutant created: \Sessions\1\BaseNamedObjects\Beyond Compare: BE887BC7-16B2-48B5-B618-B3A52A26EC10
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Mutant created: \Sessions\1\BaseNamedObjects\BeyondCompare5
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe File created: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp Jump to behavior
Source: Yara match File source: C:\Program Files\Beyond Compare 5\is-0TV5D.tmp, type: DROPPED
Source: Yara match File source: C:\Program Files\Beyond Compare 5\is-B0TDO.tmp, type: DROPPED
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File read: C:\Program Files\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: BCompare-5.0.5.30614.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe File read: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe "C:\Users\user\Desktop\BCompare-5.0.5.30614.exe"
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe Process created: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp "C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp" /SL5="$20486,27293175,1148416,C:\Users\user\Desktop\BCompare-5.0.5.30614.exe"
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process created: C:\Program Files\Beyond Compare 5\BCompare.exe "C:\Program Files\Beyond Compare 5\BCompare.exe"
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe Process created: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp "C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp" /SL5="$20486,27293175,1148416,C:\Users\user\Desktop\BCompare-5.0.5.30614.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process created: C:\Program Files\Beyond Compare 5\BCompare.exe "C:\Program Files\Beyond Compare 5\BCompare.exe" Jump to behavior
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: faultrep.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: bcunrar.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: security.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: 7z.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Section loaded: wininetlui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: Beyond Compare 5.lnk.1.dr LNK file: ..\..\..\..\..\Program Files\Beyond Compare 5\BCompare.exe
Source: Beyond Compare 5.lnk0.1.dr LNK file: ..\..\..\Program Files\Beyond Compare 5\BCompare.exe
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.LICENSE AGREEMENTYour use of Beyond Compare is governed by the following Terms and Conditions:Acceptance of License AgreementYou ("Customer") should carefully read the following terms and conditions before using Beyond Compare 5 (the "Software"). Unless you have a different license agreement signed by Scooter Software your use of this software indicates your agreement to these terms and conditions. If you do not accept all of these terms and conditions you must cease using the Software immediately.CopyrightCustomer acknowledges that the Software License Key and accompanying user documentation ("Documentation") are copyrighted works owned by Scooter Software and that Customer has no rights in the foregoing except as expressly granted herein.Free 30-Day TrialThis is not free software. Scooter Software hereby grants you a non-exclusive non-transferable limited license to use the Software free of charge for a period of thirty (30) days. Use of the Software beyond the thirty-day (30-day) trial period requires the purchase of a License Key as described below. Use of the Software beyond the thirty-day (30-day) trial period without purchase of a License Key is a violation of U.S. and international copyright laws.License KeyA unique key that will allow you to use the Software beyond the thirty-day (30-day) free trial period ("License Key") may be purchased from the Scooter Software website which is currently https://www.scootersoftware.com. A License Key may be purchased for single or multiple users all users at a named site or an entire enterprise. A License Key is further categorized by feature set (Standard Edition or Pro Edition). A price list on the Scooter Software website details fees for all license options. Upon purchase of a License Key Scooter Software hereby grants you a non-exclusive license to use the Software with the applicable feature set as follows: Per-User License Key: A Per-User License Key may be purchased for a specific quantity of users. Each user of the total quantity may be either (a) a person who has access to the Software on any number of computers or (b) a computer on which the Software will be installed for use by any number of persons one at a time while physically present at the computer. Each person so licensed must be the Customer an employee of the Customer an employee of a Customer's subsidiary company or a third party consultant retained by the Customer to perform information technology functions (each a "Third Party") to use the Software solely for Customer's internal business operations and benefit and for no other purpose whatsoever. Customer shall ensure that such Third Party complies with the terms of this License Agreement and will be responsible for any breach by such Third Party. Site
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.LICENSE AGREEMENTYour use of Beyond Compare is governed by the following Terms and Conditions:Acceptance of License AgreementYou ("Customer") should carefully read the following terms and conditions before using Beyond Compare 5 (the "Software"). Unless you have a different license agreement signed by Scooter Software your use of this software indicates your agreement to these terms and conditions. If you do not accept all of these terms and conditions you must cease using the Software immediately.CopyrightCustomer acknowledges that the Software License Key and accompanying user documentation ("Documentation") are copyrighted works owned by Scooter Software and that Customer has no rights in the foregoing except as expressly granted herein.Free 30-Day TrialThis is not free software. Scooter Software hereby grants you a non-exclusive non-transferable limited license to use the Software free of charge for a period of thirty (30) days. Use of the Software beyond the thirty-day (30-day) trial period requires the purchase of a License Key as described below. Use of the Software beyond the thirty-day (30-day) trial period without purchase of a License Key is a violation of U.S. and international copyright laws.License KeyA unique key that will allow you to use the Software beyond the thirty-day (30-day) free trial period ("License Key") may be purchased from the Scooter Software website which is currently https://www.scootersoftware.com. A License Key may be purchased for single or multiple users all users at a named site or an entire enterprise. A License Key is further categorized by feature set (Standard Edition or Pro Edition). A price list on the Scooter Software website details fees for all license options. Upon purchase of a License Key Scooter Software hereby grants you a non-exclusive license to use the Software with the applicable feature set as follows: Per-User License Key: A Per-User License Key may be purchased for a specific quantity of users. Each user of the total quantity may be either (a) a person who has access to the Software on any number of computers or (b) a computer on which the Software will be installed for use by any number of persons one at a time while physically present at the computer. Each person so licensed must be the Customer an employee of the Customer an employee of a Customer's subsidiary company or a third party consultant retained by the Customer to perform information technology functions (each a "Third Party") to use the Software solely for Customer's internal business operations and benefit and for no other purpose whatsoever. Customer shall ensure that such Third Party complies with the terms of this License Agreement and will be responsible for any breach by such Third Party. Site
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\Packers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-JQNIL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-4MHOG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-B8GAS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-C1RH0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-GGN2U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-K6QSQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-7ONVI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-EC3JI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-BS8MP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-C1132.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-B0TDO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-0TV5D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-FDK6U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-8736U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-NUJ04.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-RE1S8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-N3K06.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\is-7NT86.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Directory created: C:\Program Files\Beyond Compare 5\unins000.msg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1 Jump to behavior
Source: BCompare-5.0.5.30614.exe Static PE information: certificate valid
Source: BCompare-5.0.5.30614.exe Static file information: File size 28399696 > 1048576
Source: BCompare-5.0.5.30614.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\WinRAR\rar\build\unrardll64\Release\UnRAR64.pdb source: BCompare.exe, 00000006.00000002.2968535949.00007FFE115B4000.00000002.00000001.01000000.0000000B.sdmp, is-EC3JI.tmp.1.dr
PE file contains sections with non-standard names
Source: BCompare-5.0.5.30614.exe Static PE information: section name: .didata
Source: BCompare-5.0.5.30614.tmp.0.dr Static PE information: section name: .didata
Source: BCShellEx.dll.1.dr Static PE information: section name: .didata
Source: is-8736U.tmp.1.dr Static PE information: section name: .didata
Source: is-JQNIL.tmp.1.dr Static PE information: section name: .didata
Source: is-B8GAS.tmp.1.dr Static PE information: section name: .didata
Source: is-GGN2U.tmp.1.dr Static PE information: section name: .didata
Source: is-EC3JI.tmp.1.dr Static PE information: section name: _RDATA
Source: is-BS8MP.tmp.1.dr Static PE information: section name: .didata
Source: is-B0TDO.tmp.1.dr Static PE information: section name: .didata
Source: is-0TV5D.tmp.1.dr Static PE information: section name: .didata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11574151 push rbp; iretd 6_2_00007FFE11574152
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115741FB push rcx; retf 0001h 6_2_00007FFE115741FC
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11574124 push rbp; iretd 6_2_00007FFE11574125
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115743AC push rbp; iretd 6_2_00007FFE115743AD
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11574348 push rsp; retf 0001h 6_2_00007FFE11574349
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115742A9 push rbp; iretd 6_2_00007FFE115742AA
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11574249 push rbx; retf 6_2_00007FFE1157424A
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11574899 push rbp; iretd 6_2_00007FFE1157489A
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-JQNIL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-BS8MP.tmp Jump to dropped file
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe File created: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\BCUnRAR.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\BComp.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\7z.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Users\user\AppData\Local\Temp\is-FTTBU.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Users\user\AppData\Local\Temp\is-FTTBU.tmp\BCShellEx.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-7ONVI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\PdfToText.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-0TV5D.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\BCShellEx64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-EC3JI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Users\user\AppData\Local\Temp\is-FTTBU.tmp\Is64Bit.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-GGN2U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-N3K06.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\mscoree.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\BComp.com (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\BCClipboard.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-4MHOG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\BCShellEx.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\Patch.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\BCompare.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-K6QSQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-B8GAS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-B0TDO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\Program Files\Beyond Compare 5\is-8736U.tmp Jump to dropped file
Creates or modifies windows services
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Beyond Compare 5 Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beyond Compare 5.lnk Jump to behavior
Source: C:\Users\user\Desktop\BCompare-5.0.5.30614.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-GGN2U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-BS8MP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-N3K06.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\BComp.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\mscoree.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\BComp.com (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FTTBU.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\BCClipboard.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FTTBU.tmp\BCShellEx.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\BCShellEx.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-4MHOG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\Patch.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\PdfToText.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-7ONVI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-0TV5D.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\BCShellEx64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-K6QSQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-EC3JI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-B0TDO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FTTBU.tmp\Is64Bit.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Dropped PE file which has not been started: C:\Program Files\Beyond Compare 5\is-8736U.tmp Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Program Files\Beyond Compare 5\BCompare.exe API coverage: 0.2 %
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_6634614C FindFirstFileW,FindFirstFileW,free, 6_2_6634614C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1158A190 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 6_2_00007FFE1158A190
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115AE080 FindFirstFileExA, 6_2_00007FFE115AE080
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_663489E0 GetSystemInfo, 6_2_663489E0
Source: BCompare.exe, 00000006.00000000.2141040356.0000000002908000.00000002.00000001.01000000.0000000A.sdmp Binary or memory string: QEMU Copy On Write archive
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.2184396439.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\,
Source: BCompare.exe, 00000006.00000002.2956427761.000002869F899000.00000004.00000020.00020000.00000000.sdmp, BCompare.exe, 00000006.00000002.2967105677.00000286A39B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: is-FDK6U.tmp.1.dr Binary or memory string: vmcIPK
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115A68B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00007FFE115A68B8
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115AF100 GetProcessHeap, 6_2_00007FFE115AF100
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115A68B8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00007FFE115A68B8
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115A5A4C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 6_2_00007FFE115A5A4C
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115AAC68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00007FFE115AAC68
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files\Beyond Compare 5\BCompare.exe NtQuerySystemInformation: Indirect: 0xB701F5 Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe NtQuerySystemInformation: Indirect: 0xB7012B Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE11595390 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 6_2_00007FFE11595390
Source: BCompare-5.0.5.30614.tmp, 00000001.00000003.2170041651.00000000065B0000.00000004.00001000.00020000.00000000.sdmp, is-8736U.tmp.1.dr, BCShellEx.dll.1.dr Binary or memory string: Progman
Contains functionality to query CPU information (cpuid)
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115B2110 cpuid 6_2_00007FFE115B2110
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE115A6A04 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 6_2_00007FFE115A6A04
Source: C:\Program Files\Beyond Compare 5\BCompare.exe Code function: 6_2_00007FFE1158B8D0 GetVersionExW, 6_2_00007FFE1158B8D0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1592373 Sample: BCompare-5.0.5.30614.exe Startdate: 16/01/2025 Architecture: WINDOWS Score: 15 27 www.scootersoftware.com 2->27 29 scootersoftware.com 2->29 7 BCompare-5.0.5.30614.exe 2 2->7         started        process3 file4 17 C:\Users\user\...\BCompare-5.0.5.30614.tmp, PE32 7->17 dropped 10 BCompare-5.0.5.30614.tmp 49 30 7->10         started        process5 file6 19 C:\Users\user\AppData\Local\...\Is64Bit.dll, PE32 10->19 dropped 21 C:\Program Files\...\BCompare.exe (copy), PE32+ 10->21 dropped 23 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 10->23 dropped 25 24 other files (none is malicious) 10->25 dropped 13 BCompare.exe 6 19 10->13         started        process7 dnsIp8 31 scootersoftware.com 72.32.90.250, 443, 49740 RMH-14US United States 13->31 33 Found direct / indirect Syscall (likely to bypass EDR) 13->33 signatures9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
72.32.90.250
 scootersoftware.com United States
33070 RMH-14US false

Contacted Domains

Name IP Active
scootersoftware.com 72.32.90.250 true
www.scootersoftware.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.scootersoftware.com/checkupdates.php?product=bc5&minor=0&maint=5&auth=30.15&build=30614&edition=prodebug&cpuarch=x86_64&platform=win32&lang=silent false
    		high